⌈⌋ branch:  freshcode


Check-in [48c9a8c9e1]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
SHA1:48c9a8c9e131c13c2bc02f6ed12ea428f291b70f
Date: 2014-11-29 17:34:00
User: mario
Comment:Security fix: unescaped original input in diff/page_rc.
Tags And Properties
  • bgcolor=#ffeecc
  • branch=trunk inherited from [82405bb421]
  • sym-trunk inherited from [82405bb421]
Context
2014-12-01
14:21
[eb0d3d81fa] Introduce `X-Content-License:` HTTP header. (user: mario, tags: trunk)
2014-11-29
17:34
[48c9a8c9e1] Security fix: unescaped original input in diff/page_rc. (user: mario, tags: trunk)
09:31
[dd615d6d47] Remove redundant border=/align= from frontpage project index. v0.7.6, readd header "beta" marker+color, Twitter icon in footer. (user: mario, tags: trunk)
Changes

Changes to lib/diff.php.

43
44
45
46
47
48
49
50
51
52
53
54




55
56
57
58
59
60
61
    }

    // markup <ins> and <del> between old and new text blob
    static function htmlDiff($old, $new){
        $ret = '';
        $diff = pdiff::diff(preg_split("/[\s]+/", $old), preg_split("/[\s]+/", $new));
        foreach($diff as $k){
            if(is_array($k))
                $ret .=
                    (!empty($k['d']) ? "<del>" . input::html(implode(' ',$k['d'])) . "</del> " : '').
                    (!empty($k['i']) ? "<ins>" . input::html(implode(' ',$k['i'])) . "</ins> " : '');
            else $ret .= $k . ' ';




        }
        return $ret;
    }

    // Just compare word-wise without between three revisions, without honoring order
    static function triDiff($prev, $curr, $next){
        $ret = '';







|



<
>
>
>
>







43
44
45
46
47
48
49
50
51
52
53

54
55
56
57
58
59
60
61
62
63
64
    }

    // markup <ins> and <del> between old and new text blob
    static function htmlDiff($old, $new){
        $ret = '';
        $diff = pdiff::diff(preg_split("/[\s]+/", $old), preg_split("/[\s]+/", $new));
        foreach($diff as $k){
            if(is_array($k)) {
                $ret .=
                    (!empty($k['d']) ? "<del>" . input::html(implode(' ',$k['d'])) . "</del> " : '').
                    (!empty($k['i']) ? "<ins>" . input::html(implode(' ',$k['i'])) . "</ins> " : '');

            }
            else {
                $ret .= input::html($k) . ' ';
            }
        }
        return $ret;
    }

    // Just compare word-wise without between three revisions, without honoring order
    static function triDiff($prev, $curr, $next){
        $ret = '';