Menu
▾
▴
phpwiki-checkins
|
From: <var...@us...> - 2009-08-19 19:37:40
|
Revision: 7072
http://phpwiki.svn.sourceforge.net/phpwiki/?rev=7072&view=rev
Author: vargenau
Date: 2009-08-19 19:37:30 +0000 (Wed, 19 Aug 2009)
Log Message:
-----------
Simpler strings
Modified Paths:
--------------
trunk/lib/plugin/RedirectTo.php
Modified: trunk/lib/plugin/RedirectTo.php
===================================================================
--- trunk/lib/plugin/RedirectTo.php 2009-08-19 19:36:31 UTC (rev 7071)
+++ trunk/lib/plugin/RedirectTo.php 2009-08-19 19:37:30 UTC (rev 7072)
@@ -48,7 +48,7 @@
}
function getDescription() {
- return _("Redirects to another url or page.");
+ return _("Redirects to another URL or page.");
}
function getVersion() {
@@ -58,7 +58,6 @@
function getDefaultArguments() {
return array( 'href' => '',
- // 'type' => 'Temp' // or 'Permanent' // so far ignored
'page' => false,
);
}
@@ -79,8 +78,7 @@
$url = preg_replace('/%\d\d/','',strip_tags($href));
$thispage = $request->getPage();
if (! $thispage->get('locked')) {
- return $this->disabled(fmt("%s is only allowed in locked pages.",
- _("Redirect to an external url")));
+ return $this->disabled(_("Redirect to an external URL is only allowed in locked pages."));
}
}
else if ($page) {
@@ -89,8 +87,7 @@
'abs_path');
}
else {
- return $this->error(fmt("%s or %s parameter missing",
- "'href'", "'page'"));
+ return $this->error(_("'href' or 'page' parameter missing."));
}
if ($page == $request->getArg('pagename')) {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <var...@us...> - 2010-08-09 11:54:26
|
Revision: 7630
http://phpwiki.svn.sourceforge.net/phpwiki/?rev=7630&view=rev
Author: vargenau
Date: 2010-08-09 11:54:20 +0000 (Mon, 09 Aug 2010)
Log Message:
-----------
This is already done.
Modified Paths:
--------------
trunk/lib/plugin/RedirectTo.php
Modified: trunk/lib/plugin/RedirectTo.php
===================================================================
--- trunk/lib/plugin/RedirectTo.php 2010-07-20 17:45:40 UTC (rev 7629)
+++ trunk/lib/plugin/RedirectTo.php 2010-08-09 11:54:20 UTC (rev 7630)
@@ -35,11 +35,8 @@
* This plugin could probably result in a lot of confusion, especially when
* redirecting to external sites. (Perhaps it can even be used for dastardly
* purposes?) Maybe it should be disabled by default.
- *
- * It would be nice, when redirecting to another wiki page, to (as
- * UseModWiki does) add a note to the top of the target page saying
- * something like "(Redirected from SomeRedirectingPage)".
*/
+
class WikiPlugin_RedirectTo
extends WikiPlugin
{
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <var...@us...> - 2021-08-06 10:56:34
|
Revision: 10451
http://sourceforge.net/p/phpwiki/code/10451
Author: vargenau
Date: 2021-08-06 10:56:27 +0000 (Fri, 06 Aug 2021)
Log Message:
-----------
lib/plugin/RedirectTo.php: check IsSafeURL
Modified Paths:
--------------
trunk/lib/plugin/RedirectTo.php
Modified: trunk/lib/plugin/RedirectTo.php
===================================================================
--- trunk/lib/plugin/RedirectTo.php 2021-08-06 10:34:32 UTC (rev 10450)
+++ trunk/lib/plugin/RedirectTo.php 2021-08-06 10:56:27 UTC (rev 10451)
@@ -75,6 +75,9 @@
if ($url != $href) { // URL contains tags
return $this->disabled(_("Illegal characters in external URL."));
}
+ if (!IsSafeURL($url, true)) { // http or https only
+ return $this->error(fmt("Malformed URL: “%s”", $url));
+ }
$thispage = $request->getPage();
if (!$thispage->get('locked')) {
return $this->disabled(_("Redirect to an external URL is only allowed in locked pages."));
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <var...@us...> - 2010-08-30 10:41:34
|
Revision: 7653
http://phpwiki.svn.sourceforge.net/phpwiki/?rev=7653&view=rev
Author: vargenau
Date: 2010-08-30 10:41:28 +0000 (Mon, 30 Aug 2010)
Log Message:
-----------
Allow encoded spaces in URL for RedirectTo plugin
Modified Paths:
--------------
trunk/lib/plugin/RedirectTo.php
Modified: trunk/lib/plugin/RedirectTo.php
===================================================================
--- trunk/lib/plugin/RedirectTo.php 2010-08-24 15:11:11 UTC (rev 7652)
+++ trunk/lib/plugin/RedirectTo.php 2010-08-30 10:41:28 UTC (rev 7653)
@@ -59,14 +59,14 @@
$href = $args['href'];
$page = $args['page'];
if ($href) {
- /*
- * Use quotes on the href argument value, like:
- * <<RedirectTo href="http://funky.com/a b \" c.htm" ?>
- *
- * Do we want some checking on href to avoid malicious
- * uses of the plugin? Like stripping tags or hexcode.
- */
- $url = preg_replace('/%\d\d/','',strip_tags($href));
+ // If URL is urlencoded, decode it.
+ if (strpos('%', $href) !== false) {
+ $href = urldecode($href);
+ }
+ $url = strip_tags($href);
+ if ($url != $href) { // URL contains tags
+ return $this->disabled(_("Illegal characters in external URL."));
+ }
$thispage = $request->getPage();
if (! $thispage->get('locked')) {
return $this->disabled(_("Redirect to an external URL is only allowed in locked pages."));
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X