Wikka : Mod028bCategoryActionDoubleQuoteReliance

HomePage :: Categories :: Index :: Changes :: Comments :: Documentation :: Blog :: Login/Register

Wikka Mod 028

Type: Bug Fix

Credit:

Jason Tourtelotte

Found out that the Category action relied on the double doublequote insecurity for html formatting.

Fixed with the code below.

actions/category.php

<?php
if ($cattag = $_REQUEST["wakka"])
{
    $str ="";
    if (!$col) { $col=1;}
    if ($page=="/") {
        $page="Category Category"; // Remove the space between the two category words.
    } else
    {
        $page=$this->getPageTag();
    }
//    $page= preg_replace( "/(\w+)\s(\w+)/", "$1$2",$page);
    if ($class) {$class="class=\"$class\"";}
    if (!$page) {$page=$cattag;}
   
    if ($results = $this->FullCategoryTextSearch($page))
    {
        if (!$compact) $str .= 'The following '.(count($results)-1).' pages belong to ' . $page . ': <br /><br /><table '.$class.' width="100%"><tr>';
        else $str .= '<div '.$class.'><ul>';
       
        $count = 0; $list = array();
        foreach ($results as $i => $cpage) if($cpage['tag'] != $page) { array_push($list,$cpage['tag']);}
        sort($list);
        while (list($key, $val) = each($list)) {
            if ($count == $col & !$compact)  { $str .= "</tr><tr>"; $count=0; }
            if (!$compact) $str .= '<td>'.$this->Format('[['.$val.']]').'</td>';
            else $str .= '<li>'.$this->Format('[['.$val.' '.preg_replace( "/Category/", "",$val).']]').'</li>';
            $count++;
        }
        if (!$compact)  $str .= '</tr></table>'; else $str .= '</ul></div>';
    }
    else $str .= 'Sorry, no Items found for ' . $page .'.';
    print($str);
}
?>
There are no comments on this page. [Add comment]
Stats :: 2008-01-28 00:14:45 XML :: Owner: JsnX :: Search: 
Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by WikkaWiki
Page was generated in 0.2099 seconds