deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Yet More Philip Taylor Phun

Browse source 
Escape page names.

Grrr.
This commit is contained in:
Jacques Distler 2008-03-13 23:02:12 -05:00
parent 8243cf9289
commit 609c5541b9
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/models/page.rb
View file

@ -77,7 +77,7 @@ class Page < ActiveRecord::Base
# Returns the original wiki-word name as separate words, so "MyPage" becomes "My Page". # Returns the original wiki-word name as separate words, so "MyPage" becomes "My Page".
def plain_name def plain_name
web.brackets_only? ? name : WikiWords.separate(name) web.brackets_only? ? CGI.escapeHTML(name) : CGI.escapHTML(WikiWords.separate(name))
end end
LOCKING_PERIOD = 30.minutes LOCKING_PERIOD = 30.minutes

2
app/views/wiki/new.rhtml
View file

@ -1,5 +1,5 @@
<% <%
@title = "Creating #{WikiWords.separate(@page_name)}" @title = "Creating #{CGI.escapeHTML(WikiWords.separate(@page_name))}"
@content_width = 720 @content_width = 720
@hide_navigation = true @hide_navigation = true
%> %>