diff options
| author | Michael Hamann <michael@content-space.de> | 2013-04-21 12:58:46 -0700 |
|---|---|---|
| committer | Michael Hamann <michael@content-space.de> | 2013-04-21 12:58:46 -0700 |
| commit | 9a1c1c52f3c70d6f48bdfc5d0c2cb88b61672088 (patch) | |
| tree | ac62a692403dd2388bb2d702c0552308d352a161 | |
| parent | 313fdae7cd442f7ea3dedf764ee0cfd40e482fd9 (diff) | |
| parent | f755f63a3beef948a8d179c0e0860041f4f86db5 (diff) | |
| download | rpg-9a1c1c52f3c70d6f48bdfc5d0c2cb88b61672088.tar.gz rpg-9a1c1c52f3c70d6f48bdfc5d0c2cb88b61672088.tar.bz2 | |
Merge pull request #211 from splitbrain/nonwikidiffs
Fix double encoding of html diff output in syndicated feeds and subscrition emails
| -rw-r--r-- | feed.php | 10 | ||||
| -rw-r--r-- | inc/DifferenceEngine.php | 2 | ||||
| -rw-r--r-- | inc/subscription.php | 4 |
3 files changed, 10 insertions, 6 deletions
@@ -322,14 +322,15 @@ function rss_buildItems(&$rss, &$data, $opt) { $rev = $revs[0]; if($rev) { - $df = new Diff(explode("\n", htmlspecialchars(rawWiki($id, $rev))), - explode("\n", htmlspecialchars(rawWiki($id, '')))); + $df = new Diff(explode("\n", rawWiki($id, $rev)), + explode("\n", rawWiki($id, ''))); } else { $df = new Diff(array(''), - explode("\n", htmlspecialchars(rawWiki($id, '')))); + explode("\n", rawWiki($id, ''))); } if($opt['item_content'] == 'htmldiff') { + // note: no need to escape diff output, TableDiffFormatter provides 'safe' html $tdf = new TableDiffFormatter(); $content = '<table>'; $content .= '<tr><th colspan="2" width="50%">'.$rev.'</th>'; @@ -337,8 +338,9 @@ function rss_buildItems(&$rss, &$data, $opt) { $content .= $tdf->format($df); $content .= '</table>'; } else { + // note: diff output must be escaped, UnifiedDiffFormatter provides plain text $udf = new UnifiedDiffFormatter(); - $content = "<pre>\n".$udf->format($df)."\n</pre>"; + $content = "<pre>\n".hsc($udf->format($df))."\n</pre>"; } } break; diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php index e0fbf8e03..783d6bea5 100644 --- a/inc/DifferenceEngine.php +++ b/inc/DifferenceEngine.php @@ -1004,6 +1004,8 @@ class InlineWordLevelDiff extends MappedDiff { * "Unified" diff formatter. * * This class formats the diff in classic "unified diff" format. + * + * NOTE: output is plain text and unsafe for use in HTML without escaping. */ class UnifiedDiffFormatter extends DiffFormatter { diff --git a/inc/subscription.php b/inc/subscription.php index 2989de032..4248e4b11 100644 --- a/inc/subscription.php +++ b/inc/subscription.php @@ -408,8 +408,8 @@ class Subscription { $tdiff = $dformat->format($df); $DIFF_INLINESTYLES = true; - $df = new Diff(explode("\n", hsc($old_content)), - explode("\n", hsc($new_content))); + $df = new Diff(explode("\n", $old_content), + explode("\n", $new_content)); $dformat = new InlineDiffFormatter(); $hdiff = $dformat->format($df); $hdiff = '<table>'.$hdiff.'</table>'; |