svnno****@sourc*****
svnno****@sourc*****
2009年 8月 30日 (日) 22:42:41 JST
Revision: 1016
http://sourceforge.jp/projects/hiki/svn/view?view=rev&revision=1016
Author: okkez
Date: 2009-08-30 22:42:41 +0900 (Sun, 30 Aug 2009)
Log Message:
-----------
use Hiki::Util's utility methods instead of CGI's utility methods
* hiki/command.rb: use Hiki::Util#escape, Hiki::Util#unescape,
Hiki::Util#escape_html and Hiki::Util#unescape_html instead of
CGI.escape, CGI.unescape, CGI.escapeHTML and CGI.unescapeHTML.
* hiki/db/flatfile.rb: ditto.
* hiki/filter/bayes_filter.rb: ditto.
* hiki/interwiki.rb: ditto.
* hiki/repos/cvs.rb: ditto.
* hiki/repos/default.rb: ditto.
* hiki/repos/git.rb: ditto.
* hiki/repos/hg.rb: ditto.
* hiki/repos/plain.rb: ditto.
* hiki/repos/svn.rb: ditto.
* hiki/storage.rb: ditto.
* hiki/util.rb: ditto.
* misc/plugin/append-css.rb: ditto.
* misc/plugin/attach.rb: ditto.
* misc/plugin/attach/attach.cgi: ditto.
* misc/plugin/auth_typekey.rb: ditto.
* misc/plugin/bbs.rb: ditto.
* misc/plugin/category.rb: ditto.
* misc/plugin/comment.rb: ditto.
* misc/plugin/diffmail.rb: ditto.
* misc/plugin/edit_user.rb: ditto.
* misc/plugin/footnote.rb: ditto.
* misc/plugin/google-sitemaps.rb: ditto.
* misc/plugin/highlight.rb: ditto.
* misc/plugin/history.rb: ditto.
* misc/plugin/incremental_search.rb: ditto.
* misc/plugin/isbn.rb: ditto.
* misc/plugin/its.rb: ditto.
* misc/plugin/keyword.rb: ditto.
* misc/plugin/math.rb: ditto.
* misc/plugin/note.rb: ditto.
* misc/plugin/orphan.rb: ditto.
* misc/plugin/pagerank.rb: ditto.
* misc/plugin/rank.rb: ditto.
* misc/plugin/readlirs.rb: ditto.
* misc/plugin/recent2.rb: ditto.
* misc/plugin/referer.rb: ditto.
* misc/plugin/rss-show.rb: ditto.
* misc/plugin/rss.rb: ditto.
* misc/plugin/sitemap.rb: ditto.
* misc/plugin/src.rb: ditto.
* misc/plugin/template.rb: ditto.
* misc/plugin/todo.rb: ditto.
* misc/plugin/trackback.rb: ditto.
* plugin/00default.rb: ditto.
* plugin/01sp.rb: ditto.
* plugin/50bayes_filter.rb: ditto.
* plugin/de/00default.rb: ditto.
* plugin/en/00default.rb: ditto.
* plugin/fr/00default.rb: ditto.
* plugin/it/00default.rb: ditto.
* plugin/ja/00default.rb: ditto.
* style/default/html_formatter.rb: ditto.
* style/math/html_formatter.rb: ditto.
* style/math/latex.rb: ditto.
* style/rd+/anchorlist.rb: ditto.
* style/rd+/html_formatter.rb: ditto.
* style/rd+/rd2html.rb: ditto.
Modified Paths:
--------------
hiki/trunk/ChangeLog
hiki/trunk/hiki/command.rb
hiki/trunk/hiki/db/flatfile.rb
hiki/trunk/hiki/filter/bayes_filter.rb
hiki/trunk/hiki/interwiki.rb
hiki/trunk/hiki/repos/cvs.rb
hiki/trunk/hiki/repos/default.rb
hiki/trunk/hiki/repos/git.rb
hiki/trunk/hiki/repos/hg.rb
hiki/trunk/hiki/repos/plain.rb
hiki/trunk/hiki/repos/svn.rb
hiki/trunk/hiki/storage.rb
hiki/trunk/hiki/util.rb
hiki/trunk/misc/plugin/append-css.rb
hiki/trunk/misc/plugin/attach/attach.cgi
hiki/trunk/misc/plugin/attach.rb
hiki/trunk/misc/plugin/auth_typekey.rb
hiki/trunk/misc/plugin/bbs.rb
hiki/trunk/misc/plugin/category.rb
hiki/trunk/misc/plugin/comment.rb
hiki/trunk/misc/plugin/diffmail.rb
hiki/trunk/misc/plugin/edit_user.rb
hiki/trunk/misc/plugin/footnote.rb
hiki/trunk/misc/plugin/google-sitemaps.rb
hiki/trunk/misc/plugin/highlight.rb
hiki/trunk/misc/plugin/history.rb
hiki/trunk/misc/plugin/incremental_search.rb
hiki/trunk/misc/plugin/isbn.rb
hiki/trunk/misc/plugin/its.rb
hiki/trunk/misc/plugin/keyword.rb
hiki/trunk/misc/plugin/math.rb
hiki/trunk/misc/plugin/note.rb
hiki/trunk/misc/plugin/orphan.rb
hiki/trunk/misc/plugin/pagerank.rb
hiki/trunk/misc/plugin/rank.rb
hiki/trunk/misc/plugin/readlirs.rb
hiki/trunk/misc/plugin/recent2.rb
hiki/trunk/misc/plugin/referer.rb
hiki/trunk/misc/plugin/rss-show.rb
hiki/trunk/misc/plugin/rss.rb
hiki/trunk/misc/plugin/sitemap.rb
hiki/trunk/misc/plugin/src.rb
hiki/trunk/misc/plugin/template.rb
hiki/trunk/misc/plugin/todo.rb
hiki/trunk/misc/plugin/trackback.rb
hiki/trunk/plugin/00default.rb
hiki/trunk/plugin/01sp.rb
hiki/trunk/plugin/50bayes_filter.rb
hiki/trunk/plugin/de/00default.rb
hiki/trunk/plugin/en/00default.rb
hiki/trunk/plugin/fr/00default.rb
hiki/trunk/plugin/it/00default.rb
hiki/trunk/plugin/ja/00default.rb
hiki/trunk/style/default/html_formatter.rb
hiki/trunk/style/math/html_formatter.rb
hiki/trunk/style/math/latex.rb
hiki/trunk/style/rd+/anchorlist.rb
hiki/trunk/style/rd+/html_formatter.rb
hiki/trunk/style/rd+/rd2html.rb
Modified: hiki/trunk/ChangeLog
===================================================================
--- hiki/trunk/ChangeLog 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/ChangeLog 2009-08-30 13:42:41 UTC (rev 1016)
@@ -1,5 +1,68 @@
2009-08-30 okkez <okkez****@gmail*****>
+ * hiki/command.rb: use Hiki::Util#escape, Hiki::Util#unescape,
+ Hiki::Util#escape_html and Hiki::Util#unescape_html instead of
+ CGI.escape, CGI.unescape, CGI.escapeHTML and CGI.unescapeHTML.
+ * hiki/db/flatfile.rb: ditto.
+ * hiki/filter/bayes_filter.rb: ditto.
+ * hiki/interwiki.rb: ditto.
+ * hiki/repos/cvs.rb: ditto.
+ * hiki/repos/default.rb: ditto.
+ * hiki/repos/git.rb: ditto.
+ * hiki/repos/hg.rb: ditto.
+ * hiki/repos/plain.rb: ditto.
+ * hiki/repos/svn.rb: ditto.
+ * hiki/storage.rb: ditto.
+ * hiki/util.rb: ditto.
+ * misc/plugin/append-css.rb: ditto.
+ * misc/plugin/attach.rb: ditto.
+ * misc/plugin/attach/attach.cgi: ditto.
+ * misc/plugin/auth_typekey.rb: ditto.
+ * misc/plugin/bbs.rb: ditto.
+ * misc/plugin/category.rb: ditto.
+ * misc/plugin/comment.rb: ditto.
+ * misc/plugin/diffmail.rb: ditto.
+ * misc/plugin/edit_user.rb: ditto.
+ * misc/plugin/footnote.rb: ditto.
+ * misc/plugin/google-sitemaps.rb: ditto.
+ * misc/plugin/highlight.rb: ditto.
+ * misc/plugin/history.rb: ditto.
+ * misc/plugin/incremental_search.rb: ditto.
+ * misc/plugin/isbn.rb: ditto.
+ * misc/plugin/its.rb: ditto.
+ * misc/plugin/keyword.rb: ditto.
+ * misc/plugin/math.rb: ditto.
+ * misc/plugin/note.rb: ditto.
+ * misc/plugin/orphan.rb: ditto.
+ * misc/plugin/pagerank.rb: ditto.
+ * misc/plugin/rank.rb: ditto.
+ * misc/plugin/readlirs.rb: ditto.
+ * misc/plugin/recent2.rb: ditto.
+ * misc/plugin/referer.rb: ditto.
+ * misc/plugin/rss-show.rb: ditto.
+ * misc/plugin/rss.rb: ditto.
+ * misc/plugin/sitemap.rb: ditto.
+ * misc/plugin/src.rb: ditto.
+ * misc/plugin/template.rb: ditto.
+ * misc/plugin/todo.rb: ditto.
+ * misc/plugin/trackback.rb: ditto.
+ * plugin/00default.rb: ditto.
+ * plugin/01sp.rb: ditto.
+ * plugin/50bayes_filter.rb: ditto.
+ * plugin/de/00default.rb: ditto.
+ * plugin/en/00default.rb: ditto.
+ * plugin/fr/00default.rb: ditto.
+ * plugin/it/00default.rb: ditto.
+ * plugin/ja/00default.rb: ditto.
+ * style/default/html_formatter.rb: ditto.
+ * style/math/html_formatter.rb: ditto.
+ * style/math/latex.rb: ditto.
+ * style/rd+/anchorlist.rb: ditto.
+ * style/rd+/html_formatter.rb: ditto.
+ * style/rd+/rd2html.rb: ditto.
+
+2009-08-30 okkez <okkez****@gmail*****>
+
* hiki/util.rb (Hiki::Util): dead copy from Ruby 1.8 cgi.rb.
Hiki::Util#escape, Hiki::Util#unescape, Hiki::Util#unescapeHTML,
Hiki::Util#escapeHTML.
Modified: hiki/trunk/hiki/command.rb
===================================================================
--- hiki/trunk/hiki/command.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/hiki/command.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -30,7 +30,7 @@
# for TrackBack
if %r|/tb/(.+)$| =~ ENV['REQUEST_URI']
- @cgi.params['p'] = [CGI.unescape($1)]
+ @cgi.params['p'] = [unescape($1)]
@cgi.params['c'] = ['plugin']
@cgi.params['plugin'] = ['trackback_post']
end
@@ -191,12 +191,12 @@
if****@conf*****_keys
word = @params['key'][0]
if word && word.size > 0
- contents = hilighten(contents, word.unescape.split)
+ contents = hilighten(contents, unescape(word).split)
end
end
old_ref =****@db*****_attribute( @p, :references )
- new_ref = formatter.references
+ new_ref = formatter.references
@db.set_references( @p, new_ref ) if new_ref != old_ref
ref =****@db*****_references( @p )
@@ -204,12 +204,12 @@
pg_title =****@plugi*****_name(@p)
- data[:page_title] =****@plugi*****_anchor(@p.escape, h(@p))
+ data[:page_title] =****@plugi*****_anchor(escape(@p), h(@p))
data[:view_title] = pg_title
- data[:title] = title( pg_title.unescapeHTML )
+ data[:title] = title(unescape_html(pg_title))
data[:toc] =****@plugi*****_f ? toc : nil
data[:body] = formatter.apply_tdiary_theme(contents)
- data[:references] = ref.collect! {|a| "[#{@plugin.hiki_anchor(a.escape, @plugin.page_name(a))}] " }.join
+ data[:references] = ref.collect! {|a| "[#{@plugin.hiki_anchor(escape(a), @plugin.page_name(a))}] " }.join
data[:keyword] =****@db*****_attribute(@p, :keyword).collect {|k| "[#{view_title(k)}]"}.join(' ')
data[:last_modified] =****@db*****_last_update( @p )
@@ -245,7 +245,7 @@
editor = f[k][:editor] ? "by #{f[k][:editor]}" : ''
display_text = h((f[k][:title] and f[k][:title].size > 0) ? f[k][:title] : k)
display_text << " [#{@aliaswiki.aliaswiki(k)}]" if k !=****@alias*****(k)
- %Q!#{@plugin.hiki_anchor(k.escape, display_text)}: #{format_date(f[k][:last_modified] )} #{editor}#{@conf.msg_freeze_mark if f[k][:freeze]}!
+ %Q!#{@plugin.hiki_anchor(escape(k), display_text)}: #{format_date(f[k][:last_modified] )} #{editor}#{@conf.msg_freeze_mark if f[k][:freeze]}!
}
data = get_common_data( @db, @plugin, @conf )
@@ -283,7 +283,7 @@
display_text = (f[k][:title] and f[k][:title].size > 0) ? f[k][:title] : k
display_text = h(display_text)
display_text << " [#{@aliaswiki.aliaswiki(k)}]" if k !=****@alias*****(k)
- %Q|#{format_date( tm )}: #{@plugin.hiki_anchor( k.escape, display_text )} #{h(editor)} (<a href="#{@conf.cgi_name}#{cmdstr('diff',"p=#{k.escape}")}">#{@conf.msg_diff}</a>)|
+ %Q|#{format_date( tm )}: #{@plugin.hiki_anchor(escape(k), display_text )} #{h(editor)} (<a href="#{@conf.cgi_name}#{cmdstr('diff',"p=#{escape(k)}")}">#{@conf.msg_diff}</a>)|
}
[list, last_modified]
end
@@ -315,7 +315,7 @@
old = text.gsub(/\r/, '')
new =****@db*****( page ) || ''
differ = word_diff( old, new ).gsub( /\n/, "<br>\n" )
- link =****@plugi*****_anchor( page.escape, h(page))
+ link =****@plugi*****_anchor(escape(page), h(page))
end
@cmd = 'edit'
@@ -418,9 +418,9 @@
if word && word.size > 0
total, l =****@db*****(word)
if****@conf*****_keys
- l.collect! {|p| @plugin.make_anchor("#{@conf.cgi_name}?cmd=view&p=#{p[0].escape}&key=#{word.split.join('+').escape}", @plugin.page_name(p[0])) + " - #{p[1]}"}
+ l.collect! {|p| @plugin.make_anchor("#{@conf.cgi_name}?cmd=view&p=#{escape(p[0])}&key=#{escape(word.split.join('+'))}", @plugin.page_name(p[0])) + " - #{p[1]}"}
else
- l.collect! {|p| @plugin.hiki_anchor( p[0].escape, @plugin.page_name(p[0])) + " - #{p[1]}"}
+ l.collect! {|p| @plugin.hiki_anchor(escape(p[0]), @plugin.page_name(p[0])) + " - #{p[1]}"}
end
data = get_common_data( @db, @plugin, @conf )
data[:title] = title( @conf.msg_search_result )
@@ -541,7 +541,7 @@
return tmp
end
- p = (@db.select {|p| p[:title] and p[:title].unescape == page})[0]
+ p = (@db.select {|p| p[:title] and unescape(p[:title]) == page})[0]
if p != @p and p != nil
return p
end
Modified: hiki/trunk/hiki/db/flatfile.rb
===================================================================
--- hiki/trunk/hiki/db/flatfile.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/hiki/db/flatfile.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -81,7 +81,7 @@
def pages
Dir.glob( "#{@pages_path}/*" ).delete_if {|f| !test(?f, f.untaint)}.collect! {|f|
- File.basename( f ).unescape
+ unescape(File.basename( f ))
}
end
@@ -89,7 +89,7 @@
# info DB
# ==============
def info_exist? ( p )
- f = p.escape
+ f = escape(p)
@info.transaction(true) do
@info.root?( f )
end
@@ -100,7 +100,7 @@
end
def info( p )
- f = p.escape
+ f = escape(p)
@info.transaction(true) do
@info.root?(f) ? @info[f] : nil
end
@@ -109,13 +109,13 @@
def page_info
h = []
@info.transaction(true) do
- @info.roots.each { |a| h << {a.unescape => @info[a]} }
+ @info.roots.each { |a| h << { unescape(a) => @info[a]} }
end
h
end
def set_attribute(p, attr)
- f = p.escape
+ f = escape(p)
@info.transaction do
@info[f] = default unless @info[f]
attr.each do |attribute, value|
@@ -125,7 +125,7 @@
end
def get_attribute(p, attribute)
- f = p.escape
+ f = escape(p)
@info.transaction(true) do
if****@info*****?(f)
@info[f][attribute] || default[attribute]
@@ -139,14 +139,14 @@
result = []
@info.transaction(true) do
@info.roots.each do |a|
- result << a.unescape if yield(@info[a])
+ result << unescape(a) if yield(@info[a])
end
end
result
end
def increment_hitcount ( p )
- f = p.escape
+ f = escape(p)
@info.transaction do
@info[f][:count] = @info[f][:count] + 1
end
@@ -197,7 +197,7 @@
end
def delete_info(p)
- f = p.escape
+ f = escape(p)
begin
@info.transaction do
@info.delete(f)
@@ -211,14 +211,14 @@
@info.transaction do
pages.each do |a|
r = default
- r[:last_modified] = File.mtime( "#{@pages_path}/#{a.escape}".untaint )
- @info[a.escape] = r
+ r[:last_modified] = File.mtime( "#{@pages_path}/#{escape(a)}".untaint )
+ @info[escape(a)] = r
end
end
end
def create_info_default(p)
- f = p.escape
+ f = escape(p)
@info.transaction do
@info[f] = default
end
@@ -235,11 +235,11 @@
end
def textdir(s)
- File.join(@pages_path, s.escape).untaint
+ File.join(@pages_path, escape(s)).untaint
end
def backupdir(s)
- File.join(@backup_path, s.escape).untaint
+ File.join(@backup_path, escape(s)).untaint
end
end
end
Modified: hiki/trunk/hiki/filter/bayes_filter.rb
===================================================================
--- hiki/trunk/hiki/filter/bayes_filter.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/hiki/filter/bayes_filter.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -3,6 +3,7 @@
require "fileutils"
require "hiki/filter/bayes_filter/bayes.rb"
+require "hiki/util"
module Hiki::Filter
module BayesFilter
@@ -132,7 +133,7 @@
end
def url
- "#{@index_url}?#{CGI.escape(@new_page.page)}"
+ "#{@index_url}?#{Hiki::Util.escape(@new_page.page)}"
end
def self.load(filename, delete=false)
Modified: hiki/trunk/hiki/interwiki.rb
===================================================================
--- hiki/trunk/hiki/interwiki.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/hiki/interwiki.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -25,11 +25,11 @@
encoding = @interwiki_names[s][:encoding]
page = case encoding
when 'sjis'
- p.to_sjis.escape
+ escape(p.to_sjis)
when 'euc'
- p.to_euc.escape
+ escape(p.to_euc)
when 'utf8'
- euc_to_utf8(p).escape
+ escape(euc_to_utf8(p))
else
p
end
Modified: hiki/trunk/hiki/repos/cvs.rb
===================================================================
--- hiki/trunk/hiki/repos/cvs.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/hiki/repos/cvs.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -41,16 +41,18 @@
end
class ReposCvs < ReposBase
+ include Hiki::Util
+
def commit(page, msg = default_msg)
Dir.chdir( "#{@data_path}/text" ) do
- system( "cvs -d #{@root} add -- #{page.escape} > /dev/null 2>&1".untaint )
+ system( "cvs -d #{@root} add -- #{escape(page)} > /dev/null 2>&1".untaint )
system( "cvs -d #{@root} ci -m '#{msg}' > /dev/null 2>&1".untaint )
end
end
def delete(page, msg = default_msg)
Dir.chdir( "#{@data_path}/text" ) do
- system( "cvs -d #{@root} remove -- #{page.escape} > /dev/null 2>&1".untaint )
+ system( "cvs -d #{@root} remove -- #{escape(page)} > /dev/null 2>&1".untaint )
system( "cvs -d #{@root} ci -m '#{msg}' > /dev/null 2>&1".untaint )
end
end
@@ -58,7 +60,7 @@
def get_revision(page, revision)
ret = ''
Dir.chdir("#{@data_path}/text") do
- open("|cvs -Q up -p -r 1.#{revision.to_i} #{page.escape.untaint}") do |f|
+ open("|cvs -Q up -p -r 1.#{revision.to_i} #{escape(page).untaint}") do |f|
ret = f.read
end
end
@@ -70,7 +72,7 @@
log = ''
revs = []
Dir.chdir("#{@data_path}/text") do
- open("|cvs -Q log #{page.escape.untaint}") do |f|
+ open("|cvs -Q log #{escape(page).untaint}") do |f|
log = f.read
end
end
Modified: hiki/trunk/hiki/repos/default.rb
===================================================================
--- hiki/trunk/hiki/repos/default.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/hiki/repos/default.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -3,6 +3,8 @@
# Copyright (C) 2003, Yasuo Itabashi <yasuo_itabashi{@}hotmail.com>
# You can distribute this under GPL.
+require 'hiki/util'
+
module Hiki
class HikifarmReposBase
def initialize(root, data_root)
@@ -73,6 +75,8 @@
end
class ReposDefault < ReposBase
+ include Hiki::Util
+
def commit(page, log = nil)
end
@@ -82,7 +86,7 @@
def get_revision(page, revision)
revision = revision.to_i
begin
- File::read("#{rev_path(revision)}/#{page.escape.untaint}")
+ File::read("#{rev_path(revision)}/#{escape(page).untaint}")
rescue
''
end
@@ -90,8 +94,8 @@
def revisions(page)
rev = []
- rev << [2, File.mtime("#{rev_path(2)}/#{page.escape.untaint}").localtime.strftime('%Y/%m/%d %H:%M:%S'), '', 'current']
- rev << [1, File.mtime("#{rev_path(1)}/#{page.escape.untaint}").localtime.strftime('%Y/%m/%d %H:%M:%S'), '', 'backup'] if File.exist?("#{rev_path(1)}/#{page.escape.untaint}")
+ rev << [2, File.mtime("#{rev_path(2)}/#{escape(page).untaint}").localtime.strftime('%Y/%m/%d %H:%M:%S'), '', 'current']
+ rev << [1, File.mtime("#{rev_path(1)}/#{escape(page).untaint}").localtime.strftime('%Y/%m/%d %H:%M:%S'), '', 'backup'] if File.exist?("#{rev_path(1)}/#{escape(page).untaint}")
rev
end
Modified: hiki/trunk/hiki/repos/git.rb
===================================================================
--- hiki/trunk/hiki/repos/git.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/hiki/repos/git.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -3,17 +3,19 @@
module Hiki
class ReposGit < ReposBase
+ include Hiki::Util
+
def commit(page, msg = default_msg)
Dir.chdir("#{@data_path}/text") do
- system("git add -- #{page.escape}".untaint)
- system("git commit -q -m \"#{msg}\" -- #{page.escape}".untaint)
+ system("git add -- #{escape(page)}".untaint)
+ system("git commit -q -m \"#{msg}\" -- #{escape(page)}".untaint)
end
end
def delete(page, msg = default_msg)
Dir.chdir("#{@data_path}/text") do
- system("git rm -q -- #{page.escape}".untaint)
- system("git commit -q -m \"#{msg}\" #{page.escape}".untaint)
+ system("git rm -q -- #{escape(page)}".untaint)
+ system("git commit -q -m \"#{msg}\" #{escape(page)}".untaint)
end
end
@@ -32,14 +34,14 @@
all_log = ''
revs = []
Dir.chdir("#{@data_path}/text") do
- open("|git log --raw -- #{page.escape.untaint}") do |f|
+ open("|git log --raw -- #{escape(page).untaint}") do |f|
all_log = f.read
end
end
all_log.split(/^commit (?:[a-fA-F\d]+)\n/).each do |log|
if /\AAuthor:\s*(.*?)\nDate:\s*(.*?)\n(.*?)
\n:\d+\s\d+\s[a-fA-F\d]+\.{3}\s([a-fA-F\d]+)\.{3}\s\w
- \s+#{Regexp.escape(page.escape)}\n+\z/xm =~ log
+ \s+#{Regexp.escape(escape(page))}\n+\z/xm =~ log
revs << [$4,
Time.parse("#{$2}Z").localtime.strftime('%Y/%m/%d %H:%M:%S'),
"", # $1,
Modified: hiki/trunk/hiki/repos/hg.rb
===================================================================
--- hiki/trunk/hiki/repos/hg.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/hiki/repos/hg.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -7,24 +7,26 @@
module Hiki
class ReposHg < ReposBase
+ include Hiki::Util
+
def commit(page, msg = default_msg)
Dir.chdir("#{@data_path}/text") do
- system("hg addremove -q #{page.escape}".untaint)
- system("hg ci -m \"#{msg}\" #{page.escape}".untaint)
+ system("hg addremove -q #{escape(page)}".untaint)
+ system("hg ci -m \"#{msg}\" #{escape(page)}".untaint)
end
end
def delete(page, msg = default_msg)
Dir.chdir("#{@data_path}/text") do
- system("hg rm #{page.escape}".untaint)
- system("hg ci -m \"#{msg}\" #{page.escape}".untaint)
+ system("hg rm #{escape(page)}".untaint)
+ system("hg ci -m \"#{msg}\" #{escape(page)}".untaint)
end
end
def get_revision(page, revision)
r = ""
Dir.chdir("#{@data_path}/text") do
- open("|hg cat -r #{revision.to_i-1} #{page.escape}".untaint) do |f|
+ open("|hg cat -r #{revision.to_i-1} #{escape(page)}".untaint) do |f|
r = f.read
end
end
@@ -36,7 +38,7 @@
all_log = ''
revs = []
Dir.chdir("#{@data_path}/text") do
- open("|hg log #{page.escape.untaint}") do |f|
+ open("|hg log #{escape(page).untaint}") do |f|
all_log = f.read
end
end
Modified: hiki/trunk/hiki/repos/plain.rb
===================================================================
--- hiki/trunk/hiki/repos/plain.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/hiki/repos/plain.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -30,33 +30,35 @@
end
class ReposPlain < ReposBase
+ include Hiki::Util
+
def commit(page, log = nil)
wiki = File.read("#{@data_path}/text/.wiki")
- dir = "#{@root}/#{wiki.untaint}/#{page.escape.untaint}"
+ dir = "#{@root}/#{wiki.untaint}/#{escape(page).untaint}"
Dir.mkdir(dir) if not File.exists?(dir)
FileUtils.rm("#{dir}/.removed", {:force => true})
rev = last_revision(page) + 1
- FileUtils.cp("#{@data_path}/text/#{page.escape.untaint}", "#{dir}/#{rev}")
+ FileUtils.cp("#{@data_path}/text/#{escape(page).untaint}", "#{dir}/#{rev}")
end
def delete(page, log = nil)
wiki = File.read("#{@data_path}/text/.wiki")
- File.open("#{@root}/#{wiki.untaint}/#{page.escape.untaint}/.removed", 'w'){|f|}
+ File.open("#{@root}/#{wiki.untaint}/#{escape(page).untaint}/.removed", 'w'){|f|}
end
def get_revision(page, revision)
wiki = File.read("#{@data_path}/text/.wiki")
- File.read("#{@root}/#{wiki.untaint}/#{page.escape.untaint}/#{revision.to_i}")
+ File.read("#{@root}/#{wiki.untaint}/#{escape(page).untaint}/#{revision.to_i}")
end
def revisions(page)
wiki = File.read("#{@data_path}/text/.wiki")
revs = []
- Dir.glob("#{@root}/#{wiki.untaint}/#{page.escape.untaint}/*").each do |file|
+ Dir.glob("#{@root}/#{wiki.untaint}/#{escape(page).untaint}/*").each do |file|
revs << [File.basename(file).to_i, File.mtime(file.untaint).localtime.to_s, '', '']
end
revs.sort_by{|e| -e[0]}
@@ -66,7 +68,7 @@
private
def last_revision(page)
wiki = File.read("#{@data_path}/text/.wiki")
- Dir.glob("#{@root}/#{wiki.untaint}/#{page.escape.untaint}/*").map{|f| File.basename(f)}.sort_by{|f| -f.to_i}[0].to_i
+ Dir.glob("#{@root}/#{wiki.untaint}/#{escape(page).untaint}/*").map{|f| File.basename(f)}.sort_by{|f| -f.to_i}[0].to_i
end
end
end
Modified: hiki/trunk/hiki/repos/svn.rb
===================================================================
--- hiki/trunk/hiki/repos/svn.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/hiki/repos/svn.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -66,6 +66,8 @@
end
class ReposSvn < ReposBase
+ include Hiki::Util
+
def initialize(root, data_path)
super
if /^[a-z]:/i =~ @root
@@ -78,15 +80,15 @@
def commit(page, msg = default_msg)
Dir.chdir("#{@data_path}/text") do
- system("svn add -q -- #{page.escape}".untaint)
- system("svn propdel -q svn:mime-type -- #{page.escape}".untaint)
+ system("svn add -q -- #{escape(page)}".untaint)
+ system("svn propdel -q svn:mime-type -- #{escape(page)}".untaint)
system("svn ci -q --force-log -m \"#{msg}\"".untaint)
end
end
def delete(page, msg = default_msg)
Dir.chdir("#{@data_path}/text") do
- system("svn remove -q -- #{page.escape}".untaint)
+ system("svn remove -q -- #{escape(page)}".untaint)
system("svn ci -q --force-log -m \"#{msg}\"".untaint)
end
end
@@ -94,7 +96,7 @@
def get_revision(page, revision)
ret = ''
Dir.chdir("#{@data_path}/text") do
- open("|svn cat -r #{revision.to_i} #{page.escape.untaint}") do |f|
+ open("|svn cat -r #{revision.to_i} #{escape(page).untaint}") do |f|
ret = f.read
end
end
@@ -106,7 +108,7 @@
log = ''
revs = []
Dir.chdir("#{@data_path}/text") do
- open("|svn log #{page.escape.untaint}") do |f|
+ open("|svn log #{escape(page).untaint}") do |f|
log = f.read
end
end
Modified: hiki/trunk/hiki/storage.rb
===================================================================
--- hiki/trunk/hiki/storage.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/hiki/storage.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -83,7 +83,7 @@
cache_path = "#{@conf.cache_path}/parser"
Dir.mkdir( cache_path ) unless test( ?e, cache_path )
begin
- tmp = Marshal.load( File.open( "#{cache_path}/#{CGI.escape( page )}".untaint, 'rb' ) {|f| f.read} )
+ tmp = Marshal.load( File.open( "#{cache_path}/#{escape(page)}".untaint, 'rb' ) {|f| f.read} )
if tmp[0] == Hiki::RELEASE_DATE
return tmp[1]
else
@@ -96,7 +96,7 @@
def save_cache( page, tokens )
begin
- File.open( "#{@conf.cache_path}/parser/#{CGI.escape( page )}".untaint, 'wb') do |f|
+ File.open( "#{@conf.cache_path}/parser/#{escape(page)}".untaint, 'wb') do |f|
Marshal.dump([Hiki::RELEASE_DATE, tokens], f)
end
rescue
@@ -105,7 +105,7 @@
def delete_cache( page )
begin
- File.unlink("#{@conf.cache_path}/parser/#{CGI.escape( page )}".untaint)
+ File.unlink("#{@conf.cache_path}/parser/#{escape(page)}".untaint)
rescue Errno::ENOENT
end
end
Modified: hiki/trunk/hiki/util.rb
===================================================================
--- hiki/trunk/hiki/util.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/hiki/util.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -140,7 +140,7 @@
end
def view_title( s )
- %Q!<a href="#{@conf.cgi_name}#{cmdstr('search', "key=#{s.escape}") }">#{h(s)}</a>!
+ %Q!<a href="#{@conf.cgi_name}#{cmdstr('search', "key=#{escape(s)}") }">#{h(s)}</a>!
end
def format_date( tm )
@@ -205,7 +205,7 @@
end
def unified_diff( src, dst, context_lines = 3 )
- return CGI.escapeHTML(Diff.new(src.split(/^/), dst.split(/^/)).ses.unidiff( '', context_lines ))
+ return h(Diff.new(src.split(/^/), dst.split(/^/)).ses.unidiff( '', context_lines ))
end
def redirect(cgi, url, cookies = nil)
@@ -258,7 +258,7 @@
EOS
body << "REMOTE_USER = #{ENV['REMOTE_USER']}\n" if ENV['REMOTE_USER']
body << <<EOS
- URL = #{@conf.index_url}?#{page.escape}
+ URL = #{@conf.index_url}?#{escape(page)}
#{'-' * 25}
#{text}
EOS
Modified: hiki/trunk/misc/plugin/append-css.rb
===================================================================
--- hiki/trunk/misc/plugin/append-css.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/append-css.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -9,7 +9,7 @@
if @conf['append-css.css'] and !@conf['append-css.css'].empty?
<<-HTML
<style type="text/css"><!--
- #{CGI::escapeHTML( @conf['append-css.css'] )}
+ #{h(@conf['append-css.css'])}
--></style>
HTML
else
@@ -24,6 +24,6 @@
<<-HTML
#{append_css_desc}
- <p><textarea name="append-css.css" cols="70" rows="15">#{CGI::escapeHTML( @conf['append-css.css'].to_s )}</textarea></p>
+ <p><textarea name="append-css.css" cols="70" rows="15">#{h(@conf['append-css.css'].to_s)}</textarea></p>
HTML
end
Modified: hiki/trunk/misc/plugin/attach/attach.cgi
===================================================================
--- hiki/trunk/misc/plugin/attach/attach.cgi 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/attach/attach.cgi 2009-08-30 13:42:41 UTC (rev 1016)
@@ -41,9 +41,9 @@
cache_path = "#{@conf.cache_path}/attach"
Dir.mkdir(cache_path) unless test(?e, cache_path.untaint)
- attach_path = "#{cache_path}/#{page.escape}"
+ attach_path = "#{cache_path}/#{escape(page)}"
Dir.mkdir(attach_path) unless test(?e, attach_path.untaint)
- path = "#{attach_path}/#{filename.to_euc.escape}"
+ path = "#{attach_path}/#{escape(filename.to_euc)}"
if params['attach_file'][0].size > max_size
raise "File size is larger than limit (#{max_size} bytes)."
end
@@ -60,13 +60,13 @@
send_updating_mail(page, 'attach', r) if****@conf*****_on_update
end
end
- redirect(cgi, "#{@conf.index_url}?c=#{command}&p=#{page.escape}")
+ redirect(cgi, "#{@conf.index_url}?c=#{command}&p=#{escape(page)}")
rescue Exception => ex
print cgi.header( 'type' => 'text/plain' )
puts ex.message
end
elsif cgi.params['detach'][0] then
- attach_path = "#{@conf.cache_path}/attach/#{page.escape}"
+ attach_path = "#{@conf.cache_path}/attach/#{escape(page)}"
begin
Dir.foreach(attach_path) do |file|
@@ -79,7 +79,7 @@
end
Dir.rmdir(attach_path) if Dir.entries(attach_path).size == 2
send_updating_mail(page, 'detach', r) if****@conf*****_on_update
- redirect(cgi, "#{@conf.index_url}?c=#{command}&p=#{page.escape}")
+ redirect(cgi, "#{@conf.index_url}?c=#{command}&p=#{escape(page)}")
rescue Exception => ex
print cgi.header( 'type' => 'text/plain' )
puts ex.message
Modified: hiki/trunk/misc/plugin/attach.rb
===================================================================
--- hiki/trunk/misc/plugin/attach.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/attach.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -13,7 +13,7 @@
<div class="form">
<form class="nodisp" method="post" enctype="multipart/form-data" action="#{attach_cgi}">
<div>
- <input type="hidden" name="p" value="#{@page.escapeHTML}">
+ <input type="hidden" name="p" value="#{h(@page)}">
<input type="hidden" name="command" value="#{command}">
<input type="file" name="attach_file">
<input type="submit" name="attach" value="#{attach_upload_label}">
@@ -33,12 +33,12 @@
s = "<ul>\n"
attach_files.sort do |a, b|
- a[0].unescape <=> b[0].unescape
+ unescape(a[0]) <=> unescape(b[0])
end.each do |attach_info|
- s << "<li>#{hiki_anchor(attach_info[0], page_name(attach_info[0].unescape))}</li>\n"
+ s << "<li>#{hiki_anchor(attach_info[0], page_name(unescape(attach_info[0])))}</li>\n"
s << "<ul>\n"
attach_info[1].each do |f|
- s << "<li>#{attach_anchor(f, attach_info[0].unescape)}</li>\n"
+ s << "<li>#{attach_anchor(f, unescape(attach_info[0]))}</li>\n"
end
s << "</ul>\n"
end
@@ -47,20 +47,20 @@
def attach_anchor_string(string, file_name, page = @page)
s = %Q!<a href="!
- s << %Q!#{@conf.cgi_name}#{cmdstr('plugin', "plugin=attach_download;p=#{page.escape};file_name=#{file_name.escape}")}">!
- s << %Q!#{if string then string.escapeHTML else file_name.escapeHTML end}</a>!
+ s << %Q!#{@conf.cgi_name}#{cmdstr('plugin', "plugin=attach_download;p=#{escape(page)};file_name=#{escape(file_name)}")}">!
+ s << %Q!#{if string then h(string) else h(file_name) end}</a>!
end
def attach_anchor(file_name, page = @page)
s = %Q!<a href="!
- s << %Q!#{@conf.cgi_name}#{cmdstr('plugin', "plugin=attach_download;p=#{page.escape};file_name=#{file_name.escape}")}">!
- s << %Q!#{file_name.escapeHTML}</a>!
+ s << %Q!#{@conf.cgi_name}#{cmdstr('plugin', "plugin=attach_download;p=#{escape(page)};file_name=#{escape(file_name)}")}">!
+ s << %Q!#{h(file_name)}</a>!
end
def get_image_size(file_name, page = @page)
begin
require 'image_size'
- f = "#{@cache_path}/attach/#{page.escape}/#{file_name.escape}"
+ f = "#{@cache_path}/attach/#{escape(page)}/#{escape(file_name)}"
File.open(f.untaint,'rb') do |fh|
return ImageSize.new(fh).get_size
end
@@ -71,19 +71,19 @@
def attach_image_anchor(file_name, page = @page)
image_size = get_image_size(file_name, page)
- s = %Q!<img alt="#{file_name.escapeHTML}"!
+ s = %Q!<img alt="#{h(file_name)}"!
s << %Q! width="#{image_size[:width]}" height="#{image_size[:height]}"! if image_size
if****@conf*****['attach.cache_url']
- s << %Q! src="#{@conf.options['attach.cache_url']}/#{page.escape.escape}/#{file_name.escape}">!
+ s << %Q! src="#{@conf.options['attach.cache_url']}/#{escape(escape(page))}/#{escape(file_name)}">!
else
- s << %Q! src="#{@conf.cgi_name}#{cmdstr('plugin', "plugin=attach_download;p=#{page.escape};file_name=#{file_name.escape}")}">!
+ s << %Q! src="#{@conf.cgi_name}#{cmdstr('plugin', "plugin=attach_download;p=#{escape(page)};file_name=#{escape(file_name)}")}">!
end
end
def attach_flash_anchor(file_name, page = @page)
image_size = get_image_size(file_name, page)
s = %Q!<embed type="application/x-shockwave-flash" src="!
- s << %Q!#{@conf.cgi_name}#{cmdstr('plugin', "plugin=attach_download;p=#{page.escape};file_name=#{file_name.escape}")}" !
+ s << %Q!#{@conf.cgi_name}#{cmdstr('plugin', "plugin=attach_download;p=#{escape(page)};file_name=#{file_name.escape}")}" !
s << %Q! width="#{image_size[:width]}" height="#{image_size[:height]}" ! if image_size
s << %Q!>!
end
@@ -93,7 +93,7 @@
params =****@cgi*****
page = (params['p'][0] || '')
file_name = (params['file_name'][0] || '')
- attach_file = "#{@cache_path}/attach/#{page.escape}/#{file_name.escape}"
+ attach_file = "#{@cache_path}/attach/#{escape(page)}/#{escape(file_name)}"
extname = /\.([^.]+)$/.match(file_name.downcase).to_a[1]
if File::exist?( attach_file.untaint )
mime_type = nil
@@ -123,14 +123,14 @@
tabstop = ' ' * (@options['attach.tabstop'] ? @options['attach.tabstop'].to_i : 2)
if file_name =~ /\.(txt|rd|rb|c|pl|py|sh|java|html|htm|css|xml|xsl|sql|yaml)\z/i
- file = "#{@conf.cache_path}/attach/#{page.untaint.escape}/#{file_name.untaint.escape}"
+ file = "#{@conf.cache_path}/attach/#{escape(page.untaint)}/#{escape(file_name.untaint)}"
s = %Q!<pre>!
content = File::readlines(file)
if @options['attach.show_linenum']
line = 0
content.collect! {|i| sprintf("%3d| %s", line+=1, i)}
end
- s << content.join.escapeHTML.gsub(/^\t+/) {|t| tabstop * t.size}.to_euc
+ s << h(content.join).gsub(/^\t+/) {|t| tabstop * t.size}.to_euc
s << %Q!</pre>!
end
end
@@ -145,7 +145,7 @@
def attach_page_files
result = Array::new
- attach_path = "#{@cache_path}/attach/#{@page.escape}".untaint
+ attach_path = "#{@cache_path}/attach/#{escape(@page)}".untaint
if FileTest::directory?(attach_path)
Dir.entries(attach_path).collect do |file_name|
result << file_name if FileTest::file?("#{attach_path}/#{file_name}".untaint)
@@ -161,7 +161,7 @@
Dir.foreach("#{@cache_path}/attach/") do |dir|
next if /^\./ =~ dir
attach_files[File.basename(dir)] = Dir.glob("#{@cache_path}/attach/#{dir.untaint}/*").collect do |f|
- File.basename(f).unescape
+ unescape(File.basename(f))
end
end
attach_files.to_a
@@ -172,12 +172,12 @@
if (files = attach_page_files).size > 0
s << %Q!<p>#{attach_files_label}: \n!
files.each do |file_name|
- f = file_name.unescape
+ f = unescape(file_name)
case****@conf*****
when 'EUC-JP'
- f = file_name.unescape.to_euc
+ f = unescape(file_name).to_euc
when 'Shift_JIS'
- f = file_name.unescape.to_sjis
+ f = unescape(file_name).to_sjis
end
s << %Q! [#{attach_anchor(f)}] !
end
@@ -191,19 +191,19 @@
s = ''
if (files = attach_page_files).size > 0
s << %Q!<form method="post" enctype="multipart/form-data" action="#{attach_cgi}">
- <input type="hidden" name="p" value="#{@page.escapeHTML}">
+ <input type="hidden" name="p" value="#{h(@page)}">
<input type="hidden" name="command" value="#{@command == 'create' ? 'edit' : @command}">
<p>#{attach_files_label}:
!
files.each do |file_name|
- f = file_name.unescape
+ f = unescape(file_name)
case****@conf*****
when 'EUC-JP'
- f = file_name.unescape.to_euc
+ f = unescape(file_name).to_euc
when 'Shift_JIS'
- f = file_name.unescape.to_sjis
+ f = unescape(file_name).to_sjis
end
- s << %Q! [<input type="checkbox" name="file_#{file_name.escapeHTML}">#{attach_anchor(f)}] \n!
+ s << %Q! [<input type="checkbox" name="file_#{h(file_name)}">#{attach_anchor(f)}] \n!
end
s << %Q!<input type="submit" name="detach" value="#{detach_upload_label}">\n</p>\n</form>\n!
end
Modified: hiki/trunk/misc/plugin/auth_typekey.rb
===================================================================
--- hiki/trunk/misc/plugin/auth_typekey.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/auth_typekey.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -54,7 +54,7 @@
elsif @user
<<EOS
<div class="hello">
-#{sprintf(label_auth_typekey_hello, @user.escapeHTML)}
+#{sprintf(label_auth_typekey_hello, h(@user))}
</div>
EOS
end
@@ -71,7 +71,7 @@
str = <<-HTML
<h3 class="subtitle">#{label_auth_typekey_token}</h3>
<p>#{label_auth_typekey_token_msg}</p>
- <p><input name="typekey.token" size="40" value="#{CGI::escapeHTML(@conf['typekey.token'])}"></p>
+ <p><input name="typekey.token" size="40" value="#{h(@conf['typekey.token'])}"></p>
HTML
str
end
Modified: hiki/trunk/misc/plugin/bbs.rb
===================================================================
--- hiki/trunk/misc/plugin/bbs.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/bbs.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -16,14 +16,14 @@
<<EOS
<form action="#{@conf.cgi_name}" method="post">
<div>
- #{bbs_name_label}: <input type="text" name="name" value="#{name.escapeHTML}" size="10">
+ #{bbs_name_label}: <input type="text" name="name" value="#{h(name)}" size="10">
#{bbs_subject_label}: <input type="text" name="subject" size="40"><br>
<textarea cols="60" rows="8" name="msg"></textarea><br>
<input type="submit" name="comment" value="#{bbs_post_label}">
<input type="hidden" name="bbs_num" value="#{@bbs_num}">
<input type="hidden" name="bbs_level" value="#{level}">
<input type="hidden" name="c" value="plugin">
- <input type="hidden" name="p" value="#{@page.escapeHTML}">
+ <input type="hidden" name="p" value="#{h(@page)}">
<input type="hidden" name="plugin" value="bbs_post">
<input type="hidden" name="session_id" value="#{@session_id}">
</div>
Modified: hiki/trunk/misc/plugin/category.rb
===================================================================
--- hiki/trunk/misc/plugin/category.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/category.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -4,7 +4,7 @@
def category_list(*category)
category_re = /^\(([^\)]+?)\)/
- category.collect! {|a| a.unescapeHTML}
+ category.collect! {|a| unescape_html(a) }
l = Hash::new
@db.page_info.each do |a|
@@ -31,7 +31,7 @@
p.each do |a|
name = a[0]
tm = a[1][:last_modified]
- s << "<li>#{format_date( tm )}: #{hiki_anchor(name.escape, page_name(name))}</li>\n"
+ s << "<li>#{format_date( tm )}: #{hiki_anchor(escape(name), page_name(name))}</li>\n"
end
s << "</ul>\n"
end
Modified: hiki/trunk/misc/plugin/comment.rb
===================================================================
--- hiki/trunk/misc/plugin/comment.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/comment.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -26,7 +26,7 @@
<input type="submit" name="comment" value="#{comment_post_label}">
<input type="hidden" name="comment_no" value="#{@comment_num}">
<input type="hidden" name="c" value="plugin">
- <input type="hidden" name="p" value="#{@page.escapeHTML}">
+ <input type="hidden" name="p" value="#{h(@page)}">
<input type="hidden" name="plugin" value="comment_post">
<input type="hidden" name="style" value="#{style}">
<input type="hidden" name="session_id" value="#{@session_id}">
Modified: hiki/trunk/misc/plugin/diffmail.rb
===================================================================
--- hiki/trunk/misc/plugin/diffmail.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/diffmail.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -23,7 +23,7 @@
head << "KEYWORD = #{keyword}\n" if keyword
r = "#{latest_text}\n"
elsif type == 'update'
- title_old = CGI::unescapeHTML( page_name( @page ) )
+ title_old = unescape_html(page_name(@page))
keyword_old =****@db*****_attribute(@page, :keyword).join(' / ')
if title && title != title_old
head << "TITLE = #{title_old} -> #{title}\n"
Modified: hiki/trunk/misc/plugin/edit_user.rb
===================================================================
--- hiki/trunk/misc/plugin/edit_user.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/edit_user.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -6,8 +6,8 @@
@conf['user.auth'] =****@cgi*****['user.auth'][0].to_i
user_list = {}
(@conf['user.list'] ||= []).sort.each do |name, pass|
- unles****@cgi*****["#{CGI.escape(name)}_remove"][0]
- password =****@cgi*****["#{CGI.escape(name)}_pass"][0]
+ unles****@cgi*****["#{escape(name)}_remove"][0]
+ password =****@cgi*****["#{escape(name)}_pass"][0]
unless password.empty?
user_list[name] = crypt_password(password)
else
@@ -39,7 +39,7 @@
<tr>
<td>#{label_edit_user_delete}</td><td>#{label_edit_user_name}</td><td>#{label_edit_user_new_password}</td>
</tr>
- #{(@conf['user.list'] || {}).sort.collect { |i, j| "<tr><td><input type=\"checkbox\" name=\"#{CGI.escape(i)}_remove\"></td><td>#{i}</td><td><input type=\"text\" name=\"#{CGI.escape(i)}_pass\" value=\"\"></td></tr>" }.join("\n")}
+ #{(@conf['user.list'] || {}).sort.collect { |i, j| "<tr><td><input type=\"checkbox\" name=\"#{escape(i)}_remove\"></td><td>#{i}</td><td><input type=\"text\" name=\"#{escape(i)}_pass\" value=\"\"></td></tr>" }.join("\n")}
</table>
</p>
<h3 class="subtitle">#{label_edit_user_add_title}</h3>
Modified: hiki/trunk/misc/plugin/footnote.rb
===================================================================
--- hiki/trunk/misc/plugin/footnote.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/footnote.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -48,7 +48,7 @@
tmp =****@conf*****_plugin
@conf.use_plugin = false
parser =****@conf*****::new( @conf )
- tokens = parser.parse( text.unescapeHTML )
+ tokens = parser.parse(unescape_html(text) )
formatter =****@conf*****::new( tokens, @db, self, @conf )
@conf.use_plugin = tmp
formatter.to_s.gsub(/\A<p>/,'').gsub(/<\/p>\Z/,'').gsub(/<p>/, '<p class="footnote">')
Modified: hiki/trunk/misc/plugin/google-sitemaps.rb
===================================================================
--- hiki/trunk/misc/plugin/google-sitemaps.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/google-sitemaps.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -15,7 +15,7 @@
end
sitemaps << <<_E
<url>
- <loc>#{@conf.index_url}?#{name.escape}</loc>
+ <loc>#{@conf.index_url}?#{escape(name)}</loc>
<lastmod>#{lastmod.utc.strftime('%Y-%m-%dT%H:%M:%S+00:00')}</lastmod>
</url>
_E
Modified: hiki/trunk/misc/plugin/highlight.rb
===================================================================
--- hiki/trunk/misc/plugin/highlight.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/highlight.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -1,3 +1,4 @@
+# -*- coding: euc-jp -*-
# highlight.rb $Revision: 1.3 $
#
# ジャンプ先のエレメントをハイライトする。通称「謎JavaScript。最終形態」
@@ -19,8 +20,8 @@
<<-SCRIPT
<script type="text/javascript"><!--
var highlightStyle = new Object();
- highlightStyle.color = "#{CGI::escapeHTML(@options['highlight.color'])}";
- highlightStyle.backgroundColor = "#{CGI::escapeHTML(@options['highlight.background'])}";
+ highlightStyle.color = "#{h(@options['highlight.color'])}";
+ highlightStyle.backgroundColor = "#{h(@options['highlight.background'])}";
var highlightElem = null;
var saveStyle = null;
Modified: hiki/trunk/misc/plugin/history.rb
===================================================================
--- hiki/trunk/misc/plugin/history.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/history.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -127,7 +127,7 @@
title << (rev_title2 || (rev2 and rev2[0]) || nil)
title = title.compact
title.reverse! unless rev2.nil?
- title = title.join("<=>").escapeHTML
+ title = h(title.join("<=>"))
do_link = (link and rev1)
@@ -135,7 +135,7 @@
if do_link
rev_param = "r=#{rev1[0]}"
rev_param << ";r2=#{rev2[0]}" if rev2
- rv << %Q[<a href="#{@conf.cgi_name}#{cmdstr('plugin', "plugin=history_diff;p=#{@p.escape};#{rev_param}")}" title="#{title}">]
+ rv << %Q[<a href="#{@conf.cgi_name}#{cmdstr('plugin', "plugin=history_diff;p=#{escape(@p)};#{rev_param}")}" title="#{title}">]
end
rv << title
if do_link
@@ -154,40 +154,40 @@
# construct output sources
prevdiff = 1
sources = ''
- sources << @plugin.hiki_anchor(@p.escape, @plugin.page_name(@p))
+ sources << @plugin.hiki_anchor(escape(@p), @plugin.page_name(@p))
sources << "\n<br>\n"
sources << "\n<table border=\"1\">\n"
if****@conf*****['history.hidelog']
case history_repos_type
when 'cvs'
- sources << " <tr><th>#{history_th_label[0].escapeHTML}</th><th>#{history_th_label[1].escapeHTML}</th><th>#{history_th_label[2].escapeHTML}</th><th>#{history_th_label[3].escapeHTML}</th></tr>\n"
+ sources << " <tr><th>#{h(history_th_label[0])}</th><th>#{h(history_th_label[1])}</th><th>#{h(history_th_label[2])}</th><th>#{h(history_th_label[3])}</th></tr>\n"
else
- sources << " <tr><th>#{history_th_label[0].escapeHTML}</th><th>#{history_th_label[1].escapeHTML}</th><th>#{history_th_label[3].escapeHTML}</th></tr>\n"
+ sources << " <tr><th>#{h(history_th_label[0])}</th><th>#{h(history_th_label[1])}</th><th>#{h(history_th_label[3])}</th></tr>\n"
end
else
case history_repos_type
when 'cvs'
- sources << " <tr><th rowspan=\"2\">#{history_th_label[0].escapeHTML}</th><th>#{history_th_label[1].escapeHTML}</th><th>#{history_th_label[2].escapeHTML}</th><th>#{history_th_label[3].escapeHTML}</th></tr><tr><th colspan=\"3\">#{history_th_label[4].escapeHTML}</th></tr>\n"
+ sources << " <tr><th rowspan=\"2\">#{h(history_th_label[0])}</th><th>#{h(history_th_label[1])}</th><th>#{h(history_th_label[2])}</th><th>#{h(history_th_label[3])}</th></tr><tr><th colspan=\"3\">#{h(history_th_label[4])}</th></tr>\n"
else
- sources << " <tr><th rowspan=\"2\">#{history_th_label[0].escapeHTML}</th><th>#{history_th_label[1].escapeHTML}</th><th>#{history_th_label[3].escapeHTML}</th></tr><tr><th colspan=\"2\">#{history_th_label[4].escapeHTML}</th></tr>\n"
+ sources << " <tr><th rowspan=\"2\">#{h(history_th_label[0])}</th><th>#{h(history_th_label[1])}</th><th>#{h(history_th_label[3])}</th></tr><tr><th colspan=\"2\">#{h(history_th_label[4])}</th></tr>\n"
end
end
revs.each do |rev,time,changes,log|
# time << " GMT"
- op = "[<a href=\"#{@conf.cgi_name}#{cmdstr('plugin', "plugin=history_src;p=#{@p.escape};r=#{rev}")}\">View</a> this version] "
+ op = "[<a href=\"#{@conf.cgi_name}#{cmdstr('plugin', "plugin=history_src;p=#{escape(@p)};r=#{rev}")}\">View</a> this version] "
if revs.size != 1
op << "[Diff to "
- op << "<a href=\"#{@conf.cgi_name}#{cmdstr('plugin', "plugin=history_diff;p=#{@p.escape};r=#{rev}")}\">current</a>" unless prevdiff == 1
+ op << "<a href=\"#{@conf.cgi_name}#{cmdstr('plugin', "plugin=history_diff;p=#{escape(@p)};r=#{rev}")}\">current</a>" unless prevdiff == 1
op << " | " unless (prevdiff == 1 || prevdiff >= revs.size)
- op << "<a href=\"#{@conf.cgi_name}#{cmdstr('plugin', "plugin=history_diff;p=#{@p.escape};r=#{rev};r2=#{revs[prevdiff][0]}")}\">previous</a>" unless prevdiff >= revs.size
+ op << "<a href=\"#{@conf.cgi_name}#{cmdstr('plugin', "plugin=history_diff;p=#{escape(@p)};r=#{rev};r2=#{revs[prevdiff][0]}")}\">previous</a>" unless prevdiff >= revs.size
op << "]"
end
if****@conf*****['history.hidelog']
case history_repos_type
when 'cvs'
- sources << " <tr><td>#{rev}</td><td>#{time.escapeHTML}</td><td>#{changes.escapeHTML}</td><td align=right>#{op}</td></tr>\n"
+ sources << " <tr><td>#{rev}</td><td>#{h(time)}</td><td>#{h(changes)}</td><td align=right>#{op}</td></tr>\n"
else
- sources << " <tr><td>#{rev}</td><td>#{time.escapeHTML}</td><td align=right>#{op}</td></tr>\n"
+ sources << " <tr><td>#{rev}</td><td>#{h(time)}</td><td align=right>#{op}</td></tr>\n"
end
else
log.gsub!(/=============================================================================/, '')
@@ -195,9 +195,9 @@
log = "*** no log message ***" if log.empty?
case history_repos_type
when 'cvs'
- sources << " <tr><td rowspan=\"2\">#{rev}</td><td>#{time.escapeHTML}</td><td>#{changes.escapeHTML}</td><td align=right>#{op}</td></tr><tr><td colspan=\"3\">#{log.escapeHTML}</td></tr>\n"
+ sources << " <tr><td rowspan=\"2\">#{rev}</td><td>#{h(time)}</td><td>#{h(changes)}</td><td align=right>#{op}</td></tr><tr><td colspan=\"3\">#{h(log)}</td></tr>\n"
else
- sources << " <tr><td rowspan=\"2\">#{rev}</td><td>#{time.escapeHTML}</td><td align=right>#{op}</td></tr><tr><td colspan=\"2\">#{log.escapeHTML}</td></tr>\n"
+ sources << " <tr><td rowspan=\"2\">#{rev}</td><td>#{h(time)}</td><td align=right>#{op}</td></tr><tr><td colspan=\"2\">#{h(log)}</td></tr>\n"
end
end
prevdiff += 1
@@ -217,14 +217,14 @@
# construct output sources
sources = ''
sources << "<div class=\"section\">\n"
- sources << @plugin.hiki_anchor(@p.escape, @plugin.page_name(@p))
+ sources << @plugin.hiki_anchor(escape(@p), @plugin.page_name(@p))
sources << "\n<br>\n"
- sources << "<a href=\"#{@conf.cgi_name}#{cmdstr('edit', "p=#{@p.escape};r=#{r.escapeHTML}")}\">#{history_revert_label.escapeHTML}</a><br>\n"
- sources << "<a href=\"#{@conf.cgi_name}#{cmdstr('plugin', "plugin=history_diff;p=#{@p.escape};r=#{r.escapeHTML}")}\">#{history_diffto_current_label.escapeHTML}</a><br>\n"
- sources << "<a href=\"#{@conf.cgi_name}#{cmdstr('history', "p=#{@p.escape}")}\">#{history_backto_summary_label.escapeHTML}</a><br>\n"
+ sources << "<a href=\"#{@conf.cgi_name}#{cmdstr('edit', "p=#{escape(@p)};r=#{h(r)}")}\">#{h(history_revert_label)}</a><br>\n"
+ sources << "<a href=\"#{@conf.cgi_name}#{cmdstr('plugin', "plugin=history_diff;p=#{escape(@p)};r=#{h(r)}")}\">#{h(history_diffto_current_label)}</a><br>\n"
+ sources << "<a href=\"#{@conf.cgi_name}#{cmdstr('history', "p=#{escape(@p)}")}\">#{h(history_backto_summary_label)}</a><br>\n"
sources << "</div>\n"
sources << "<div class=\"diff\">\n"
- sources << txt.escapeHTML.gsub(/\n/, "<br>\n").gsub(/ /, ' ')
+ sources << h(txt).gsub(/\n/, "<br>\n").gsub(/ /, ' ')
sources << "</div>\n"
history_output(sources)
@@ -254,10 +254,10 @@
# construct output sources
sources = ''
sources << "<div class=\"section\">\n"
- sources << @plugin.hiki_anchor(@p.escape, @plugin.page_name(@p))
+ sources << @plugin.hiki_anchor(escape(@p), @plugin.page_name(@p))
sources << "<br>\n"
- sources << "<a href=\"#{@conf.cgi_name}#{cmdstr('plugin', "plugin=history_src;p=#{@p.escape};r=#{curr_rev[0]}")}\">#{history_view_this_version_src_label.escapeHTML}</a><br>\n" if curr_rev
- sources << "<a href=\"#{@conf.cgi_name}#{cmdstr('history', "p=#{@p.escape}")}\">#{history_backto_summary_label.escapeHTML}</a><br>\n"
+ sources << "<a href=\"#{@conf.cgi_name}#{cmdstr('plugin', "plugin=history_src;p=#{escape(@p)};r=#{curr_rev[0]}")}\">#{h(history_view_this_version_src_label)}</a><br>\n" if curr_rev
+ sources << "<a href=\"#{@conf.cgi_name}#{cmdstr('history', "p=#{escape(@p)}")}\">#{h(history_backto_summary_label)}</a><br>\n"
sources << "\n"
if prev_rev
Modified: hiki/trunk/misc/plugin/incremental_search.rb
===================================================================
--- hiki/trunk/misc/plugin/incremental_search.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/incremental_search.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -81,9 +81,9 @@
unless word.empty? then
total, l =****@db*****( word )
if****@conf*****_keys
- l.collect! {|p| @plugin.make_anchor("#{@conf.cgi_name}?cmd=view&p=#{p[0].escape}&key=#{word.split.join('+').escape}", @plugin.page_name(p[0])) + " - #{p[1]}"}
+ l.collect! {|p| @plugin.make_anchor("#{@conf.cgi_name}?cmd=view&p=#{escape(p[0])}&key=#{escape(word.split.join('+'))}", @plugin.page_name(p[0])) + " - #{p[1]}"}
else
- l.collect! {|p| @plugin.hiki_anchor( p[0].escape, @plugin.page_name(p[0])) + " - #{p[1]}"}
+ l.collect! {|p| @plugin.hiki_anchor(escape(p[0]), @plugin.page_name(p[0])) + " - #{p[1]}"}
end
if l.size > 0 then
r = "<ul>\n" + l.map{|i| "<li>#{i}</li>\n"}.join + "</ul>\n"
Modified: hiki/trunk/misc/plugin/isbn.rb
===================================================================
--- hiki/trunk/misc/plugin/isbn.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/isbn.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -1,3 +1,4 @@
+# -*- coding: euc-jp -*-
# $Id: isbn.rb,v 1.3 2005-06-27 13:42:37 fdiary Exp $
# converts from sns isbn.pl
# Copyright (C) 2003 NAKAMURA Noritsugu <nnaka****@mxq*****>
@@ -10,7 +11,7 @@
if bookname == ""
buf = ""
else
- buf = "#{bookname.escapeHTML}"
+ buf = "#{h(bookname)}"
end
aid = @options['amazon.aid'] ? "/#{@options['amazon.aid']}" : ""
Modified: hiki/trunk/misc/plugin/its.rb
===================================================================
--- hiki/trunk/misc/plugin/its.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/its.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -24,14 +24,14 @@
<select name="priority">
EOS
its_priority_candidates.each do |i|
- result << %Q| <option#{i == 'Normal' ? ' selected' : ''}>#{i.escapeHTML}</option>|
+ result << %Q| <option#{i == 'Normal' ? ' selected' : ''}>#{h(i)}</option>|
end
result << <<EOS
</select><br>
Version:
<input type="text" name="version" value="" size="6"><br>
Reporter:
- <input type="text" name="reporter" value="#{name.escapeHTML}" size="10"><br>
+ <input type="text" name="reporter" value="#{h(name)}" size="10"><br>
Description:
<textarea name="description" cols="60" rows="10"></textarea><br>
<input type="hidden" name="session_id" value="#{@session_id}">
@@ -52,7 +52,7 @@
<form action="#{@conf.cgi_name}" method="post">
<div>
Name:
- <input type="text" name="name" value="#{name.escapeHTML}" size="10"><br>
+ <input type="text" name="name" value="#{h(name)}" size="10"><br>
Comment:<br>
<textarea name="comment" cols="60" rows="8"></textarea>
</div>
@@ -65,7 +65,7 @@
<select name="priority">
EOS
its_priority_candidates.each do |i|
- result << %Q| <option#{i == ticket[:priority] ? ' selected' : ''}>#{i.escapeHTML}</option>|
+ result << %Q| <option#{i == ticket[:priority] ? ' selected' : ''}>#{h(i)}</option>|
end
result << <<EOS
</select><br>
@@ -73,7 +73,7 @@
<select name="status">
EOS
its_status_candidates.each do |i|
- result << %Q| <option#{i == ticket[:status] ? ' selected' : ''}>#{i.escapeHTML}</option>|
+ result << %Q| <option#{i == ticket[:status] ? ' selected' : ''}>#{h(i)}</option>|
end
result << <<EOS
</select><br>
@@ -112,7 +112,7 @@
<tr><th>No.</th><th>Summary</th><th>Version</th><th>Milestone</th><th>Priority</th><th>Reporter</th><th>Created</th></tr>
EOS
(num ? tickets[0...num.to_i] : tickets).each do |i|
- ret << %Q| <tr><td>#{hiki_anchor("Ticket-#{i[:num]}", i[:num])}</td><td>#{hiki_anchor("Ticket-#{i[:num]}", i[:summary].escapeHTML)}</td><td>#{i[:version].escapeHTML}</td><td>#{i[:milestone].escapeHTML}</td><td>#{i[:priority].escapeHTML}</td><td>#{i[:reporter].escapeHTML}</td><td>#{i[:created].escapeHTML}</td></tr>\n|
+ ret << %Q| <tr><td>#{hiki_anchor("Ticket-#{i[:num]}", i[:num])}</td><td>#{hiki_anchor("Ticket-#{i[:num]}", h(i[:summary]))}</td><td>#{h(i[:version])}</td><td>#{h(i[:milestone])}</td><td>#{h(i[:priority])}</td><td>#{h(i[:reporter])}</td><td>#{h(i[:created])}</td></tr>\n|
end
ret << " </table>\n"
ret
Modified: hiki/trunk/misc/plugin/keyword.rb
===================================================================
--- hiki/trunk/misc/plugin/keyword.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/keyword.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -18,7 +18,7 @@
p.each do |a|
name = a[0]
tm = a[1][:last_modified]
- s << "<li>#{format_date( tm )}: #{hiki_anchor(name.escape, page_name(name))}</li>\n"
+ s << "<li>#{format_date( tm )}: #{hiki_anchor(escape(name), page_name(name))}</li>\n"
end
s << "</ul>\n"
end
@@ -26,7 +26,7 @@
end
def keywords(*keyword)
- keyword.collect! {|a| a.unescapeHTML}
+ keyword.collect! {|a| unescape_html(a) }
key = Hash::new
@db.page_info.each do |info|
Modified: hiki/trunk/misc/plugin/math.rb
===================================================================
--- hiki/trunk/misc/plugin/math.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/math.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -2,7 +2,7 @@
params =****@cgi*****
page = (params['p'][0] || '')
file_name = (params['file_name'][0] || '')
- image_file = "#{@cache_path}/math_latex/#{page.escape}/#{file_name.escape}"
+ image_file = "#{@cache_path}/math_latex/#{escape(page)}/#{escape(file_name)}"
mime_type = "image/png"
header = Hash::new
@@ -85,7 +85,7 @@
<h3 class="subtitle">#{label_math_latex_documentclass}</h3>
<p><input type="text" name="math.latex.documentclass" value="#{@conf['math.latex.documentclass']}" size="20"></p>
<h3 class="subtitle">#{label_math_latex_preamble}</h3>
- <p><textarea name="math.latex.preamble" cols="60" rows="8">#{CGI::escapeHTML( @conf['math.latex.preamble'])}</textarea></p>
+ <p><textarea name="math.latex.preamble" cols="60" rows="8">#{h(@conf['math.latex.preamble'])}</textarea></p>
<h3 class="subtitle">#{label_math_latex_log}</h3>
<p><input type="checkbox" name="math.latex.log" value="true"#{@conf['math.latex.log'] ? ' checked="checked"' : ""}>#{label_math_latex_log_description}</p>
<h3 class="subtitle">#{label_math_latex_cache_clear}</h3>
@@ -98,11 +98,11 @@
unless @conf['math.latex.secure'] then
str += <<-HTML
<h3 class="subtitle">#{label_math_latex_latex}</h3>
- <p><input type="text" name="math.latex.latex" value="#{CGI::escapeHTML(@conf['math.latex.latex'])}"></p>
+ <p><input type="text" name="math.latex.latex" value="#{h(@conf['math.latex.latex'])}"></p>
<h3 class="subtitle">#{label_math_latex_dvips}</h3>
- <p><input type="text" name="math.latex.dvips" value="#{CGI::escapeHTML(@conf['math.latex.dvips'])}"></p>
+ <p><input type="text" name="math.latex.dvips" value="#{h(@conf['math.latex.dvips'])}"></p>
<h3 class="subtitle">#{label_math_latex_convert}</h3>
- <p><input type="text" name="math.latex.convert" value="#{CGI::escapeHTML(@conf['math.latex.convert'])}"></p>
+ <p><input type="text" name="math.latex.convert" value="#{h(@conf['math.latex.convert'])}"></p>
HTML
end
str
Modified: hiki/trunk/misc/plugin/note.rb
===================================================================
--- hiki/trunk/misc/plugin/note.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/note.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -10,15 +10,15 @@
add_menu_proc do
if /\A#{Regexp.escape(note_prefix)}/ =~ @page then
- hiki_anchor( CGI::escape( $' ), CGI::escapeHTML( label_note_orig ) )
+ hiki_anchor(escape( $' ), h(label_note_orig) )
else
page = note_prefix + @page
text =****@db*****( page )
if text.nil? || text.empty?
@conf['note.template'] ||= label_note_template_default
- %Q|<a href="#{@conf.cgi_name}?c=create;key=#{CGI::escape( page )};text=#{CGI::escape( @conf['note.template'] )}">#{CGI::escapeHTML( label_note_link )}</a>|
+ %Q|<a href="#{@conf.cgi_name}?c=create;key=#{escape(page)};text=#{escape(@conf['note.template'])}">#{h(label_note_link)}</a>|
else
- hiki_anchor( CGI::escape( page ), CGI::escapeHTML( label_note_link ) )
+ hiki_anchor(escape(page), h(label_note_link))
end
end
end if @page and auth?
@@ -34,7 +34,7 @@
@conf['note.template'] ||= label_note_template_default
str = <<-HTML
<h3 class="subtitle">#{label_note_template}</h3>
- <p><textarea name="note.template" cols="60" rows="8">#{CGI::escapeHTML( @conf['note.template'] )}</textarea></p>
+ <p><textarea name="note.template" cols="60" rows="8">#{h(@conf['note.template'])}</textarea></p>
HTML
str
end
Modified: hiki/trunk/misc/plugin/orphan.rb
===================================================================
--- hiki/trunk/misc/plugin/orphan.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/orphan.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -4,14 +4,14 @@
def orphan_pages
pages =****@db*****{|p| @db.get_references(p).empty?}
pages.collect!{|p| [p, page_name(p)]}
- pages.sort_by{|i| i[1].unescapeHTML}
+ pages.sort_by{|i| unescape_html(i[1]) }
end
def orphan
s = '<ul>'
orphan_pages.each do |p, page_name|
- s << %Q!<li>#{hiki_anchor(p.escape, page_name)}</li>\n!
+ s << %Q!<li>#{hiki_anchor(escape(p), page_name)}</li>\n!
end
s << "</ul>\n"
Modified: hiki/trunk/misc/plugin/pagerank.rb
===================================================================
--- hiki/trunk/misc/plugin/pagerank.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/pagerank.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -343,11 +343,11 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=EUC-JP" />
<meta http-equiv="Content-Language" content="ja" />
- <title id=title>#{title.escapeHTML}</title>
- <link rel="stylesheet" type="text/css" href="#{stylesheet.escapeHTML}" />
+ <title id=title>#{h(title)}</title>
+ <link rel="stylesheet" type="text/css" href="#{h(stylesheet)}" />
</head>
<body>
-<h1>#{title.escapeHTML}</h1>
+<h1>#{h(title)}</h1>
<div align="#{align}">
#{pagerank()}
</div>
@@ -395,11 +395,11 @@
no[i] = i + 1
no[i] = no[i - 1] if i > 0 and pagerank[i] == pagerank[i - 1]
page = page_names[i]
- page = hiki_anchor(page.escape, page_name(page))
+ page = hiki_anchor(escape(page), page_name(page))
rank = sprintf(rankformat, pagerank[i])
if showfrom
linked_names =****@db*****_references(page_names[i]).collect do |linked_name|
- hiki_anchor(linked_name.escape, page_name(linked_name))
+ hiki_anchor(escape(linked_name), page_name(linked_name))
end
linked = linked_names.join(", ")
source += %{<tr><td style="text-align: right">#{no[i].to_s}</td><td>#{page}</td><td style="text-align: right">#{rank}</td><td>#{linked}</td></tr>}
Modified: hiki/trunk/misc/plugin/rank.rb
===================================================================
--- hiki/trunk/misc/plugin/rank.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/rank.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -17,7 +17,7 @@
p = a[name]
t = "#{page_name(name)} (#{p[:count]})"
- an = hiki_anchor( name.escape, t )
+ an = hiki_anchor(escape(name), t)
s << "<li>#{an}\n"
c = c + 1
end
Modified: hiki/trunk/misc/plugin/readlirs.rb
===================================================================
--- hiki/trunk/misc/plugin/readlirs.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/readlirs.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -17,13 +17,13 @@
data = line.split(/,/)
case style
when 1
- an = "#{Time.at(data[1].to_i).strftime(tf)} <a href=\"#{CGI::escapeHTML(data[5])}\" title=\"#{CGI::escapeHTML(data[6])}\">#{CGI::escapeHTML(data[6])}</a> #{CGI::escapeHTML(data[7])}" if style
+ an = "#{Time.at(data[1].to_i).strftime(tf)} <a href=\"#{h(data[5])}\" title=\"#{h(data[6])}\">#{h(data[6])}</a> #{h(data[7])}" if style
when 2
- an = "#{Time.at(data[1].to_i).strftime(tf)}<br><a href=\"#{CGI::escapeHTML(data[5])}\" title=\"#{CGI::escapeHTML(data[6])}\">#{CGI::escapeHTML(data[6])}</a>"
+ an = "#{Time.at(data[1].to_i).strftime(tf)}<br><a href=\"#{h(data[5])}\" title=\"#{h(data[6])}\">#{h(data[6])}</a>"
when 3
- an = "<a href=\"#{CGI::escapeHTML(data[5])}\" title=\"#{Time.at(data[1].to_i).strftime(tf)} - #{CGI::escapeHTML(data[7])}\">#{CGI::escapeHTML(data[6])}</a>"
+ an = "<a href=\"#{h(data[5])}\" title=\"#{Time.at(data[1].to_i).strftime(tf)} - #{h(data[7])}\">#{h(data[6])}</a>"
else
- an = "#{Time.at(data[1].to_i).strftime(tf)} <a href=\"#{CGI::escapeHTML(data[5])}\" title=\"#{CGI::escapeHTML(data[6])}\">#{CGI::escapeHTML(data[6])}</a> #{CGI::escapeHTML(data[7])}" if style
+ an = "#{Time.at(data[1].to_i).strftime(tf)} <a href=\"#{h(data[5])}\" title=\"#{h(data[6])}\">#{h(data[6])}</a> #{h(data[7])}" if style
end
s << "<li>#{an}</li>\n"
c = c + 1
@@ -38,7 +38,7 @@
def readlirs_get(url, cache_time)
if /^(https?:\/\/)(.+?)(\/.*)/ =~ url
Dir.mkdir("#{@cache_path}/readlirs") unless File.exist?("#{@cache_path}/readlirs")
- cache_file = "#{@cache_path}/readlirs/#{CGI::escape(url)}".untaint
+ cache_file = "#{@cache_path}/readlirs/#{escape(url)}".untaint
begin
readlirs_recent_cache(url, cache_file, cache_time)
raise unless File.readable?(cache_file)
Modified: hiki/trunk/misc/plugin/recent2.rb
===================================================================
--- hiki/trunk/misc/plugin/recent2.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/recent2.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -30,7 +30,7 @@
cur_date = tm.strftime( @conf.msg_date_format )
t = page_name(name)
- an = hiki_anchor(name.escape, t)
+ an = hiki_anchor(escape(name), t)
s << "<li title=\"#{cur_date}\">#{an} <span class=\"recent2\">(#{ps})</span>\n"
end
s << "</ul>\n"
Modified: hiki/trunk/misc/plugin/referer.rb
===================================================================
--- hiki/trunk/misc/plugin/referer.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/referer.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -37,8 +37,8 @@
referers(db).each_with_index do |ref, i|
break if i == @options['referer_limit']
- disp = replace_url(ref[0].unescape).escapeHTML
- s << make_anchor("#{ref[0].escapeHTML}", " #{ref[1]}").gsub(/<a\s+([^>]+)>/i) { %Q!<a #{$1} title="#{disp}">! }
+ disp = h(replace_url(unescape(ref[0])))
+ s << make_anchor("#{h(ref[0])}", " #{ref[1]}").gsub(/<a\s+([^>]+)>/i) { %Q!<a #{$1} title="#{disp}">! }
s << ' |'
end
@@ -50,8 +50,8 @@
referers(db).each_with_index do |ref, i|
break if i == @options['referer_limit']
- disp = replace_url(ref[0].unescape).escapeHTML
- s << %!<li>#{ref[1]} ! + make_anchor("#{ref[0].escapeHTML}", "#{disp}") + "</li>"
+ disp = h(replace_url(unescape(ref[0])))
+ s << %!<li>#{ref[1]} ! + make_anchor("#{h(ref[0])}", "#{disp}") + "</li>"
end
s << '</ul></div>'
@@ -68,17 +68,17 @@
s << "<ul>\n"
- Dir.entries(path).sort {|a, b| a.unescape <=> b.unescape}.each do |f|
+ Dir.entries(path).sort {|a, b| unescape(a) <=> unescape(b) }.each do |f|
next if /(?:^\.)|(?:~$)/ =~ f
- next unles****@db*****?(f.untaint.unescape)
+ next unles****@db*****?(unescape(f.untaint))
db = PTStore::new("#{path}/#{f}")
p = File.basename(f)
- s << "<li>#{hiki_anchor(p, page_name(p.unescape))}</li>\n"
+ s << "<li>#{hiki_anchor(p, page_name(unescape(p)))}</li>\n"
s << "<ul>\n"
referers(db).each_with_index do |ref, i|
break if i == @options['referer_limit']
- disp = replace_url(ref[0].unescape).escapeHTML
- s << %!<li>#{ref[1]} ! + make_anchor("#{ref[0].escapeHTML}", "#{disp}")+"</li>"
+ disp = h(replace_url(unescape(ref[0])))
+ s << %!<li>#{ref[1]} ! + make_anchor("#{h(ref[0])}", "#{disp}")+"</li>"
end
db.close_cache
s << "</ul>\n"
@@ -104,7 +104,7 @@
begin
Dir.mkdir(referer_path) unless File.exist?(referer_path)
- file_name = "#{referer_path}/#{@page.escape.to_euc}"
+ file_name = "#{referer_path}/#{escape(@page).to_euc}"
db = PTStore::new(file_name)
add_referer(db)
Modified: hiki/trunk/misc/plugin/rss-show.rb
===================================================================
--- hiki/trunk/misc/plugin/rss-show.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/rss-show.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -15,7 +15,7 @@
def rss_get(url, cache_time)
Dir.mkdir("#{@cache_path}/rss-show") unless File.exist?("#{@cache_path}/rss-show")
- cache_file = "#{@cache_path}/rss-show/#{url.escape}".untaint
+ cache_file = "#{@cache_path}/rss-show/#{escape(url)}".untaint
begin
rss_recent_cache(url, cache_file, cache_time)
@@ -62,7 +62,7 @@
items.each do |i|
page = utf8_to_euc( i.title )
url = utf8_to_euc( i.link )
- html << "<li>#{make_anchor(url.escapeHTML, page.unescapeHTML.escapeHTML)}</li>\n"
+ html << "<li>#{make_anchor(h(url), h(unescape_html(page)))}</li>\n"
end
html << "</ul>\n"
end
Modified: hiki/trunk/misc/plugin/rss.rb
===================================================================
--- hiki/trunk/misc/plugin/rss.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/rss.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -18,11 +18,11 @@
<?xml version="1.0" encoding="#{@conf.charset}" standalone="yes"?>
<rdf:RDF xmlns="http://purl.org/rss/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xml:lang="ja-JP">
<channel rdf:about="#{@conf.index_url}?c=rss">
- <title>#{CGI::escapeHTML(@conf.site_name)} : #{label_rss_recent}</title>
+ <title>#{h(@conf.site_name)} : #{label_rss_recent}</title>
<link>#{@conf.index_url}?c=recent</link>
- <description>#{CGI::escapeHTML(@conf.site_name)} #{label_rss_recent}</description>
+ <description>#{h(@conf.site_name)} #{label_rss_recent}</description>
<dc:language>ja</dc:language>
- <dc:rights>Copyright (C) #{CGI::escapeHTML(@conf.author_name)}</dc:rights>
+ <dc:rights>Copyright (C) #{h(@conf.author_name)}</dc:rights>
<dc:date>#{last_modified.utc.strftime('%Y-%m-%dT%H:%M:%S+00:00')}</dc:date>
<items>
<rdf:Seq>
@@ -60,12 +60,12 @@
items << ' '
- uri = "#{@conf.index_url}?#{name.escape}"
+ uri = "#{@conf.index_url}?#{escape(name)}"
items << %Q!<rdf:li rdf:resource="#{uri}"/>\n!
item_list << <<EOS
<item rdf:about="#{uri}">
- <title>#{CGI::escapeHTML(page_name(name))}</title>
+ <title>#{h(page_name(name))}</title>
<link>#{uri}</link>
<dc:date>#{p[name][:last_modified].utc.strftime('%Y-%m-%dT%H:%M:%S+00:00')}</dc:date>
EOS
Modified: hiki/trunk/misc/plugin/sitemap.rb
===================================================================
--- hiki/trunk/misc/plugin/sitemap.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/sitemap.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -17,7 +17,7 @@
return if @map_path.index(page) or !info
@map_path.push page
- @map_str << "<li>#{hiki_anchor(page.escape, "#{page_name(page)}")}</li>\n"
+ @map_str << "<li>#{hiki_anchor(escape(page), "#{page_name(page)}")}</li>\n"
unless @map_traversed.index(page)
referer = info[:references].sort
Modified: hiki/trunk/misc/plugin/src.rb
===================================================================
--- hiki/trunk/misc/plugin/src.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/src.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -10,13 +10,13 @@
<head>
<meta http-equiv="Content-Language" content="#{@conf.lang}">
<meta http-equiv="Content-Type" content="text/html; charset= #{@conf.charset}">
- <title>#{CGI::escapeHTML(page_name(@page))}</title>
+ <title>#{h(page_name(@page))}</title>
</head>
<body>
<div>
EOS
page =****@db*****( @page )
- sources << (page ? page.escapeHTML.gsub(/\n/, "<br>\n").gsub(/ /, ' ') : 'load error.')
+ sources << (page ? h(page).gsub(/\n/, "<br>\n").gsub(/ /, ' ') : 'load error.')
sources << <<EOS
</div>
</body>
Modified: hiki/trunk/misc/plugin/template.rb
===================================================================
--- hiki/trunk/misc/plugin/template.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/template.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -18,14 +18,14 @@
s = <<EOS
<div>
#{template_label}:
- <input type="hidden" name="p" value="#{@page.escapeHTML}">
+ <input type="hidden" name="p" value="#{h(@page)}">
<input type="hidden" name="plugin" value="load_template">
<select name="template">
EOS
pages.each do |p|
- p = p.unescape.escapeHTML
- s << %Q!<option value="#{p}"#{'selected' if @options['template.default'] == p.unescapeHTML}>#{p}</option>!
+ p = h(unescape(p))
+ s << %Q!<option value="#{p}"#{'selected' if @options['template.default'] == unescape_html(p)}>#{p}</option>!
end
s << <<EOS
</select>
@@ -84,7 +84,7 @@
<p><select name="template.default">
HTML
pages.each do |p|
- str << %Q|<option value="#{CGI::escapeHTML(p)}"#{@conf['template.default'] == p ? ' selected' : ''}>#{CGI::escapeHTML(p)}</option>\n|
+ str << %Q|<option value="#{h(p)}"#{@conf['template.default'] == p ? ' selected' : ''}>#{h(p)}</option>\n|
end
end
Modified: hiki/trunk/misc/plugin/todo.rb
===================================================================
--- hiki/trunk/misc/plugin/todo.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/todo.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -6,7 +6,7 @@
todo_list = []
- n =****@db*****(p.unescapeHTML) || ''
+ n =****@db*****(unescape_html(p)) || ''
n.scan(todo_re) do |i|
todo_list << {:priority => $1.to_i, :todo => $2}
end
@@ -17,7 +17,7 @@
c = 0
todo_list.each do |t|
break if (c += 1) > num
- s << "#{'%02d' % t[:priority]} #{t[:todo].escapeHTML}<br>\n"
+ s << "#{'%02d' % t[:priority]} #{h(t[:todo])}<br>\n"
end
s
end
Modified: hiki/trunk/misc/plugin/trackback.rb
===================================================================
--- hiki/trunk/misc/plugin/trackback.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/misc/plugin/trackback.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -3,7 +3,7 @@
def trackback
<<-EOF
-<div class="caption">TrackBack URL: <a href="#{File.basename(ENV['SCRIPT_FILENAME'])}/tb/#{@page.escape}">#{@conf.base_url}#{File.basename(ENV['SCRIPT_FILENAME'])}/tb/#{@page.escape}</a></div>
+<div class="caption">TrackBack URL: <a href="#{File.basename(ENV['SCRIPT_FILENAME'])}/tb/#{escape(@page)}">#{@conf.base_url}#{File.basename(ENV['SCRIPT_FILENAME'])}/tb/#{escape(@page)}</a></div>
EOF
end
@@ -11,7 +11,7 @@
params =****@cgi*****
url = params['url'][0]
unless 'POST' ==****@cgi*****_method && url
- redirect(@cgi, "#{@conf.index_url}?#{@page.escapeHTML}")
+ redirect(@cgi, "#{@conf.index_url}?#{h(@page)}")
return
end
blog_name = utf8_to_euc( params['blog_name'][0] || '' )
Modified: hiki/trunk/plugin/00default.rb
===================================================================
--- hiki/trunk/plugin/00default.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/plugin/00default.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -6,13 +6,13 @@
#==============================
def anchor( s )
s.sub!(/^\d+$/, '')
- p =****@page*****
+ p = h(escape(@page))
p.gsub!(/%/, '%%')
%Q[#{@conf.cgi_name}?#{p}#{s}]
end
def my( a, str )
- %Q[<a href="#{anchor(a).gsub!(/%%/, '%')}">#{str.escapeHTML}</a>]
+ %Q[<a href="#{anchor(a).gsub!(/%%/, '%')}">#{h(str)}</a>]
end
#==============================
@@ -20,7 +20,7 @@
#==============================
#===== hiki_url
def hiki_url(page)
- "#{@conf.cgi_name}?#{page.escape}"
+ "#{@conf.cgi_name}?#{escape(page)}"
end
#===== hiki_anchor
@@ -44,7 +44,7 @@
#===== page_name
def page_name( page )
pg_title =****@db*****_attribute(page, :title)
- ((pg_title && pg_title.size > 0) ? pg_title : page).escapeHTML
+ h((pg_title && pg_title.size > 0) ? pg_title : page)
end
#===== toc
@@ -96,7 +96,7 @@
ddd = cur_date
end
t = page_name(name)
- an = hiki_anchor(name.escape, t)
+ an = hiki_anchor(escape(name), t)
s << "<li>#{an}</li>\n"
end
s << "</ul>\n"
@@ -112,7 +112,7 @@
add_update_proc {
updating_mail if****@conf*****_on_update
if @user
- @conf.repos.commit(@page, CGI.escape(@user))
+ @conf.repos.commit(@page, escape(@user))
else
@conf.repos.commit(@page)
end
@@ -151,8 +151,8 @@
<meta http-equiv="Content-Style-Type" content="text/css">
<meta name="generator" content="#{@conf.generator}">
<title>#{title}</title>
- <link rel="stylesheet" type="text/css" href="#{base_css_url.escapeHTML}" media="all">
- <link rel="stylesheet" type="text/css" href="#{theme_url.escapeHTML}" media="all">
+ <link rel="stylesheet" type="text/css" href="#{h(base_css_url)}" media="all">
+ <link rel="stylesheet" type="text/css" href="#{h(theme_url)}" media="all">
EOS
s << <<EOS if @command != 'view'
<meta name="ROBOTS" content="NOINDEX,NOFOLLOW">
@@ -177,12 +177,12 @@
elsif defined?(FCGI)
s << ' with <a href="http://raa.ruby-lang.org/project/fcgi/">ruby-fcgi</a>'
end
- s << %Q|.<br>\nFounded by #{@conf.author_name.escapeHTML}.<br>\n|
+ s << %Q|.<br>\nFounded by #{h(@conf.author_name)}.<br>\n|
end
#===== edit_proc
add_edit_proc {
- hiki_anchor(@page.escape, "[#{page_name(@page)}]")
+ hiki_anchor(escape(@page), "[#{page_name(@page)}]")
}
#===== menu
@@ -193,8 +193,8 @@
menu << %Q!<a href="#{@conf.cgi_name}?c=index">#{@conf.msg_index}</a>!
else
menu << %Q!<a href="#{@conf.cgi_name}?c=create" rel="nofollow">#{@conf.msg_create}</a>! if creatable?
- menu << %Q!<a href="#{@conf.cgi_name}?c=edit;p=#{@page.escape}" rel="nofollow">#{@conf.msg_edit}</a>! if @page && editable?
- menu << %Q!<a href="#{@conf.cgi_name}?c=diff;p=#{@page.escape}" rel="nofollow">#{@conf.msg_diff}</a>! if @page && editable?
+ menu << %Q!<a href="#{@conf.cgi_name}?c=edit;p=#{escape(@page)}" rel="nofollow">#{@conf.msg_edit}</a>! if @page && editable?
+ menu << %Q!<a href="#{@conf.cgi_name}?c=diff;p=#{escape(@page)}" rel="nofollow">#{@conf.msg_diff}</a>! if @page && editable?
menu << %Q!#{hiki_anchor( 'FrontPage', page_name('FrontPage') )}!
menu << %Q!<a href="#{@conf.cgi_name}?c=index">#{@conf.msg_index}</a>!
menu << %Q!<a href="#{@conf.cgi_name}?c=search">#{@conf.msg_search}</a>!
@@ -203,14 +203,14 @@
next if c[:option].has_key?('p') && !(@page && editable?)
cmd = %Q!<a href="#{@conf.cgi_name}?c=#{c[:command]}!
c[:option].each do |key, value|
- value =****@page***** if key == 'p'
+ value = escape(@page) if key == 'p'
cmd << %Q!;#{key}=#{value}!
end
cmd << %Q!">#{c[:display_text]}</a>!
menu << cmd
end
menu_proc.each {|i| menu << i}
- menu << %Q!<a href="#{@conf.cgi_name}?c=login#{@page ? ";p=#{@page.escape}" : ""}">#{@conf.msg_login}</a>! unless @user || @conf.password.empty?
+ menu << %Q!<a href="#{@conf.cgi_name}?c=login#{@page ? ";p=#{escape(@page)}" : ""}">#{@conf.msg_login}</a>! unless @user || @conf.password.empty?
menu << %Q!<a href="#{@conf.cgi_name}?c=admin">#{@conf.msg_admin}</a>! if admin?
menu << %Q!<a href="#{@conf.cgi_name}?c=logout">#{@conf.msg_logout}</a>! if @user && !@conf.password.empty?
end
Modified: hiki/trunk/plugin/01sp.rb
===================================================================
--- hiki/trunk/plugin/01sp.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/plugin/01sp.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -60,9 +60,9 @@
def sp_doc_url( file )
case****@conf*****
when 'ja'
- "http://hikiwiki.org/ja/#{CGI.escape( file )}.html"
+ "http://hikiwiki.org/ja/#{escape(file)}.html"
else
- "http://hikiwiki.org/en/#{CGI.escape( file )}.html"
+ "http://hikiwiki.org/en/#{escape(file)}.html"
end
end
@@ -89,8 +89,8 @@
# <li> list of plugins
def sp_li_plugins( paths, with_checkbox, is_checked )
paths.collect { |path| File.basename( path ) }.sort.inject('') do |result, file|
- checkbox = with_checkbox ? %Q!<input name="#{SP_PREFIX}.#{CGI.escapeHTML( file )}" type="checkbox" value="t"#{is_checked ? ' checked' : ''}>! : ''
- result << %Q!<li>#{checkbox}<a href="#{sp_doc_url( file )}">#{CGI.escapeHTML( file )}</a>!
+ checkbox = with_checkbox ? %Q!<input name="#{SP_PREFIX}.#{h(file)}" type="checkbox" value="t"#{is_checked ? ' checked' : ''}>! : ''
+ result << %Q!<li>#{checkbox}<a href="#{sp_doc_url( file )}">#{h(file)}</a>!
end
end
Modified: hiki/trunk/plugin/50bayes_filter.rb
===================================================================
--- hiki/trunk/plugin/50bayes_filter.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/plugin/50bayes_filter.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -124,23 +124,23 @@
def submitted_pages_html
sp = submitted_pages
r = ""
- {"Ham"=>sp.ham, "Doubt"=>sp.doubt, "Spam"=>sp.spam}.each do |k, h|
- next if h.empty?
+ {"Ham"=>sp.ham, "Doubt"=>sp.doubt, "Spam"=>sp.spam}.each do |k, hash|
+ next if hash.empty?
r << "<h3>#{k}</h3>\n<ul>\n"
- h.keys.sort.each do |id|
+ hash.keys.sort.each do |id|
r << <<EOT
-<li><a href="#{h[id].url}">#{CGI.escapeHTML(h[id].new_page.page)}</a>
+<li><a href="#{hash[id].url}">#{h(hash[id].new_page.page)}</a>
<dl>
-<dt>#{Res.title}</dt><dd>#{CGI.escapeHTML(h[id].new_page.title)}</dd>
-<dt>Unified Diff</dt><dd><pre>#{CGI.escapeHTML(h[id].get_unified_diff)}</pre></dd>
+<dt>#{Res.title}</dt><dd>#{h(hash[id].new_page.title)}</dd>
+<dt>Unified Diff</dt><dd><pre>#{h(hash[id].get_unified_diff)}</pre></dd>
#{
- unless h[id].diff_keyword.join("\n").strip.empty?
- "<dt>#{Res.diff_keyword}</dt><dd>#{CGI.escapeHTML(h[id].diff_keyword.join("\n").strip).gsub(/\n/, "<br>")}</dd>"
+ unless hash[id].diff_keyword.join("\n").strip.empty?
+ "<dt>#{Res.diff_keyword}</dt><dd>#{h(hash[id].diff_keyword.join("\n").strip).gsub(/\n/, "<br>")}</dd>"
end
}
-<dt>#{Res.remote_addr}</dt><dd>#{CGI.escapeHTML(h[id].new_page.remote_addr)}</dd>
+<dt>#{Res.remote_addr}</dt><dd>#{h(hash[id].new_page.remote_addr)}</dd>
#{
- rate = BayesFilter.db.estimate(h[id].token)
+ rate = BayesFilter.db.estimate(hash[id].token)
rate ? "<dt>#{Res.spam_rate}</dt><dd>#{format("%.4f", rate)}</dd>" : ""
}
<dt><a href='#{conf_url(Mode::SUBMITTED_PAGE_DIFF)};id=#{id}'>#{Res.submitted_page_diff}</a></dt>
@@ -188,9 +188,9 @@
<dt>#{Res.difference}</dt>
<dd><pre>#{word_diff(data.old_page.text, data.new_page.text)}</pre></d>
<dt>#{Res.old_text}</dt>
-<dd><pre>#{CGI.escapeHTML(data.old_page.text||"")}</pre></dd>
+<dd><pre>#{h(data.old_page.text||"")}</pre></dd>
<dt>#{Res.new_text}</dt>
-<dd><pre>#{CGI.escapeHTML(data.new_page.text||"")}</pre></dd>
+<dd><pre>#{h(data.new_page.text||"")}</pre></dd>
</dl>
EOT
end
Modified: hiki/trunk/plugin/de/00default.rb
===================================================================
--- hiki/trunk/plugin/de/00default.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/plugin/de/00default.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -9,13 +9,13 @@
<<-HTML
<h3 class="subtitle">Wiki Name</h3>
<p>Der Name des Wikis. Er erscheint in de Seitentiteln.</p>
- <p><input name="site_name" value="#{CGI::escapeHTML(@conf.site_name)}" size="40"></p>
+ <p><input name="site_name" value="#{h(@conf.site_name)}" size="40"></p>
<h3 class="subtitle">Author</h3>
<p>Ihr Name</p>
- <p><input name="author_name" value="#{CGI::escapeHTML(@conf.author_name)}" size="40"></p>
+ <p><input name="author_name" value="#{h(@conf.author_name)}" size="40"></p>
<h3 class="subtitle">Email Addresse</h3>
<p>Email</p>
- <p><textarea name="mail" rows="4" cols="50">#{CGI::escapeHTML(@conf.mail.join("\n"))}</textarea></p>
+ <p><textarea name="mail" rows="4" cols="50">#{h(@conf.mail.join("\n"))}</textarea></p>
<h3 class="subtitle">Sende Emails bei änderungen?</h3>
<p>Einstellung, ob Sie über änderungen an Seiten per Email informiert werden möchten. Die Email wird zu der Adresse die Sie in den Standard-Einstellungen eingegeben haben gesendet. (Stellen Sie sicher, dass ein SMTP server in der hikiconf.rb angegeben ist.)</p>
<p><select name="mail_on_update">
@@ -56,10 +56,10 @@
</select></p>
<h3 class="subtitle">Theme URL</h3>
<p>Eine URL eines Themes. Wenn Sie hier eine URL angeben, wird dieses CSS Theme verwendet und das oben angegebene ignoriert.</p>
- <p><input name="theme_url" value="#{CGI::escapeHTML(@conf.theme_url)}" size="60"></p>
+ <p><input name="theme_url" value="#{h(@conf.theme_url)}" size="60"></p>
<h3 class="subtitle">Theme Ordner</h3>
<p>Ordner der vorhandenen Themes.</p>
- <p><input name="theme_path" value="#{CGI::escapeHTML(@conf.theme_path)}" size="60"></p>
+ <p><input name="theme_path" value="#{h(@conf.theme_path)}" size="60"></p>
<h3 class="subtitle">Seitenleiste</h3>
<p>Manche Themes können die Seitenleiste nicht ordnungsgemäß darstellen. Wenn sie eines dieser Themes benutzten, den Wert auf 'Aus' setzen.</p>
<p><select name="sidebar">
@@ -68,10 +68,10 @@
</select></p>
<h3 class="subtitle">CSS Klassename der die Haupt-Fläche</h3>
<p>CSS Klassenname der die Haupt-Fläche (Stardard: 'main').</p>
- <p><input name="main_class" value="#{CGI::escapeHTML(@conf.main_class)}" size="20"></p>
+ <p><input name="main_class" value="#{h(@conf.main_class)}" size="20"></p>
<h3 class="subtitle">CSS Klassenname der Seitenleiste</h3>
<p>CSS Klassenname der Seitenleiste (Standard: 'sidebar').</p>
- <p><input name="sidebar_class" value="#{CGI::escapeHTML(@conf.sidebar_class)}" size="20"></p>
+ <p><input name="sidebar_class" value="#{h(@conf.sidebar_class)}" size="20"></p>
<h3 class="subtitle">Auto link</h3>
<p>Um die Auto link Funktion zu aktivieren, den Wert auf 'An' setzen.</p>
<p><select name="auto_link">
Modified: hiki/trunk/plugin/en/00default.rb
===================================================================
--- hiki/trunk/plugin/en/00default.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/plugin/en/00default.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -9,13 +9,13 @@
<<-HTML
<h3 class="subtitle">Site name</h3>
<p>Enter the name of your site. This will appear in page titles.</p>
- <p><input name="site_name" value="#{CGI::escapeHTML(@conf.site_name)}" size="40"></p>
+ <p><input name="site_name" value="#{h(@conf.site_name)}" size="40"></p>
<h3 class="subtitle">Author</h3>
<p>Enter your name.</p>
- <p><input name="author_name" value="#{CGI::escapeHTML(@conf.author_name)}" size="40"></p>
+ <p><input name="author_name" value="#{h(@conf.author_name)}" size="40"></p>
<h3 class="subtitle">E-mail address</h3>
<p>Enter your e-mail address. (One address in one line)</p>
- <p><textarea name="mail" rows="4" cols="50">#{CGI::escapeHTML(@conf.mail.join("\n"))}</textarea></p>
+ <p><textarea name="mail" rows="4" cols="50">#{h(@conf.mail.join("\n"))}</textarea></p>
<h3 class="subtitle">Send update e-mails?</h3>
<p>Set whether or not you want to have e-mail sent when a page is updated. E-mail will be sent to the address set in the Basic Preferences. (Make sure to specify an SMTP server beforehand in hikiconf.rb.)</p>
<p><select name="mail_on_update">
@@ -56,10 +56,10 @@
</select></p>
<h3 class="subtitle">Theme URL</h3>
<p>Specify a URL where a theme is located. If you specify a CSS URL, the theme selected above will be ignored, and the CSS will be used.</p>
- <p><input name="theme_url" value="#{CGI::escapeHTML(@conf.theme_url)}" size="60"></p>
+ <p><input name="theme_url" value="#{h(@conf.theme_url)}" size="60"></p>
<h3 class="subtitle">Theme directory</h3>
<p>Enter the directory where themes are located.</p>
- <p><input name="theme_path" value="#{CGI::escapeHTML(@conf.theme_path)}" size="60"></p>
+ <p><input name="theme_path" value="#{h(@conf.theme_path)}" size="60"></p>
<h3 class="subtitle">Sidebar</h3>
<p>Some themes cannot properly display the sidebar. If you are using one of these themes, set this value to off.</p>
<p><select name="sidebar">
@@ -68,10 +68,10 @@
</select></p>
<h3 class="subtitle">CSS class name for the main area</h3>
<p>Enter the CSS class name for the main area (default: 'main').</p>
- <p><input name="main_class" value="#{CGI::escapeHTML(@conf.main_class)}" size="20"></p>
+ <p><input name="main_class" value="#{h(@conf.main_class)}" size="20"></p>
<h3 class="subtitle">CSS class name for the sidebar</h3>
<p>Enter the CSS class name for the sidebar (default: 'sidebar').</p>
- <p><input name="sidebar_class" value="#{CGI::escapeHTML(@conf.sidebar_class)}" size="20"></p>
+ <p><input name="sidebar_class" value="#{h(@conf.sidebar_class)}" size="20"></p>
<h3 class="subtitle">Auto link</h3>
<p>If you want to use the auto link function, set this value to on.</p>
<p><select name="auto_link">
Modified: hiki/trunk/plugin/fr/00default.rb
===================================================================
--- hiki/trunk/plugin/fr/00default.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/plugin/fr/00default.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -1,3 +1,4 @@
+# -*- coding: nil -*-
#
# preferences (resources)
#
@@ -6,13 +7,13 @@
<<-HTML
<h3 class="subtitle">Pseudonyme</h3>
<p>Entrez votre nom d'utilisateur. Il apparaîtra comme élément de titre.</p>
- <p><input name="site_name" value="#{CGI::escapeHTML(@conf.site_name)}" size="40"></p>
+ <p><input name="site_name" value="#{h(@conf.site_name)}" size="40"></p>
<h3 class="subtitle">Auteur</h3>
<p>Entrez votre nom complet.</p>
- <p><input name="author_name" value="#{CGI::escapeHTML(@conf.author_name)}" size="40"></p>
+ <p><input name="author_name" value="#{h(@conf.author_name)}" size="40"></p>
<h3 class="subtitle">Adresse électronique</h3>
<p>Entrez votre adresse e-mail.</p>
- <p><textarea name="mail" rows="4" cols="50">#{CGI::escapeHTML(@conf.mail.join("\n"))}</textarea></p>
+ <p><textarea name="mail" rows="4" cols="50">#{h(@conf.mail.join("\n"))}</textarea></p>
<h3 class="subtitle">Notification par e-mail.</h3>
<p>Si cette option est activée, un e-mail de notification sera envoyé à votre adresse électronique via le serveur SMTP (définit dans hikiconf.rb) lorsqu'une page est modifiée. Aucun e-mail ne sera envoyé si cette option est désactivée.</p>
<p><select name="mail_on_update">
@@ -53,10 +54,10 @@
</select></p>
<h3 class="subtitle">Thème - URL</h3>
<p>Entrez l'URL d'un thème.</p>
- <p><input name="theme_url" value="#{CGI::escapeHTML(@conf.theme_url)}" size="60"></p>
+ <p><input name="theme_url" value="#{h(@conf.theme_url)}" size="60"></p>
<h3 class="subtitle">Thème - Répertoire</h3>
<p>Entrez le répertoire du thème.</p>
- <p><input name="theme_path" value="#{CGI::escapeHTML(@conf.theme_path)}" size="60"></p>
+ <p><input name="theme_path" value="#{h(@conf.theme_path)}" size="60"></p>
<h3 class="subtitle">Barre contextuelle</h3>
<p>ON et la barre contextuelle sera affichée. Si vous voulez utiliser un thème qui ne gère pas de barre contextuelle, vous devez sélectionner OFF.</p>
<p><select name="sidebar">
@@ -65,10 +66,10 @@
</select></p>
<h3 class="subtitle">Nom de la classe dans la section principale (CSS)</h3>
<p>Entrez le nom CSS de la classe dans la section principale.</p>
- <p><input name="main_class" value="#{CGI::escapeHTML(@conf.main_class)}" size="20"></p>
+ <p><input name="main_class" value="#{h(@conf.main_class)}" size="20"></p>
<h3 class="subtitle">Nom de la classe dans la barre contextuelle (CSS)</h3>
<p>Entrez le nom CSS de la classe dans la barre contextuelle.</p>
- <p><input name="sidebar_class" value="#{CGI::escapeHTML(@conf.sidebar_class)}" size="20"></p>
+ <p><input name="sidebar_class" value="#{h(@conf.sidebar_class)}" size="20"></p>
<h3 class="subtitle">Liens automatiques</h3>
<p>Choisissez ON si vous désirez activer les liens automatiques.</p>
<p><select name="auto_link">
Modified: hiki/trunk/plugin/it/00default.rb
===================================================================
--- hiki/trunk/plugin/it/00default.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/plugin/it/00default.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -1,3 +1,4 @@
+# -*- coding: nil -*-
#
# preferences (resources)
#
@@ -6,13 +7,13 @@
<<-HTML
<h3 class="subtitle">Nome del sito</h3>
<p>Imposta il nome del sito. Questo appare come titolo dell'elemento.</p>
- <p><input name="site_name" value="#{CGI::escapeHTML(@conf.site_name)}" size="40"></p>
+ <p><input name="site_name" value="#{h(@conf.site_name)}" size="40"></p>
<h3 class="subtitle">Autore</h3>
<p>Set your name.</p>
- <p><input name="author_name" value="#{CGI::escapeHTML(@conf.author_name)}" size="40"></p>
+ <p><input name="author_name" value="#{h(@conf.author_name)}" size="40"></p>
<h3 class="subtitle">Indirizzo email</h3>
<p>Imposta il tuo indirizzo email.</p>
- <p><textarea name="mail" rows="4" cols="50">#{CGI::escapeHTML(@conf.mail.join("\n"))}</textarea></p>
+ <p><textarea name="mail" rows="4" cols="50">#{h(@conf.mail.join("\n"))}</textarea></p>
<h3 class="subtitle">Manda email per le modifiche.</h3>
<p>Se è ABILITATO, l'email di notifica è inviata all'"Indirizzo email" delle preferenze di base via SMTP server(che è impostato in hikiconf.rb) quando una pagina è aggiornata. Se è DISABILITATO, l'email viene inviata.</p>
<p><select name="mail_on_update">
@@ -53,10 +54,10 @@
</select></p>
<h3 class="subtitle">URL Tema</h3>
<p>Imposta URL tema.</p>
- <p><input name="theme_url" value="#{CGI::escapeHTML(@conf.theme_url)}" size="60"></p>
+ <p><input name="theme_url" value="#{h(@conf.theme_url)}" size="60"></p>
<h3 class="subtitle">Cartella tema</h3>
<p>Imposta cartella tema.</p>
- <p><input name="theme_path" value="#{CGI::escapeHTML(@conf.theme_path)}" size="60"></p>
+ <p><input name="theme_path" value="#{h(@conf.theme_path)}" size="60"></p>
<h3 class="subtitle">Barra laterale</h3>
<p>ABILITATO se la barra laterale è mostrata. Se vuoi usare un tema che non supporta la barra laterale, devi selezionare DISABILITATO qui.</p>
<p><select name="sidebar">
@@ -65,10 +66,10 @@
</select></p>
<h3 class="subtitle">Nome della classe nell'area principale(CSS)</h3>
<p>Imposta il nome della classe CSS nell'area principale.</p>
- <p><input name="main_class" value="#{CGI::escapeHTML(@conf.main_class)}" size="20"></p>
+ <p><input name="main_class" value="#{h(@conf.main_class)}" size="20"></p>
<h3 class="subtitle">Nome del CSS nella barra laterale (CSS)</h3>
<p>Imposta il nome della classe CSS nella barra laterale.</p>
- <p><input name="sidebar_class" value="#{CGI::escapeHTML(@conf.sidebar_class)}" size="20"></p>
+ <p><input name="sidebar_class" value="#{h(@conf.sidebar_class)}" size="20"></p>
<h3 class="subtitle">Collegamento automatico</h3>
<p>Imposta ABILITATO se vuoi usare il collegamento automatico.</p>
<p><select name="auto_link">
Modified: hiki/trunk/plugin/ja/00default.rb
===================================================================
--- hiki/trunk/plugin/ja/00default.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/plugin/ja/00default.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -7,13 +7,13 @@
<<-HTML
<h3 class="subtitle">サイト名</h3>
<p>サイト名を指定します。</p>
- <p><input name="site_name" value="#{CGI::escapeHTML(@conf.site_name)}" size="40"></p>
+ <p><input name="site_name" value="#{h(@conf.site_name)}" size="40"></p>
<h3 class="subtitle">著者名</h3>
<p>あなたの名前を指定します。</p>
- <p><input name="author_name" value="#{CGI::escapeHTML(@conf.author_name)}" size="40"></p>
+ <p><input name="author_name" value="#{h(@conf.author_name)}" size="40"></p>
<h3 class="subtitle">メールアドレス</h3>
<p>あなたのメールアドレスを指定します。1行に1アドレスずつ指定します。</p>
- <p><textarea name="mail" rows="4" cols="50">#{CGI::escapeHTML(@conf.mail.join("\n"))}</textarea></p>
+ <p><textarea name="mail" rows="4" cols="50">#{h(@conf.mail.join("\n"))}</textarea></p>
<h3 class="subtitle">更新をメールで通知</h3>
<p>ページの更新があった場合にメールで通知するかどうかを指定します。メールは基本設定で指定したアドレスに送信されます。あらかじめhikiconf.rbでSMTPサーバを設定しておいてください。</p>
<p><select name="mail_on_update">
@@ -54,10 +54,10 @@
</select></p>
<h3 class="subtitle">テーマURLの指定</h3>
<p>テーマがあるURLを指定することができます。直接CSSを指定した場合、上の「テーマの指定」で選択したテーマは無視され、指定したCSSが使われます。</p>
- <p><input name="theme_url" value="#{CGI::escapeHTML(@conf.theme_url)}" size="60"></p>
+ <p><input name="theme_url" value="#{h(@conf.theme_url)}" size="60"></p>
<h3 class="subtitle">テーマディレクトリの指定</h3>
<p>テーマがあるディレクトリを指定することができます。(複数設置時に使用)</p>
- <p><input name="theme_path" value="#{CGI::escapeHTML(@conf.theme_path)}" size="60"></p>
+ <p><input name="theme_path" value="#{h(@conf.theme_path)}" size="60"></p>
<h3 class="subtitle">サイドバーの利用</h3>
<p>テーマによってはサイドバーを利用すると表示が乱れるものがあります。その場合、サイドバーの表示をオフにすることができます。</p>
<p><select name="sidebar">
@@ -66,10 +66,10 @@
</select></p>
<h3 class="subtitle">メインエリアのクラス名(CSS)の指定</h3>
<p>デフォルトでは本文部分のクラス名として'main'を使用しますが、それ以外のクラス名を使用したい場合に指定します。</p>
- <p><input name="main_class" value="#{CGI::escapeHTML(@conf.main_class)}" size="20"></p>
+ <p><input name="main_class" value="#{h(@conf.main_class)}" size="20"></p>
<h3 class="subtitle">サイドバーのクラス名(CSS)の指定</h3>
<p>デフォルトではサイドバーのクラス名として'sidebar'を使用しますが、それ以外のクラス名を使用したい場合に指定します。</p>
- <p><input name="sidebar_class" value="#{CGI::escapeHTML(@conf.sidebar_class)}" size="20"></p>
+ <p><input name="sidebar_class" value="#{h(@conf.sidebar_class)}" size="20"></p>
<h3 class="subtitle">オートリンクの利用</h3>
<p>既存のページに自動的にリンクを設定するオートリンク機能を使用するかどうか指定します。</p>
<p><select name="auto_link">
Modified: hiki/trunk/style/default/html_formatter.rb
===================================================================
--- hiki/trunk/style/default/html_formatter.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/style/default/html_formatter.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -10,6 +10,8 @@
module Hiki
class HTMLFormatter_default < HikiFormatter
+ include Hiki::Util
+
def initialize( s, db, plugin, conf, prefix = 'l')
@html = s
@db = db
@@ -76,7 +78,7 @@
return text if @auto_links.empty?
replace_inline( text ) do |str|
str.gsub!( @auto_links_re ) do |match|
- @plugin.hiki_anchor( @auto_links[match].unescapeHTML.escape, match )
+ @plugin.hiki_anchor( escape(unescape_html(@auto_links[match])), match )
end
end
end
@@ -120,7 +122,7 @@
if URI_RE =~ u # uri
@plugin.make_anchor(u, k, 'external')
else
- u = u.unescapeHTML
+ u = unescape_html(u)
u =****@alias*****_names.key( u ) || u # alias wiki
if /(.*)(#l\d+)\z/ =~ u
u, anchor = $1, $2
@@ -130,19 +132,19 @@
if****@db*****?( u ) # page name
k =****@plugi*****_name( k ) if k == u
@references << u
- @plugin.hiki_anchor( u.escape + anchor, k )
+ @plugin.hiki_anchor( escape(u) + anchor, k )
elsif orig =****@db*****{|i| i[:title] == u}.first # page title
k =****@plugi*****_name( k ) if k == u
u = orig
@references << u
- @plugin.hiki_anchor( u.escape + anchor, k )
+ @plugin.hiki_anchor( escape(u) + anchor, k )
elsif outer_alias =****@inter*****_alias( u ) # outer alias
@plugin.make_anchor(outer_alias[0] + anchor, k, 'external')
elsif /:/ =~ u # inter wiki ?
s, p = u.split( /:/, 2 )
if s.empty? # normal link
- @plugin.make_anchor( p.escapeHTML + anchor, k, 'external')
- elsif inter_link =****@inter*****( s, p.unescapeHTML, "#{s}:#{p}" )
+ @plugin.make_anchor( h(p) + anchor, k, 'external')
+ elsif inter_link =****@inter*****( s, unescape_html(p), "#{s}:#{p}" )
@plugin.make_anchor(inter_link[0], k, 'external')
else
missing_page_anchor( k, u )
@@ -156,8 +158,8 @@
def missing_page_anchor( k, u )
if****@plugi*****?
- missing_anchor_title =****@conf*****_missing_anchor_title % [ u.escapeHTML ]
- "#{k}<a class=\"nodisp\" href=\"#{@conf.cgi_name}?c=edit;p=#{u.escape}\" title=\"#{missing_anchor_title}\">?</a>"
+ missing_anchor_title =****@conf*****_missing_anchor_title % [h(u)]
+ "#{k}<a class=\"nodisp\" href=\"#{@conf.cgi_name}?c=edit;p=#{escape(u)}\" title=\"#{missing_anchor_title}\">?</a>"
else
k
end
Modified: hiki/trunk/style/math/html_formatter.rb
===================================================================
--- hiki/trunk/style/math/html_formatter.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/style/math/html_formatter.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -6,6 +6,7 @@
module Hiki
class HTMLFormatter_math < HTMLFormatter_default
+ include Hiki::Util
def to_s
super
@html_converted = replace_math( @html_converted )
@@ -16,11 +17,11 @@
def replace_math( text )
replace_inline( text ) do |str|
str.gsub!( /\[\$(.+?)\$\]/ ) do |match|
- math.text_mode( $1.unescapeHTML )
+ math.text_mode(unescape_html($1) )
end
str.gsub!( /(^\$\$.*\n?)+/ ) do |match|
'<div class="displaymath">%s</div>' %
- math.display_mode( match.unescapeHTML.gsub( /^\$\$/, '' ) )
+ math.display_mode( unescape_html(match).gsub( /^\$\$/, '' ) )
end
end
end
Modified: hiki/trunk/style/math/latex.rb
===================================================================
--- hiki/trunk/style/math/latex.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/style/math/latex.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -1,13 +1,16 @@
require "digest/md5"
+require 'hiki/util'
module Hiki
class Math_latex
+ include Hiki::Util
+
def initialize(conf, page)
@conf = conf
@page = page
@cache_path = "#{@conf.cache_path}/math_latex"
- @image_path = "#{@cache_path}/#{@page.escape}"
+ @image_path = "#{@cache_path}/#{escape(@page)}"
begin
Dir.mkdir(@cache_path) unless test(?e, @cache_path.untaint)
rescue Exception
@@ -75,8 +78,8 @@
end
html = %Q!<img class="math" src="!
- html << %Q!#{@conf.cgi_name}#{cmdstr('plugin', "plugin=math_latex_download;p=#{@page.escape};file_name=#{filename.escape}.png")}" !
- html << %Q!alt="#{text.escapeHTML}">!
+ html << %Q!#{@conf.cgi_name}#{cmdstr('plugin', "plugin=math_latex_download;p=#{escape(@page)};file_name=#{escape(filename)}.png")}" !
+ html << %Q!alt="#{h(text)}">!
end
def text_mode(text)
Modified: hiki/trunk/style/rd+/anchorlist.rb
===================================================================
--- hiki/trunk/style/rd+/anchorlist.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/style/rd+/anchorlist.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -1,5 +1,5 @@
# anchorlist.rb for Hiki/RD+
-#
+#
# Copyright (c) 2003 Masao Mutoh<mutoh****@highw*****>
# You can redistribute it and/or modify it under GPL2.
#
@@ -7,11 +7,14 @@
# a.rb -
# Copyright (c) 2002,2003 MUTOH Masao <mutoh****@highw*****>
# You can redistribute it and/or modify it under GPL2.
-#
+#
require 'nkf'
+require 'hiki/util'
module Hiki
class AnchorList
+ include Hiki::Util
+
REG_PIPE = /\|/
REG_COLON = /\:/
REG_URL = /:\/\//
@@ -53,9 +56,9 @@
return "" unless option
return option unless charset
if charset =~ REG_CHARSET2
- ret = NKF::nkf("-#{charset[0].chr}", option).escape
+ ret = escape(NKF.nkf("-#{charset[0].chr}", option))
elsif charset =~ REG_CHARSET3
- ret = option.escape
+ ret = escape(option)
else
ret = option
end
@@ -88,7 +91,7 @@
value = name
url += convert_charset(option_or_name, charset)
elsif option_or_name
- value = option_or_name
+ value = option_or_name
else
value = key
end
Modified: hiki/trunk/style/rd+/html_formatter.rb
===================================================================
--- hiki/trunk/style/rd+/html_formatter.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/style/rd+/html_formatter.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -16,6 +16,8 @@
module Hiki
class HTMLFormatter_rd < HikiFormatter
+ include Hiki::Util
+
def initialize( s, db, plugin, conf, suffix = 'l')
@tokens = s
@db = db
@@ -24,32 +26,32 @@
@visitor = Hiki::RD2HTMLVisitor.new(@plugin, @db, @conf)
end
- def to_s
+ def to_s
@references =****@visit*****
begin
@visitor.visit(@tokens).gsub(/<\/?body>/, "")
rescue Exception
- tree = RD::RDTree.new("=begin\n==Error! Please edit this page again.\n#{($!.backtrace.join("\n")).escapeHTML}" + "\n=end\n")
+ tree = RD::RDTree.new("=begin\n==Error! Please edit this page again.\n#{h($!.backtrace.join("\n"))}" + "\n=end\n")
@visitor.visit(tree).gsub(/<\/?body>/, "")
end
end
def references
@references.uniq
- end
+ end
def toc
s = "<ul>\n"
lv = 1
- @visitor.toc.each do |h|
- if h['level'] > lv
- s << ( "<ul>\n" * ( h['level'] - lv ) )
- lv = h['level']
- elsif h['level'] < lv
- s << ( "</ul>\n" * ( lv - h['level'] ) )
- lv = h['level']
+ @visitor.toc.each do |hash|
+ if hash['level'] > lv
+ s << ( "<ul>\n" * ( hash['level'] - lv ) )
+ lv = hash['level']
+ elsif hash['level'] < lv
+ s << ( "</ul>\n" * ( lv - hash['level'] ) )
+ lv = hash['level']
end
- s << %Q!<li><a href="##{h['index']}">#{h['title'].escapeHTML}</a>\n!
+ s << %Q!<li><a href="##{hash['index']}">#{h(hash['title'])}</a>\n!
end
s << ("</ul>\n" * lv)
end
Modified: hiki/trunk/style/rd+/rd2html.rb
===================================================================
--- hiki/trunk/style/rd+/rd2html.rb 2009-08-30 13:42:34 UTC (rev 1015)
+++ hiki/trunk/style/rd+/rd2html.rb 2009-08-30 13:42:41 UTC (rev 1016)
@@ -15,9 +15,12 @@
require "rd/rd2html-lib"
require 'style/rd+/anchorlist'
require 'hiki/pluginutil'
+require 'hiki/util'
module Hiki
class RD2HTMLVisitor < RD::RD2HTMLVisitor
+ include Hiki::Util
+
attr_reader :references, :toc
EVAL_PLUGIN_RE = /\{\{(.*?)\}\}/m
LAST_WORD_RE = /^[A-Z0-9_]*$/
@@ -36,7 +39,7 @@
@references = Array.new
@regex = nil
@toc = []
-
+
if text =****@db*****("ModuleNames")
@modulenames = text.split(/\s/).join("|")
@esc_modulenames = /(#{text.split(/\s/).join(ESC_WORD + "|") + ESC_WORD})/
@@ -49,7 +52,7 @@
end
def get_anchor(element)
- element.label.escape
+ escape(element.label)
end
def div_class_method(s)
@@ -57,10 +60,10 @@
# Gtk::Hoge#fuga, Gtk::Hoge.fuga, Gtk::Hoge::Foo
# If Gtk::Hoge. << period for document, unscan it.
if constant = s.scan(CONSTANT_RE)
- constant = constant.unescapeHTML
- child = div_class_method(s)
+ constant = unescape_html(constant)
+ child = div_class_method(s)
if child
- [sep, constant] << child
+ [sep, constant] << child
else
[sep, constant]
end
@@ -76,7 +79,7 @@
return content if content.nil? or content == ""
#Eval Plugin
content = content.gsub(EVAL_PLUGIN_RE) do |match|
- method = $1.unescapeHTML
+ method = unescape_html($1)
ret = ''
begin
ret = Hiki::Util.apply_plugin(method, @plugin, @conf)
@@ -106,39 +109,39 @@
name = ""
option = nil
divary = div_class_method(s)
-
+
if divary
divary.flatten!
lastword = divary.pop
separator = divary.pop
-
+
if divary.size == 0
if separator == "::"
- if lastword =~ LAST_WORD_RE
+ if lastword =~ LAST_WORD_RE
# Constants
- target = module_name.escape
+ target = escape(module_name)
name = module_name + separator + lastword
option = lastword
else
# Class
module_name += separator + lastword
- target = module_name.escape
+ target = escape(module_name)
name = module_name
end
else
# Module method
- target = module_name.escape
+ target = escape(module_name)
name = module_name + separator + lastword
- option = module_name + (separator + lastword).escape
+ option = module_name + escape(separator + lastword)
end
elsif divary.size > 1
module_name += divary.join
- target = module_name.escape
+ target = escape(module_name)
name = module_name + separator + lastword
if separator == "."
- option = "#{target}.#{lastword.escape}"
+ option = "#{target}.#{escape(lastword)}"
else
- option = lastword.escape
+ option = escape(lastword)
end
end
#Create result
@@ -174,7 +177,7 @@
else
label[0].gsub!(ESC_WORD_RE, "")
end
- %Q[<a name="#{anchor}" href="##{anchor}" title="#{anchor.unescape.escapeHTML}">#{label}</a>]
+ %Q[<a name="#{anchor}" href="##{anchor}" title="#{h(unescape(anchor))}">#{label}</a>]
end
def apply_to_Headline(element, title)
@@ -243,10 +246,10 @@
key, *option = label.split(/\#/)
if****@db*****_exist? and****@db*****_exist?(key)
- escaped = key.escape
+ escaped = escape(key)
if @regex_modulenames
- escaped.gsub!(@regex_modulenames, "\\&#{ESC_WORD}")
- escaped += '#' + option.join.gsub(@regex_modulenames, "\\&#{ESC_WORD}").escape if option and option.size > 0
+ escaped.gsub!(@regex_modulenames, "\\&#{ESC_WORD}")
+ escaped += '#' + escape(option.join.gsub(@regex_modulenames, "\\&#{ESC_WORD}")) if option and option.size > 0
end
@references << key
@plugin.hiki_anchor(escaped, content)
@@ -259,7 +262,7 @@
if @regex_modulenames and @regex_modulenames =~ label
label.gsub!(@regex_modulenames, "\\&#{ESC_WORD}")
end
- escaped = label.escape
+ escaped = escape(label)
content + %Q[<a href="#{@conf.cgi_name}?c=edit;p=#{escaped}">?</a>]
end
end