From 079b3ac10d5d47b9d24320337a7b477f64f060af Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 28 Jul 2012 17:15:20 +0200 Subject: highlight queries from popular serch engines only FS#2448 --- inc/common.php | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index 33da2523a..ac7e744d8 100644 --- a/inc/common.php +++ b/inc/common.php @@ -1197,8 +1197,10 @@ function getGoogleQuery() { } $url = parse_url($_SERVER['HTTP_REFERER']); - $query = array(); + // only handle common SEs + if(!preg_match('/(google|bing|yahoo|ask|duckduckgo|babylon|aol|yandex)/',$url['host'])) return ''; + $query = array(); // temporary workaround against PHP bug #49733 // see http://bugs.php.net/bug.php?id=49733 if(UTF8_MBSTRING) $enc = mb_internal_encoding(); @@ -1206,16 +1208,16 @@ function getGoogleQuery() { if(UTF8_MBSTRING) mb_internal_encoding($enc); $q = ''; - if(isset($query['q'])) - $q = $query['q']; // google, live/msn, aol, ask, altavista, alltheweb, gigablast - elseif(isset($query['p'])) - $q = $query['p']; // yahoo - elseif(isset($query['query'])) - $q = $query['query']; // lycos, netscape, clusty, hotbot - elseif(preg_match("#a9\.com#i", $url['host'])) // a9 - $q = urldecode(ltrim($url['path'], '/')); - - if($q === '') return ''; + if(isset($query['q'])){ + $q = $query['q']; + }elseif(isset($query['p'])){ + $q = $query['p']; + }elseif(isset($query['query'])){ + $q = $query['query']; + } + $q = trim($q); + + if(!$q) return ''; $q = preg_split('/[\s\'"\\\\`()\]\[?:!\.{};,#+*<>\\/]+/', $q, -1, PREG_SPLIT_NO_EMPTY); return $q; } -- cgit v1.2.3 From 00b89f9b24934b93f57c50dbe11f36f5289b704b Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Sat, 8 Sep 2012 15:38:02 +0200 Subject: Fix encoding of special characters in HTML mails FS#2590 Before this change it was possible to send arbitrary HTML content to subscribers, if you are using HTML subscription mails and have untrustworthy editors, it is recommended to upgrade as soon as possible (this doesn't affect the current stable release). --- inc/common.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'inc/common.php') diff --git a/inc/common.php b/inc/common.php index ac7e744d8..20baed6c0 100644 --- a/inc/common.php +++ b/inc/common.php @@ -1150,14 +1150,18 @@ function notify($id, $who, $rev = '', $summary = '', $minor = false, $replace = } elseif($rev) { $subject = $lang['mail_changed'].' '.$id; $trep['OLDPAGE'] = wl($id, "rev=$rev", true, '&'); - $df = new Diff(explode("\n", rawWiki($id, $rev)), - explode("\n", rawWiki($id))); + $old_content = rawWiki($id, $rev); + $new_content = rawWiki($id); + $df = new Diff(explode("\n", $old_content), + explode("\n", $new_content)); $dformat = new UnifiedDiffFormatter(); $tdiff = $dformat->format($df); $DIFF_INLINESTYLES = true; + $hdf = new Diff(explode("\n", hsc($old_content)), + explode("\n", hsc($new_content))); $dformat = new InlineDiffFormatter(); - $hdiff = $dformat->format($df); + $hdiff = $dformat->format($hdf); $hdiff = ''.$hdiff.'
'; $DIFF_INLINESTYLES = false; } else { -- cgit v1.2.3