Masato Kikuhara
en-sf****@users*****
2005年 6月 30日 (木) 11:55:15 JST
Index: affelio/apps/diary/external_blog.cgi
diff -u affelio/apps/diary/external_blog.cgi:1.2 affelio/apps/diary/external_blog.cgi:1.3
--- affelio/apps/diary/external_blog.cgi:1.2 Thu Jun 30 07:57:13 2005
+++ affelio/apps/diary/external_blog.cgi Thu Jun 30 11:55:14 2005
@@ -95,14 +95,21 @@
sub escape_html {
my $html = shift;
-
- $html =~ s/'/"/g;
+
$html =~ s/&/&/g;
- $html =~ s/"/"/g;
+ $html =~ s/['"]/"/g;
+
+ if ($html =~ /</ and $html =~ />/) {
+ $html =~ s/'/"/g;
+ $html =~ s/&(lt|gt|quot);/&$1;/g;
+ }
+
$html =~ s/</</g;
$html =~ s/>/>/g;
-
+
# allow <br>,<p>,<a>,<i>,<b>,<strong>,<em>,<u>,<font>
- $html =~ s/<(\/?)(br|p|a|i|b|strong|em|u|font)( *\/?)>/<$1$2$3>/gi;
+ $html =~ s/<(\/?)(br|p|a|i|b|strong|em|u|font)[^&]*>/<$1$2$3>/gi;
+ $html =~ s/<a +href="([^&]*)"([^&]*)>/<a href="$1" $2>/gi;
+
return $html;
}
Index: affelio/apps/diary/owner.cgi
diff -u affelio/apps/diary/owner.cgi:1.2 affelio/apps/diary/owner.cgi:1.3
--- affelio/apps/diary/owner.cgi:1.2 Thu Jun 30 07:57:13 2005
+++ affelio/apps/diary/owner.cgi Thu Jun 30 11:55:14 2005
@@ -18,6 +18,16 @@
}
my $tmpl = new HTML::Template(filename => './templates/owner.tmpl');
+my $url = $diary->getRDFURL;
+if ($url) {
+ $tmpl->param(
+ URL => $url,
+ SELECT_IMPORT => 'checked'
+ );
+}
+else {
+ $tmpl->param(SELECT_DIARY => 'checked');
+}
eval { require XML::Parser; } or $tmpl->param(NO_PARSER => 1);
Index: affelio/apps/diary/write_comment.cgi
diff -u affelio/apps/diary/write_comment.cgi:1.6 affelio/apps/diary/write_comment.cgi:1.7
--- affelio/apps/diary/write_comment.cgi:1.6 Thu Jun 30 07:57:13 2005
+++ affelio/apps/diary/write_comment.cgi Thu Jun 30 11:55:14 2005
@@ -13,7 +13,7 @@
if($afap->{cgi}->param('comment_confirm')) {
my $tmpl = HTML::Template->new(filename => "./templates/write_comment_confirm.tmpl");
$tmpl->param(COMMENT_SHOW => $diary->escape($afap->{cgi}->param('comment')), COMMENT => $afap->{cgi}->param('comment'), ID => $id);
- $tmpl->param(REQUIRE_NAME => 1) unless ($uname);
+ $tmpl->param(REQUIRE_NAME => 1) unless ($user);
print $diary->get_HTML_header;
print $tmpl->output;
print $diary->get_HTML_footer;
@@ -22,15 +22,15 @@
# コメントをコミット
elsif($afap->{cgi}->param('comment_commit')) {
- if(!$user){
- $user = $afap->{cgi}->param('visitor_name');
- }else{
- $url = $afap->get_visitor_info("afid");
- if ($url =~ /<a href="([^"]*)"/) {
- $url = $1;
+ if(!$user){
+ $user = $afap->{cgi}->param('visitor_name');
+ }else{
+ $url = $afap->get_visitor_info("afid");
+ if ($url =~ /<a href="([^"]*)"/) {
+ $url = $1;
+ }
+ $user = "<a href=\"$url\">".$afap->get_visitor_info("nickname")."</a>";
}
- $user = "<a href=\"$url\">".$afap->get_visitor_info("nickname")."</a>";
- }
$diary->addComment($id, $user, $afap->{cgi}->param('comment'));