s4
changeset 155:511406c0cbbe
Do HTML escape at value editing
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Tue, 05 Jan 2016 18:47:59 +0859 |
parents | 75598f2d3118 |
children | d46bce9072cd |
files | s4-blog.sh s4-funcs.sh |
diffstat | 2 files changed, 6 insertions(+), 2 deletions(-) [+] |
line diff
1.1 --- a/s4-blog.sh Tue Dec 29 09:50:35 2015 +0859 1.2 +++ b/s4-blog.sh Tue Jan 05 18:47:59 2016 +0859 1.3 @@ -375,7 +375,7 @@ 1.4 <tr id="$id"> 1.5 <td>${edit:+<a href="$elink+$edit">編集</a>} 1.6 <a href="$hlink+$uid">$uname</a> 1.7 -$tm</td><td>`echo "$hte"|unhexize` 1.8 +$tm</td><td>`echo "$hte"|unhexize|htmlescape` 1.9 EOF 1.10 for i in $imgids; do 1.11 mrid=${i%%:*}; i=${i#*:}; sz=`size_h ${i%%:*}`
2.1 --- a/s4-funcs.sh Tue Dec 29 09:50:35 2015 +0859 2.2 +++ b/s4-funcs.sh Tue Jan 05 18:47:59 2016 +0859 2.3 @@ -723,6 +723,10 @@ 2.4 percenthex() { 2.5 hexize $1 | sed 's/\(..\)/%\1/g' 2.6 } 2.7 +htmlescape() { 2.8 + sed -e 's/\&/\&/g' -e 's/"/\"/g' -e "s/'/\'/g" \ 2.9 + -e "s/</\</g; s/>/\>/g" 2.10 +} 2.11 enascii() { 2.12 if [ -z "$enascii" ]; then 2.13 if type kakasi >/dev/null 2>&1; then 2.14 @@ -2447,7 +2451,7 @@ 2.15 form="" val="" 2.16 if [ -n "$rowid" ]; then 2.17 # err genform2a: Seeking for "$2.$name, type=$type" 2.18 - val=`getvalbyid $2 $name $rowid $td` 2.19 + val=`getvalbyid $2 $name $rowid $td|htmlescape` 2.20 err genform3a: getvalbyid $2 $name $rowid $td 2.21 err genform3b: val="[$val]" 2.22 fi