Check-in [48c9a8c9e1]
Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Security fix: unescaped original input in diff/page_rc. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
48c9a8c9e131c13c2bc02f6ed12ea428 |
| User & Date: | mario 2014-11-29 17:34:00 |
Context
|
2014-12-01
| ||
| 14:21 | Introduce `X-Content-License:` HTTP header. check-in: eb0d3d81fa user: mario tags: trunk | |
|
2014-11-29
| ||
| 17:34 | Security fix: unescaped original input in diff/page_rc. check-in: 48c9a8c9e1 user: mario tags: trunk | |
| 09:31 | Remove redundant border=/align= from frontpage project index. v0.7.6, readd header "beta" marker+color, Twitter icon in footer. check-in: dd615d6d47 user: mario tags: trunk | |
Changes
Changes to lib/diff.php.
| ︙ | ︙ | |||
43 44 45 46 47 48 49 |
}
// markup <ins> and <del> between old and new text blob
static function htmlDiff($old, $new){
$ret = '';
$diff = pdiff::diff(preg_split("/[\s]+/", $old), preg_split("/[\s]+/", $new));
foreach($diff as $k){
| | > | > > | 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
}
// markup <ins> and <del> between old and new text blob
static function htmlDiff($old, $new){
$ret = '';
$diff = pdiff::diff(preg_split("/[\s]+/", $old), preg_split("/[\s]+/", $new));
foreach($diff as $k){
if(is_array($k)) {
$ret .=
(!empty($k['d']) ? "<del>" . input::html(implode(' ',$k['d'])) . "</del> " : '').
(!empty($k['i']) ? "<ins>" . input::html(implode(' ',$k['i'])) . "</ins> " : '');
}
else {
$ret .= input::html($k) . ' ';
}
}
return $ret;
}
// Just compare word-wise without between three revisions, without honoring order
static function triDiff($prev, $curr, $next){
$ret = '';
|
| ︙ | ︙ |