[phpwiki-checkins] SF.net SVN: phpwiki:[10350] trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 10350
          http://sourceforge.net/p/phpwiki/code/10350
Author:   vargenau
Date:     2021-07-15 18:32:00 +0000 (Thu, 15 Jul 2021)
Log Message:
-----------
Better handling of page names with slash

Modified Paths:
--------------
    trunk/lib/InlineParser.php
    trunk/lib/main.php
    trunk/lib/plugin/CreatePage.php
    trunk/lib/plugin/WikiAdminRename.php
    trunk/pgsrc/ReleaseNotes

Modified: trunk/lib/InlineParser.php
===================================================================

--- trunk/lib/InlineParser.php	2021-07-15 16:41:39 UTC (rev 10349)
+++ trunk/lib/InlineParser.php	2021-07-15 18:32:00 UTC (rev 10350)
@@ -343,6 +343,12 @@
                     _('Page name too long'));
             }
         }
+        // Page name cannot end with a slash
+        if (substr($rawlink, -1) == "/") {
+            return HTML::span(array('class' => 'error'),
+                sprintf(_("Page name “%s” cannot end with a slash."), $rawlink));
+        }
+
         // Check illegal characters in page names: <>[]{}|"
         if (preg_match("/[<\[\{\|\"\}\]>]/", $rawlink, $matches) > 0) {
             return HTML::span(array('class' => 'error'),

Modified: trunk/lib/main.php
===================================================================
--- trunk/lib/main.php	2021-07-15 16:41:39 UTC (rev 10349)
+++ trunk/lib/main.php	2021-07-15 18:32:00 UTC (rev 10350)
@@ -784,6 +784,12 @@
             GeneratePage($CONTENT, $pagename);
             $this->finish();
         }
+        // Page name cannot end with a slash, redirect to page without slashes at the end
+        if (substr($pagename, -1) == "/") {
+            $pagename = rtrim($pagename, "/");
+            global $request;
+            $request->redirect(WikiURL($pagename, array(), 'absurl')); // noreturn
+        }
         if (preg_match("/[<\[\{\|\"\}\]>]/", $pagename, $matches) > 0) {
             $CONTENT = HTML::p(
                 array('class' => 'error'),

Modified: trunk/lib/plugin/CreatePage.php
===================================================================
--- trunk/lib/plugin/CreatePage.php	2021-07-15 16:41:39 UTC (rev 10349)
+++ trunk/lib/plugin/CreatePage.php	2021-07-15 18:32:00 UTC (rev 10350)
@@ -75,8 +75,9 @@
             return $this->error(sprintf(_("Argument '%s' must be a boolean"), "overwrite"));
         }
 
-        // Prevent spaces at the start and end of a page name
-        $s = trim($s);
+        // Prevent spaces and slashes at the start and end of a page name
+        $s = trim($s, " /");
+
         if (!$s) {
             return $this->error(_("Cannot create page with empty name!"));
         }

Modified: trunk/lib/plugin/WikiAdminRename.php
===================================================================
--- trunk/lib/plugin/WikiAdminRename.php	2021-07-15 16:41:39 UTC (rev 10349)
+++ trunk/lib/plugin/WikiAdminRename.php	2021-07-15 18:32:00 UTC (rev 10350)
@@ -222,6 +222,14 @@
             ) {
                 if (strlen($newname) > MAX_PAGENAME_LENGTH) {
                     $ul->pushContent(HTML::li(_("Cannot rename. New page name too long.")));
+                // Page name cannot begin with a slash
+                } elseif ($newname[0] == "/") {
+                    $ul->pushContent(HTML::li(
+                        sprintf(_("Page name “%s” cannot begin with a slash."), $newname)));
+                // Page name cannot end with a slash
+                } elseif (substr($newname, -1) == "/") {
+                    $ul->pushContent(HTML::li(
+                        sprintf(_("Page name “%s” cannot end with a slash."), $newname)));
                 } elseif (preg_match("/[<\[\{\|\"\}\]>]/", $newname, $matches) > 0) {
                     $ul->pushContent(HTML::li(
                         sprintf(_("Illegal character “%s” in page name."), $matches[0])));

Modified: trunk/pgsrc/ReleaseNotes
===================================================================
--- trunk/pgsrc/ReleaseNotes	2021-07-15 16:41:39 UTC (rev 10349)
+++ trunk/pgsrc/ReleaseNotes	2021-07-15 18:32:00 UTC (rev 10350)
@@ -1,4 +1,4 @@
-Date: Wed,  9 Jun 2021 19:50:57 +0000
+Date: Thu, 15 Jul 2021 20:27:26 +0000
 Mime-Version: 1.0 (Produced by PhpWiki 1.6.0)
 Content-Type: application/x-phpwiki;
   pagename=ReleaseNotes;
@@ -20,6 +20,7 @@
 * Make function IsSafeURL more strict
 * Make XHTML ZIP Snapshot work again (broken since ~PhpWiki 1.5.3)
 * It was possible to rename a page to a name with illegal characters, like ~[~]
+* Better handling of page names with slash
 * Remove wrong calls to setTightness in ##lib/~InlineParser.php## (bug reported by Harold Hallikainen)
 * Importing a ZIP from an old wiki in Latin 1 (ISO 8859-1) failed. Reported by Frank Michael.
 * Better check arguments for ~GoogleMaps plugin

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



