s4

changeset 208:36b6354de5cb

find changesets by author, revision, files, or words in the commit message
Profile form should escape entities. Apply ^href conversion to Profile
author HIROSE Yuuji <yuuji@gentei.org>
date Tue, 26 Apr 2016 08:06:35 +0859
parents 355fcbdc3b49
children 70fa878fe3ea
files examples/common/default/default.css s4-blog.sh s4-cgi.sh s4-funcs.sh
diffstat 4 files changed, 9 insertions(+), 3 deletions(-) [+]
line diff
     1.1 --- a/examples/common/default/default.css	Mon Apr 25 19:47:27 2016 +0859
     1.2 +++ b/examples/common/default/default.css	Tue Apr 26 08:06:35 2016 +0859
     1.3 @@ -61,6 +61,8 @@
     1.4      position: fixed; bottom: 0; left: 0;
     1.5      z-index: 2; background-color: rgba(250,222,222,0.6);
     1.6  }
     1.7 +div.blogcomment textarea:focus {background: yellow;
     1.8 +    position: fixed; top: 0; bottom: auto; }
     1.9  div.blogcomment * {opacity: 1.0;}
    1.10  table.bloghead, .bloghead tr, .bloghead td {
    1.11      border: 1px solid black; border-collapse: collapse;

     2.1 --- a/s4-blog.sh	Mon Apr 25 19:47:27 2016 +0859
     2.2 +++ b/s4-blog.sh	Tue Apr 26 08:06:35 2016 +0859
     2.3 @@ -216,7 +216,7 @@
     2.4  $tm
     2.5  ${notify:+$nt}</td><td>`echo "$hte"|unhexize|htmlescape`
     2.6  EOF
     2.7 -      sed -e "s|^href=\([-A-Za-z0-9,.:/~_%#&+?]*\)|<a &>\1</a>|"
     2.8 +      hreflink
     2.9        for i in $imgids; do
    2.10  	mrid=${i%%:*}; i=${i#*:}; sz=`size_h ${i%%:*}`
    2.11  	fn=`echo "${i#*:}"|unhexize`

     3.1 --- a/s4-cgi.sh	Mon Apr 25 19:47:27 2016 +0859
     3.2 +++ b/s4-cgi.sh	Tue Apr 26 08:06:35 2016 +0859
     3.3 @@ -82,7 +82,7 @@
     3.4  	
     3.5        esac
     3.6      fi
     3.7 -    val="`cat $dir/$file`"
     3.8 +    val="`cat $dir/$file|htmlescape`"
     3.9      cat<<EOF
    3.10   <tr><td>($i)</td><td>
    3.11  <input class="action" type="radio" name="action.$vname" id="keep.$vname"

     4.1 --- a/s4-funcs.sh	Mon Apr 25 19:47:27 2016 +0859
     4.2 +++ b/s4-funcs.sh	Tue Apr 26 08:06:35 2016 +0859
     4.3 @@ -427,6 +427,9 @@
     4.4    fi
     4.5    echo  "\">`gecos $1`</a>"
     4.6  }
     4.7 +hreflink() {
     4.8 +  sed -e "s|^href=\([-A-Za-z0-9,.:/~_%#&+?]*\)|<a &>\1</a>|"
     4.9 +}
    4.10  acclog() (
    4.11    # $1=table, $2=rowid
    4.12    n=${2%%[!0-9]*}	# Remove non-digit chars from $2(should be rowid)
    4.13 @@ -2573,7 +2576,8 @@
    4.14  	  form=`$cgiform $name $td`
    4.15  	  val=$(echo "$val"|
    4.16  		     while read fn; do
    4.17 -		       echo "<tr><td>`cat $td/$fn`</td></tr>$nl"
    4.18 +		       echo "<tr><td>`cat $td/$fn|htmlescape|hreflink`
    4.19 +			</td></tr>$nl"
    4.20  		     done)
    4.21  	  val="<table>$nl$val$nl</table>"
    4.22  	else