Mercurial > hgrepos > hgweb.cgi > s4
changeset 208:36b6354de5cb
Profile form should escape entities. Apply ^href conversion to Profile
author | HIROSE Yuuji <yuuji@gentei.org> |
---|---|
date | Tue, 26 Apr 2016 08:06:35 +0859 |
parents | 355fcbdc3b49 |
children | 70fa878fe3ea |
files | examples/common/default/default.css s4-blog.sh s4-cgi.sh s4-funcs.sh |
diffstat | 4 files changed, 9 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/examples/common/default/default.css Mon Apr 25 19:47:27 2016 +0859 +++ b/examples/common/default/default.css Tue Apr 26 08:06:35 2016 +0859 @@ -61,6 +61,8 @@ position: fixed; bottom: 0; left: 0; z-index: 2; background-color: rgba(250,222,222,0.6); } +div.blogcomment textarea:focus {background: yellow; + position: fixed; top: 0; bottom: auto; } div.blogcomment * {opacity: 1.0;} table.bloghead, .bloghead tr, .bloghead td { border: 1px solid black; border-collapse: collapse;
--- a/s4-blog.sh Mon Apr 25 19:47:27 2016 +0859 +++ b/s4-blog.sh Tue Apr 26 08:06:35 2016 +0859 @@ -216,7 +216,7 @@ $tm ${notify:+$nt}</td><td>`echo "$hte"|unhexize|htmlescape` EOF - sed -e "s|^href=\([-A-Za-z0-9,.:/~_%#&+?]*\)|<a &>\1</a>|" + hreflink for i in $imgids; do mrid=${i%%:*}; i=${i#*:}; sz=`size_h ${i%%:*}` fn=`echo "${i#*:}"|unhexize`
--- a/s4-cgi.sh Mon Apr 25 19:47:27 2016 +0859 +++ b/s4-cgi.sh Tue Apr 26 08:06:35 2016 +0859 @@ -82,7 +82,7 @@ esac fi - val="`cat $dir/$file`" + val="`cat $dir/$file|htmlescape`" cat<<EOF <tr><td>($i)</td><td> <input class="action" type="radio" name="action.$vname" id="keep.$vname"
--- a/s4-funcs.sh Mon Apr 25 19:47:27 2016 +0859 +++ b/s4-funcs.sh Tue Apr 26 08:06:35 2016 +0859 @@ -427,6 +427,9 @@ fi echo "\">`gecos $1`</a>" } +hreflink() { + sed -e "s|^href=\([-A-Za-z0-9,.:/~_%#&+?]*\)|<a &>\1</a>|" +} acclog() ( # $1=table, $2=rowid n=${2%%[!0-9]*} # Remove non-digit chars from $2(should be rowid) @@ -2573,7 +2576,8 @@ form=`$cgiform $name $td` val=$(echo "$val"| while read fn; do - echo "<tr><td>`cat $td/$fn`</td></tr>$nl" + echo "<tr><td>`cat $td/$fn|htmlescape|hreflink` + </td></tr>$nl" done) val="<table>$nl$val$nl</table>" else