s4
changeset 208:36b6354de5cb
Profile form should escape entities. Apply ^href conversion to Profile
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Tue, 26 Apr 2016 08:06:35 +0859 |
parents | 355fcbdc3b49 |
children | 70fa878fe3ea |
files | examples/common/default/default.css s4-blog.sh s4-cgi.sh s4-funcs.sh |
diffstat | 4 files changed, 9 insertions(+), 3 deletions(-) [+] |
line diff
1.1 --- a/examples/common/default/default.css Mon Apr 25 19:47:27 2016 +0859 1.2 +++ b/examples/common/default/default.css Tue Apr 26 08:06:35 2016 +0859 1.3 @@ -61,6 +61,8 @@ 1.4 position: fixed; bottom: 0; left: 0; 1.5 z-index: 2; background-color: rgba(250,222,222,0.6); 1.6 } 1.7 +div.blogcomment textarea:focus {background: yellow; 1.8 + position: fixed; top: 0; bottom: auto; } 1.9 div.blogcomment * {opacity: 1.0;} 1.10 table.bloghead, .bloghead tr, .bloghead td { 1.11 border: 1px solid black; border-collapse: collapse;
2.1 --- a/s4-blog.sh Mon Apr 25 19:47:27 2016 +0859 2.2 +++ b/s4-blog.sh Tue Apr 26 08:06:35 2016 +0859 2.3 @@ -216,7 +216,7 @@ 2.4 $tm 2.5 ${notify:+$nt}</td><td>`echo "$hte"|unhexize|htmlescape` 2.6 EOF 2.7 - sed -e "s|^href=\([-A-Za-z0-9,.:/~_%#&+?]*\)|<a &>\1</a>|" 2.8 + hreflink 2.9 for i in $imgids; do 2.10 mrid=${i%%:*}; i=${i#*:}; sz=`size_h ${i%%:*}` 2.11 fn=`echo "${i#*:}"|unhexize`
3.1 --- a/s4-cgi.sh Mon Apr 25 19:47:27 2016 +0859 3.2 +++ b/s4-cgi.sh Tue Apr 26 08:06:35 2016 +0859 3.3 @@ -82,7 +82,7 @@ 3.4 3.5 esac 3.6 fi 3.7 - val="`cat $dir/$file`" 3.8 + val="`cat $dir/$file|htmlescape`" 3.9 cat<<EOF 3.10 <tr><td>($i)</td><td> 3.11 <input class="action" type="radio" name="action.$vname" id="keep.$vname"
4.1 --- a/s4-funcs.sh Mon Apr 25 19:47:27 2016 +0859 4.2 +++ b/s4-funcs.sh Tue Apr 26 08:06:35 2016 +0859 4.3 @@ -427,6 +427,9 @@ 4.4 fi 4.5 echo "\">`gecos $1`</a>" 4.6 } 4.7 +hreflink() { 4.8 + sed -e "s|^href=\([-A-Za-z0-9,.:/~_%#&+?]*\)|<a &>\1</a>|" 4.9 +} 4.10 acclog() ( 4.11 # $1=table, $2=rowid 4.12 n=${2%%[!0-9]*} # Remove non-digit chars from $2(should be rowid) 4.13 @@ -2573,7 +2576,8 @@ 4.14 form=`$cgiform $name $td` 4.15 val=$(echo "$val"| 4.16 while read fn; do 4.17 - echo "<tr><td>`cat $td/$fn`</td></tr>$nl" 4.18 + echo "<tr><td>`cat $td/$fn|htmlescape|hreflink` 4.19 + </td></tr>$nl" 4.20 done) 4.21 val="<table>$nl$val$nl</table>" 4.22 else