Revision [16755]

This is an old revision of Mod028bCategoryActionDoubleQuoteReliance made by MevDl6 on 2007-05-31 10:44:33.

 

Wikka Mod 028

Type: Bug Fix

Credit:

Jason Tourtelotte

Found out that the Category action relied on the double doublequote insecurity for html formatting.

Fixed with the code below.

actions/category.php

%%(php)

<?php
if ($cattag = $_REQUEST["wakka"])
{
$str =; if (!$col) { $col=1;} if ($page=="/") { $page="Category Category"; // Remove the space between the two category words. } else { $page=$this->getPageTag(); } // $page= preg_replace( "/(\w )\s(\w )/", "$1$2",$page); if ($class) {$class="class=\"$class\;}
if (!$page) {$page=$cattag;}

if ($results = $this->FullCategoryTextSearch($page))
{
if (!$compact) $str .= 'The following '.(count($results)-1).' pages belong to ' . $page . ': <br /><br /><table '.$class.' width="100%"><tr>';
else $str .= '<div '.$class.'><ul>';

$count = 0; $list = array();
foreach ($results as $i => $cpage) if($cpage['tag'] != $page) { array_push($list,$cpage['tag']);}
sort($list);
while (list($key, $val) = each($list)) {
if ($count
$col
There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki