slitaz-dev-tools diff tazwikiss/rootfs/var/www/wiki/index.sh @ rev 245
tazwikiss: use sedesc()
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Wed Sep 02 10:14:11 2015 +0200 (2015-09-02) |
parents | ea02fe275b3f |
children | 4b5cb7cab042 |
line diff
1.1 --- a/tazwikiss/rootfs/var/www/wiki/index.sh Thu Aug 20 21:26:04 2015 +0200 1.2 +++ b/tazwikiss/rootfs/var/www/wiki/index.sh Wed Sep 02 10:14:11 2015 +0200 1.3 @@ -56,6 +56,12 @@ 1.4 cache_auth "$PASSWORD" 1.5 } 1.6 1.7 +sedesc() 1.8 +{ 1.9 + echo "$1" | sed 's|[/&"]|\\&|g' | \ 1.10 + sed ':a;N;$!ba;s|\n|\\n|g;s|'$(echo -en "\r")'||g' 1.11 +} 1.12 + 1.13 plugin_call_method() 1.14 { 1.15 local status 1.16 @@ -154,7 +160,7 @@ 1.17 EOT 1.18 )" 1.19 else 1.20 - CONTENT="$(sed -e "s#%page%#$PAGE_TITLE#" <<EOT 1.21 + CONTENT="$(sed -e "s/%page%/$(sedesc "$PAGE_TITLE")/" <<EOT 1.22 $DEFAULT_CONTENT 1.23 EOT 1.24 )" 1.25 @@ -320,7 +326,7 @@ 1.26 -e 's/(phone)/\☎/' -e 's/(wphone)/\☏/' \ 1.27 -e 's/(skull)/\☠/' -e 's/(radioactive)/\☢/' \ 1.28 -e 's/(sad)/\☹/' -e 's/(smile)/\☺/' \ 1.29 - -e 's/(recycle)/\☎/' -e 's/(wheelchair)/\☛/' \ 1.30 + -e 's/(recycle)/\♲/' -e 's/(wheelchair)/\♿/' \ 1.31 -e 's/(wflag)/\⚐/' -e 's/(bflag)/\⚑/' \ 1.32 -e 's/(anchor)/\⚓/' -e 's/(flower)/\⚘/' \ 1.33 -e 's/(gear)/\⚙/' -e 's/(volt)/\⚡/' \ 1.34 @@ -375,8 +381,8 @@ 1.35 EOT 1.36 )" 1.37 while read link; do 1.38 - [ -s $PAGES_DIR$link.txt ] && continue 1.39 - CONTENT="$(sed "s|\\?page=$link\"|& class=\"pending\"|" <<EOT 1.40 + [ -s "$PAGES_DIR$link.txt" ] && continue 1.41 + CONTENT="$(sed "s/\\?page=$(sedesc "$link")\"/& class=\"pending\"/" <<EOT 1.42 $CONTENT 1.43 EOT 1.44 )" 1.45 @@ -410,7 +416,7 @@ 1.46 <h$i><a href="#$label">$line</a></h$i> 1.47 EOT 1.48 )" 1.49 - CONTENT="$(sed "s#^!!* *$line\$#<h$i><a name=\"$label\">$line</a></h$i>#" <<EOT 1.50 + CONTENT="$(sed "s/^!!* *$(sedesc "$line")\$/<h$i><a name=\"$label\">$(sedesc "$line")<\/a><\/h$i>/" <<EOT 1.51 $CONTENT 1.52 EOT 1.53 )" 1.54 @@ -462,10 +468,10 @@ 1.55 [ "$action" != "edit" ] && HELP="" 1.56 1.57 [ -r "$template" ] || die "'$template' is missing!" 1.58 -html="$(sed -e "s#{\([^}]*\)RECENT_CHANGES\([^}]*\)}#\1$RECENT\2#" \ 1.59 - -e "s#{\([^}]*\)HOME\([^}]*\)}#\1$HOME\2#" \ 1.60 - -e "s#{\([^}]*\)HELP\([^}]*\)}#$HELP#" \ 1.61 - -e "s#{SEARCH}#<form method=\"get\" action=\"$urlbase?page=$(urlencode "$PAGE_TITLE" | sed 's/#/\\#/g')\"><div><input type=\"hidden\" name=\"action\" value=\"search\" /><input type=\"text\" name=\"query\" value=\"$(htmlentities $(GET query) )\" tabindex=\"1\" /> <input type=\"submit\" value=\"$SEARCH_BUTTON\" accesskey=\"q\" /></div></form>#" \ 1.62 +html="$(sed -e "s/{\([^}]*\)RECENT_CHANGES\([^}]*\)}/\1$(sedesc "$RECENT")\2/" \ 1.63 + -e "s/{\([^}]*\)HOME\([^}]*\)}/\1$(sedesc "$HOME")\2/" \ 1.64 + -e "s/{\([^}]*\)HELP\([^}]*\)}/$(sedesc "$HELP")/" \ 1.65 + -e "s/{SEARCH}/<form method=\"get\" action=\"$(sedesc "$urlbase?page=$(urlencode "$PAGE_TITLE" | sed 's/#/\\#/g')")\"><div><input type=\"hidden\" name=\"action\" value=\"search\" \/><input type=\"text\" name=\"query\" value=\"$(sedesc "$(htmlentities $(GET query) )")\" tabindex=\"1\" \/> <input type=\"submit\" value=\"$(sedesc "$SEARCH_BUTTON")\" accesskey=\"q\" \/><\/div><\/form>/" \ 1.66 < $template )" 1.67 [ "$action" != "" -a "$action" != "edit" -o ! -e "$PAGE_txt" ] && TIME="-" 1.68 plugin_call_method template 1.69 @@ -478,37 +484,31 @@ 1.70 if $editable ; then 1.71 EDIT="$PROTECTED_BUTTON" 1.72 [ -w "$PAGE_txt" -o ! -e "$PAGE_txt" ] && 1.73 - EDIT="<a href=\"$urlbase?page=$(urlencode "$PAGE_TITLE")\&action=edit\" accesskey=\"5\" rel=\"nofollow\">$EDIT_BUTTON</a>" 1.74 + EDIT="<a href=\"$urlbase?page=$(urlencode "$PAGE_TITLE")&action=edit\" accesskey=\"5\" rel=\"nofollow\">$EDIT_BUTTON</a>" 1.75 fi 1.76 [ -n "$toc" ] && toc="\1$toc\2" 1.77 AUTH_GET="" 1.78 AUTH_POST="" 1.79 if authentified; then 1.80 - AUTH_GET="auth=$AUTH\&" 1.81 + AUTH_GET="auth=$AUTH&" 1.82 AUTH_POST="\n<input type=\"hidden\" name=\"auth\" value=\"$AUTH\" />" 1.83 fi 1.84 1.85 header "Content-type: text/html" 1.86 -sed -e "s#{ERROR}#$ERROR#" -e "s#{WIKI_TITLE}#$WIKI_TITLE#" \ 1.87 - -e "s|{\([^}]*\)HISTORY\([^}]*\)}|${HISTORY//&/\&}|" \ 1.88 - -e "s|{PAGE_TITLE}|${PAGE_TITLE_str//&/\&}|" \ 1.89 - -e "s|{\([^}]*\)EDIT\([^}]*\)}|\1${EDIT//&/\&}\2|" \ 1.90 - -e "s|{\([^}]*\)TOC\([^}]*\)}|$(awk '{ printf "%s\\n" $0 }' <<EOT | \ 1.91 - sed -e 's/&/\\\&/g' -e 's/|/\\|/g' 1.92 -$toc 1.93 -EOT 1.94 -)|" \ 1.95 - -e "s#{PAGE_TITLE_BRUT}#$(htmlentities "$PAGE_TITLE")#" \ 1.96 - -e "s#{LAST_CHANGE}#$LAST_CHANGES :#" \ 1.97 - -e "s#{CONTENT}#$(awk '{ printf "%s\\n" $0 }' <<EOT | \ 1.98 - sed -e 's/&/\\\&/g' -e 's/#/\\#/g' 1.99 -$CONTENT 1.100 -EOT 1.101 -)#" \ 1.102 - -e "s#{LANG}#$LANG#" -e "s#href=\"?#href=\"$urlbase?#g" \ 1.103 - -e "s#$urlbase?#&$AUTH_GET#g" -e "s#action=\"$urlbase\">#&$AUTH_POST#g" \ 1.104 - -e "s#{WIKI_VERSION}#$WIKI_VERSION#" \ 1.105 - -e "s#{TIME}#$TIME#" -e "s#{DATE}#$datew#" \ 1.106 - -e "s#{IP}#$REMOTE_ADDR#" -e "s#{COOKIE}##" <<EOT 1.107 +sed -e "s/{ERROR}/$(sedesc "$ERROR")/" \ 1.108 + -e "s/{WIKI_TITLE}/$(sedesc "$WIKI_TITLE")/" \ 1.109 + -e "s/{\([^}]*\)HISTORY\([^}]*\)}/$(sedesc "$HISTORY")/" \ 1.110 + -e "s/{PAGE_TITLE}/$(sedesc "$PAGE_TITLE_str")/" \ 1.111 + -e "s/{\([^}]*\)EDIT\([^}]*\)}/\1$(sedesc "$EDIT")\2/" \ 1.112 + -e "s/{\([^}]*\)TOC\([^}]*\)}/$(sedesc "$TOC")/" \ 1.113 + -e "s/{PAGE_TITLE_BRUT}/$(sedesc "$(htmlentities "$PAGE_TITLE")")/" \ 1.114 + -e "s/{LAST_CHANGE}/$(sedesc "$LAST_CHANGES") :/" \ 1.115 + -e "s/{CONTENT}/$(sedesc "$CONTENT")/" \ 1.116 + -e "s/{LANG}/$(sedesc "$LANG")/" \ 1.117 + -e "s/href=\"?/href=\"$(sedesc "$urlbase?$AUTH_GET")/g" \ 1.118 + -e "s/action=\"$(sedesc "$urlbase")\">/&$(sedesc "$AUTH_POST")/g" \ 1.119 + -e "s/{WIKI_VERSION}/$(sedesc "$WIKI_VERSION")/" \ 1.120 + -e "s/{TIME}/$(sedesc "$TIME")/" -e "s/{DATE}/$(sedesc "$datew")/" \ 1.121 + -e "s/{IP}/$REMOTE_ADDR/" -e "s/{COOKIE}//" -e "s/{RSS}//" <<EOT 1.122 $html 1.123 EOT