slitaz-dev-tools diff tazwikiss/rootfs/var/www/wiki/index.sh @ rev 245

tazwikiss: use sedesc()
author Pascal Bellard <pascal.bellard@slitaz.org>
date Wed Sep 02 10:14:11 2015 +0200 (2015-09-02)
parents ea02fe275b3f
children 4b5cb7cab042
line diff
     1.1 --- a/tazwikiss/rootfs/var/www/wiki/index.sh	Thu Aug 20 21:26:04 2015 +0200
     1.2 +++ b/tazwikiss/rootfs/var/www/wiki/index.sh	Wed Sep 02 10:14:11 2015 +0200
     1.3 @@ -56,6 +56,12 @@
     1.4  	cache_auth "$PASSWORD"
     1.5  }
     1.6  
     1.7 +sedesc()
     1.8 +{
     1.9 +	echo "$1" | sed 's|[/&"]|\\&|g' | \
    1.10 +		sed ':a;N;$!ba;s|\n|\\n|g;s|'$(echo -en "\r")'||g'
    1.11 +}
    1.12 +
    1.13  plugin_call_method()
    1.14  {
    1.15  	local status
    1.16 @@ -154,7 +160,7 @@
    1.17  EOT
    1.18  )"
    1.19  else
    1.20 -	CONTENT="$(sed -e "s#%page%#$PAGE_TITLE#" <<EOT
    1.21 +	CONTENT="$(sed -e "s/%page%/$(sedesc "$PAGE_TITLE")/" <<EOT
    1.22  $DEFAULT_CONTENT
    1.23  EOT
    1.24  )"
    1.25 @@ -320,7 +326,7 @@
    1.26  		 	-e 's/(phone)/\&#9742;/' -e 's/(wphone)/\&#9743;/' \
    1.27  		 	-e 's/(skull)/\&#9760;/' -e 's/(radioactive)/\&#9762;/' \
    1.28  		 	-e 's/(sad)/\&#9785;/'  -e 's/(smile)/\&#9786;/' \
    1.29 -		 	-e 's/(recycle)/\&#9742;/' -e 's/(wheelchair)/\&#9755;/' \
    1.30 +		 	-e 's/(recycle)/\&#9842;/' -e 's/(wheelchair)/\&#9855;/' \
    1.31  		 	-e 's/(wflag)/\&#9872;/' -e 's/(bflag)/\&#9873;/' \
    1.32  		 	-e 's/(anchor)/\&#9875;/' -e 's/(flower)/\&#9880;/' \
    1.33  		 	-e 's/(gear)/\&#9881;/' -e 's/(volt)/\&#9889;/' \
    1.34 @@ -375,8 +381,8 @@
    1.35  EOT
    1.36  )"
    1.37  		while read link; do
    1.38 -			[ -s $PAGES_DIR$link.txt ] && continue
    1.39 -			CONTENT="$(sed "s|\\?page=$link\"|& class=\"pending\"|" <<EOT
    1.40 +			[ -s "$PAGES_DIR$link.txt" ] && continue
    1.41 +			CONTENT="$(sed "s/\\?page=$(sedesc "$link")\"/& class=\"pending\"/" <<EOT
    1.42  $CONTENT
    1.43  EOT
    1.44  )"
    1.45 @@ -410,7 +416,7 @@
    1.46  	<h$i><a href="#$label">$line</a></h$i>
    1.47  EOT
    1.48  )"
    1.49 -				CONTENT="$(sed "s#^!!* *$line\$#<h$i><a name=\"$label\">$line</a></h$i>#" <<EOT
    1.50 +				CONTENT="$(sed "s/^!!* *$(sedesc "$line")\$/<h$i><a name=\"$label\">$(sedesc "$line")<\/a><\/h$i>/" <<EOT
    1.51  $CONTENT
    1.52  EOT
    1.53  )"
    1.54 @@ -462,10 +468,10 @@
    1.55  [ "$action" != "edit" ] && HELP=""
    1.56  
    1.57  [ -r "$template" ] || die "'$template' is missing!"
    1.58 -html="$(sed -e "s#{\([^}]*\)RECENT_CHANGES\([^}]*\)}#\1$RECENT\2#" \
    1.59 -           -e "s#{\([^}]*\)HOME\([^}]*\)}#\1$HOME\2#" \
    1.60 -           -e "s#{\([^}]*\)HELP\([^}]*\)}#$HELP#" \
    1.61 -           -e "s#{SEARCH}#<form method=\"get\" action=\"$urlbase?page=$(urlencode "$PAGE_TITLE" | sed 's/#/\\#/g')\"><div><input type=\"hidden\" name=\"action\" value=\"search\" /><input type=\"text\" name=\"query\" value=\"$(htmlentities $(GET query) )\" tabindex=\"1\" /> <input type=\"submit\" value=\"$SEARCH_BUTTON\" accesskey=\"q\" /></div></form>#" \
    1.62 +html="$(sed -e "s/{\([^}]*\)RECENT_CHANGES\([^}]*\)}/\1$(sedesc "$RECENT")\2/" \
    1.63 +           -e "s/{\([^}]*\)HOME\([^}]*\)}/\1$(sedesc "$HOME")\2/" \
    1.64 +           -e "s/{\([^}]*\)HELP\([^}]*\)}/$(sedesc "$HELP")/" \
    1.65 +           -e "s/{SEARCH}/<form method=\"get\" action=\"$(sedesc "$urlbase?page=$(urlencode "$PAGE_TITLE" | sed 's/#/\\#/g')")\"><div><input type=\"hidden\" name=\"action\" value=\"search\" \/><input type=\"text\" name=\"query\" value=\"$(sedesc "$(htmlentities $(GET query) )")\" tabindex=\"1\" \/> <input type=\"submit\" value=\"$(sedesc "$SEARCH_BUTTON")\" accesskey=\"q\" \/><\/div><\/form>/" \
    1.66             < $template )"
    1.67  [ "$action" != "" -a "$action" != "edit" -o ! -e "$PAGE_txt" ] && TIME="-"
    1.68  plugin_call_method template
    1.69 @@ -478,37 +484,31 @@
    1.70  if $editable ; then
    1.71  	EDIT="$PROTECTED_BUTTON"
    1.72  	[ -w "$PAGE_txt" -o ! -e "$PAGE_txt" ] &&
    1.73 -        EDIT="<a href=\"$urlbase?page=$(urlencode "$PAGE_TITLE")\&amp;action=edit\" accesskey=\"5\" rel=\"nofollow\">$EDIT_BUTTON</a>"
    1.74 +        EDIT="<a href=\"$urlbase?page=$(urlencode "$PAGE_TITLE")&amp;action=edit\" accesskey=\"5\" rel=\"nofollow\">$EDIT_BUTTON</a>"
    1.75  fi
    1.76  [ -n "$toc" ] && toc="\1$toc\2"
    1.77  AUTH_GET=""
    1.78  AUTH_POST=""
    1.79  if authentified; then
    1.80 -	AUTH_GET="auth=$AUTH\&"
    1.81 +	AUTH_GET="auth=$AUTH&"
    1.82  	AUTH_POST="\n<input type=\"hidden\" name=\"auth\" value=\"$AUTH\" />"
    1.83  fi
    1.84  
    1.85  header "Content-type: text/html"
    1.86 -sed	-e "s#{ERROR}#$ERROR#"		-e "s#{WIKI_TITLE}#$WIKI_TITLE#" \
    1.87 -	-e "s|{\([^}]*\)HISTORY\([^}]*\)}|${HISTORY//&/\&}|" \
    1.88 -	-e "s|{PAGE_TITLE}|${PAGE_TITLE_str//&/\&}|" \
    1.89 -	-e "s|{\([^}]*\)EDIT\([^}]*\)}|\1${EDIT//&/\&}\2|" \
    1.90 -	-e "s|{\([^}]*\)TOC\([^}]*\)}|$(awk '{ printf "%s\\n" $0 }' <<EOT | \
    1.91 -		sed -e 's/&/\\\&/g' -e 's/|/\\|/g'
    1.92 -$toc
    1.93 -EOT
    1.94 -)|" \
    1.95 -	-e "s#{PAGE_TITLE_BRUT}#$(htmlentities "$PAGE_TITLE")#" \
    1.96 -	-e "s#{LAST_CHANGE}#$LAST_CHANGES :#" \
    1.97 -	-e "s#{CONTENT}#$(awk '{ printf "%s\\n" $0 }' <<EOT | \
    1.98 -		sed -e 's/&/\\\&/g' -e 's/#/\\#/g'
    1.99 -$CONTENT
   1.100 -EOT
   1.101 -)#" \
   1.102 -	-e "s#{LANG}#$LANG#"		-e "s#href=\"?#href=\"$urlbase?#g" \
   1.103 -	-e "s#$urlbase?#&$AUTH_GET#g" -e "s#action=\"$urlbase\">#&$AUTH_POST#g" \
   1.104 -	-e "s#{WIKI_VERSION}#$WIKI_VERSION#" \
   1.105 -	-e "s#{TIME}#$TIME#"		-e "s#{DATE}#$datew#" \
   1.106 -	-e "s#{IP}#$REMOTE_ADDR#"	-e "s#{COOKIE}##" <<EOT
   1.107 +sed	-e "s/{ERROR}/$(sedesc "$ERROR")/" \
   1.108 +	-e "s/{WIKI_TITLE}/$(sedesc "$WIKI_TITLE")/" \
   1.109 +	-e "s/{\([^}]*\)HISTORY\([^}]*\)}/$(sedesc "$HISTORY")/" \
   1.110 +	-e "s/{PAGE_TITLE}/$(sedesc "$PAGE_TITLE_str")/" \
   1.111 +	-e "s/{\([^}]*\)EDIT\([^}]*\)}/\1$(sedesc "$EDIT")\2/" \
   1.112 +	-e "s/{\([^}]*\)TOC\([^}]*\)}/$(sedesc "$TOC")/" \
   1.113 +	-e "s/{PAGE_TITLE_BRUT}/$(sedesc "$(htmlentities "$PAGE_TITLE")")/" \
   1.114 +	-e "s/{LAST_CHANGE}/$(sedesc "$LAST_CHANGES") :/" \
   1.115 +	-e "s/{CONTENT}/$(sedesc "$CONTENT")/" \
   1.116 +	-e "s/{LANG}/$(sedesc "$LANG")/" \
   1.117 +	-e "s/href=\"?/href=\"$(sedesc "$urlbase?$AUTH_GET")/g" \
   1.118 +	-e "s/action=\"$(sedesc "$urlbase")\">/&$(sedesc "$AUTH_POST")/g" \
   1.119 +	-e "s/{WIKI_VERSION}/$(sedesc "$WIKI_VERSION")/" \
   1.120 +	-e "s/{TIME}/$(sedesc "$TIME")/" -e "s/{DATE}/$(sedesc "$datew")/" \
   1.121 +	-e "s/{IP}/$REMOTE_ADDR/" -e "s/{COOKIE}//" -e "s/{RSS}//" <<EOT
   1.122  $html
   1.123  EOT