includes/pageutils.php
changeset 81 d7fc25acd3f3
parent 78 4df25dfdde63
child 102 d807dcd7aed7
--- a/includes/pageutils.php	Wed Aug 01 13:39:27 2007 -0400
+++ b/includes/pageutils.php	Sun Aug 05 15:58:50 2007 -0400
@@ -608,13 +608,14 @@
         
         // Action taken
         echo '<td class="'.$cls.'">';
+        // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
         if    ($r['action']=='prot')     echo 'Protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
         elseif($r['action']=='unprot')   echo 'Unprotected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
         elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
-        elseif($r['action']=='rename')   echo 'Renamed page</td><td class="'.$cls.'">Old title: '.$r['edit_summary'];
+        elseif($r['action']=='rename')   echo 'Renamed page</td><td class="'.$cls.'">Old title: '.htmlspecialchars($r['edit_summary']);
         elseif($r['action']=='create')   echo 'Created page</td><td class="'.$cls.'">';
         elseif($r['action']=='delete')   echo 'Deleted page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
-        elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
+        elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="'.$cls.'">Reason: '.htmlspecialchars($r['edit_summary']);
         echo '</td>';
         
         // Actions!