[geeklog-cvs] Geeklog-1.x/system/classes story.class.php, 1.21, 1.22
Michael Jervis
mjervis at qs1489.pair.com
Tue Feb 19 12:47:32 EST 2008
Update of /cvsroot/geeklog/Geeklog-1.x/system/classes
In directory qs1489.pair.com:/tmp/cvs-serv69148/system/classes
Modified Files:
story.class.php
Log Message:
Correctly handle escaping in HTML postmode of non-[raw] and non-[code] blocks.
Index: story.class.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/classes/story.class.php,v
retrieving revision 1.21
retrieving revision 1.22
diff -C2 -d -r1.21 -r1.22
*** story.class.php 18 Feb 2008 19:42:13 -0000 1.21
--- story.class.php 19 Feb 2008 17:47:30 -0000 1.22
***************
*** 1484,1494 ****
{
if (($this->_postmode == 'html') || ($this->_postmode == 'wikitext')) {
! // Standard named items, plus the three we do in _displayEscape and
! // others I know off-hand.
! //$replacefrom = array('<', '>', '&', '$', '{', '}', '\');
! //$replaceto = array('<', '>', '&', '$', '{', '}', '\\');
! //$return = str_replace($replacefrom, $replaceto, $in);
! //return $return;
! return html_entity_decode($in);
} else {
// advanced editor or plaintext can handle themselves...
--- 1484,1560 ----
{
if (($this->_postmode == 'html') || ($this->_postmode == 'wikitext')) {
! /* Raw and code blocks need entity decoding. Other areas do not.
! * otherwise, annoyingly, < will end up as < on preview 1, on
! * preview 2 it'll be stripped by KSES. Can't beleive I missed that
! * in rewrite phase 1.
! *
! * First, raw
! */
! $inlower = MBYTE_strtolower($in);
! $buffer = $in;
! $start_pos = MBYTE_strpos($inlower, '[raw]');
! if( $start_pos !== false ) {
! $out = '';
! while( $start_pos !== false ) {
! /* Copy in to start to out */
! $out .= MBYTE_substr($in, 0, $start_pos);
! /* Find end */
! $end_pos = MBYTE_strpos($inlower, '[raw]');
! if( $end_pos !== false ) {
! /* Encode body and append to out */
! $encoded = html_entity_decode(MBYTE_substr($buffer, $start_pos, $end_pos - $start_pos));
! $out .= $encoded;
! /* Nibble in */
! $inlower = MBYTE_substr($inlower, $end_pos);
! $buffer = MBYTE_substr($buffer, $end_pos);
! } else { // missing [/raw]
! // Treat the remainder as code, but this should have been
! // checked prior to calling:
! $out .= html_entity_decode(MBYTE_substr($buffer, $start_pos + 5));
! $inlower = '';
! }
! $start_pos = MBYTE_strpos($linlower, '[raw]');
! }
! // Append remainder:
! if( $buffer != '' ) {
! $out .= $buffer;
! }
! $in = $out;
! }
! /*
! * Then, code
! */
! $inlower = MBYTE_strtolower($in);
! $buffer = $in;
! $start_pos = MBYTE_strpos($inlower, '[code]');
! if( $start_pos !== false ) {
! $out = '';
! while( $start_pos !== false ) {
! /* Copy in to start to out */
! $out .= MBYTE_substr($in, 0, $start_pos);
! /* Find end */
! $end_pos = MBYTE_strpos($inlower, '[code]');
! if( $end_pos !== false ) {
! /* Encode body and append to out */
! $encoded = html_entity_decode(MBYTE_substr($buffer, $start_pos, $end_pos - $start_pos));
! $out .= $encoded;
! /* Nibble in */
! $inlower = MBYTE_substr($inlower, $end_pos);
! $buffer = MBYTE_substr($buffer, $end_pos);
! } else { // missing [/code]
! // Treat the remainder as code, but this should have been
! // checked prior to calling:
! $out .= html_entity_decode(MBYTE_substr($buffer, $start_pos + 6));
! $inlower = '';
! }
! $start_pos = MBYTE_strpos($linlower, '[code]');
! }
! // Append remainder:
! if( $buffer != '' ) {
! $out .= $buffer;
! }
! $in = $out;
! }
! return $in;
} else {
// advanced editor or plaintext can handle themselves...
More information about the geeklog-cvs
mailing list