⌈⌋ branch:  freshcode


Check-in [48c9a8c9e1]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Security fix: unescaped original input in diff/page_rc.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:48c9a8c9e131c13c2bc02f6ed12ea428f291b70f
User & Date: mario 2014-11-29 17:34:00
Context
2014-12-01
14:21
Introduce `X-Content-License:` HTTP header. check-in: eb0d3d81fa user: mario tags: trunk
2014-11-29
17:34
Security fix: unescaped original input in diff/page_rc. check-in: 48c9a8c9e1 user: mario tags: trunk
09:31
Remove redundant border=/align= from frontpage project index. v0.7.6, readd header "beta" marker+color, Twitter icon in footer. check-in: dd615d6d47 user: mario tags: trunk
Changes

Changes to lib/diff.php.

43
44
45
46
47
48
49
50
51
52
53
54




55
56
57
58
59
60
61
    }

    // markup <ins> and <del> between old and new text blob
    static function htmlDiff($old, $new){
        $ret = '';
        $diff = pdiff::diff(preg_split("/[\s]+/", $old), preg_split("/[\s]+/", $new));
        foreach($diff as $k){
            if(is_array($k))
                $ret .=
                    (!empty($k['d']) ? "<del>" . input::html(implode(' ',$k['d'])) . "</del> " : '').
                    (!empty($k['i']) ? "<ins>" . input::html(implode(' ',$k['i'])) . "</ins> " : '');
            else $ret .= $k . ' ';




        }
        return $ret;
    }

    // Just compare word-wise without between three revisions, without honoring order
    static function triDiff($prev, $curr, $next){
        $ret = '';







|



<
>
>
>
>







43
44
45
46
47
48
49
50
51
52
53

54
55
56
57
58
59
60
61
62
63
64
    }

    // markup <ins> and <del> between old and new text blob
    static function htmlDiff($old, $new){
        $ret = '';
        $diff = pdiff::diff(preg_split("/[\s]+/", $old), preg_split("/[\s]+/", $new));
        foreach($diff as $k){
            if(is_array($k)) {
                $ret .=
                    (!empty($k['d']) ? "<del>" . input::html(implode(' ',$k['d'])) . "</del> " : '').
                    (!empty($k['i']) ? "<ins>" . input::html(implode(' ',$k['i'])) . "</ins> " : '');

            }
            else {
                $ret .= input::html($k) . ' ';
            }
        }
        return $ret;
    }

    // Just compare word-wise without between three revisions, without honoring order
    static function triDiff($prev, $curr, $next){
        $ret = '';