Mercurial > hgrepos > hgweb.cgi > s4
changeset 920:7149f283294b
Header string in SQL should not be htmlescaped
| author | HIROSE Yuuji <yuuji@gentei.org> |
|---|---|
| date | Sun, 10 Jan 2021 10:13:44 +0900 |
| parents | 27edbd91022c |
| children | 7b887bea6ecd |
| files | s4-blog.sh |
| diffstat | 1 files changed, 3 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/s4-blog.sh Fri Jan 08 20:44:40 2021 +0900 +++ b/s4-blog.sh Sun Jan 10 10:13:44 2021 +0900 @@ -762,12 +762,13 @@ brid=$(($brid + 0)) # Ensure to be a number [ $brid = 0 ] && continue time=`getvalbyid blog ctime $brid|colrm 11` - title=`getvalbyid blog title $brid|htmlescape` + title=`getvalbyid blog title $brid` + titleH=`echo "$title"|htmlescape` state=`getvalbyid blog state $brid|htmlescape` tt="handout_$brid" [ "$state" = "frozen" ] && frozen=" $FROZEN_TAG" || frozen="" if [ -z "$CATCSV" ]; then - echo "<h2>$time - <a href=\"?replyblog+$brid\">$title</a>$frozen</h2>" + echo "<h2>$time - <a href=\"?replyblog+$brid\">$titleH</a>$frozen</h2>" lshandoutsub "$owner" $brid "$tt" else lshandoutsub "$owner" $brid "$tt" >/dev/null # Only create temp.table
