deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix Category Listing Bugs

Browse source 
The links to the category listings
were bogus, and the category listing
page needed some XSS-unprotection.
This commit is contained in:
Jacques Distler 2010-05-27 00:27:49 -05:00
parent b5a4e2fd9c
commit a57152d743
6 changed files with 30 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/chunks/category.rb
View file

@ -17,8 +17,8 @@ class Category < Chunk::Abstract
def initialize(match_data, content)
super(match_data, content)
@content = content
@hidden = match_data[1]
# @list = match_data[2].split(',').map { |c| clean = c.purify; clean.strip.escapeHTML if clean }
@list = match_data[2].split(',').map { |c| clean = c.purify.strip.escapeHTML; clean if clean != ''}
@list.compact!
@unmask_text = ''
@ -32,6 +32,7 @@ def initialize(match_data, content)
# TODO move presentation of page metadata to controller/view
def url(category)
%{<a class="category_link" href="../list/#{category}">#{category}</a>}
%{<a class="category_link" href="#{@content.url_generator.url_for :web => @content.web.address,
:action => 'list'}/#{CGI.escape(category)}">#{category}</a>}
end
end