From 609c5541b941c9d8736b6e7f3150fd35846edf9a Mon Sep 17 00:00:00 2001
From: Jacques Distler <distler@golem.ph.utexas.edu>
Date: Thu, 13 Mar 2008 23:02:12 -0500
Subject: [PATCH] Yet More Philip Taylor Phun

Escape page names.

Grrr.
---
 app/models/page.rb       | 2 +-
 app/views/wiki/new.rhtml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/models/page.rb b/app/models/page.rb
index 9861c6e9..2c9d09ce 100644
--- a/app/models/page.rb
+++ b/app/models/page.rb
@@ -77,7 +77,7 @@ class Page < ActiveRecord::Base
 
   # Returns the original wiki-word name as separate words, so "MyPage" becomes "My Page".
   def plain_name
-    web.brackets_only? ? name : WikiWords.separate(name)
+    web.brackets_only? ? CGI.escapeHTML(name) : CGI.escapHTML(WikiWords.separate(name))
   end
 
   LOCKING_PERIOD = 30.minutes
diff --git a/app/views/wiki/new.rhtml b/app/views/wiki/new.rhtml
index 967fa1d4..7acb8655 100644
--- a/app/views/wiki/new.rhtml
+++ b/app/views/wiki/new.rhtml
@@ -1,5 +1,5 @@
 <% 
-  @title = "Creating #{WikiWords.separate(@page_name)}"
+  @title = "Creating #{CGI.escapeHTML(WikiWords.separate(@page_name))}"
   @content_width = 720
   @hide_navigation = true
 %>