svnno****@sourc*****
svnno****@sourc*****
2009年 8月 23日 (日) 22:16:47 JST
Revision: 989
http://sourceforge.jp/projects/hiki/svn/view?view=rev&revision=989
Author: okkez
Date: 2009-08-23 22:16:47 +0900 (Sun, 23 Aug 2009)
Log Message:
-----------
use ERB::Util#h instead of CGi.escapeHTML and String#escapeHTML
Modified Paths:
--------------
hiki/trunk/ChangeLog
hiki/trunk/hiki/command.rb
hiki/trunk/hiki/interwiki.rb
hiki/trunk/hiki/pluginutil.rb
hiki/trunk/hiki/storage.rb
hiki/trunk/hiki/util.rb
Modified: hiki/trunk/ChangeLog
===================================================================
--- hiki/trunk/ChangeLog 2009-08-23 05:34:07 UTC (rev 988)
+++ hiki/trunk/ChangeLog 2009-08-23 13:16:47 UTC (rev 989)
@@ -1,3 +1,12 @@
+2009-08-23 okkez <okkez****@gmail*****>
+
+ * hiki/command.rb (Hiki::Command): use ERB::Util#h
+ instead of String#escapeHTML or CGI::Util#escapeHTML .
+ * hiki/interwiki.rb (Hiki::InterWiki): ditto.
+ * hiki/pluginutil.rb (Hiki::Util): ditto.
+ * hiki/storage.rb (Hiki::HikiDBBase): ditto.
+ * hiki/util.rb (Hiki::Util): ditto.
+
2009-08-23 Kazuhiko <kazuh****@fdiar*****>
* style/default/hikidoc.rb: use recent hikidoc.rb (rev.122). fix a
bug: strings after non-WikiName expression are ignored.
Modified: hiki/trunk/hiki/command.rb
===================================================================
--- hiki/trunk/hiki/command.rb 2009-08-23 05:34:07 UTC (rev 988)
+++ hiki/trunk/hiki/command.rb 2009-08-23 13:16:47 UTC (rev 989)
@@ -119,9 +119,9 @@
end
}
rescue NoMethodError, PermissionError, SessionError, Timeout::Error
- data = get_common_data( @db, @plugin, @conf )
- data[:message] = CGI.escapeHTML( $!.message )
- generate_error_page( data )
+ data = get_common_data(@db, @plugin, @conf)
+ data[:message] = h($!.message)
+ generate_error_page(data)
end
end
@@ -204,7 +204,7 @@
pg_title =****@plugi*****_name(@p)
- data[:page_title] = (@plugin.hiki_anchor( @p.escape, @p.escapeHTML ))
+ data[:page_title] =****@plugi*****_anchor(@p.escape, h(@p))
data[:view_title] = pg_title
data[:title] = title( pg_title.unescapeHTML )
data[:toc] =****@plugi*****_f ? toc : nil
@@ -243,7 +243,7 @@
}.collect {|f|
k = f.keys[0]
editor = f[k][:editor] ? "by #{f[k][:editor]}" : ''
- display_text = ((f[k][:title] and f[k][:title].size > 0) ? f[k][:title] : k).escapeHTML
+ display_text = h((f[k][:title] and f[k][:title].size > 0) ? f[k][:title] : k)
display_text << " [#{@aliaswiki.aliaswiki(k)}]" if k !=****@alias*****(k)
%Q!#{@plugin.hiki_anchor(k.escape, display_text)}: #{format_date(f[k][:last_modified] )} #{editor}#{@conf.msg_freeze_mark if f[k][:freeze]}!
}
@@ -281,15 +281,15 @@
tm = f[k][:last_modified]
editor = f[k][:editor] ? "by #{f[k][:editor]}" : ''
display_text = (f[k][:title] and f[k][:title].size > 0) ? f[k][:title] : k
- display_text = display_text.escapeHTML
+ display_text = h(display_text)
display_text << " [#{@aliaswiki.aliaswiki(k)}]" if k !=****@alias*****(k)
- %Q|#{format_date( tm )}: #{@plugin.hiki_anchor( k.escape, display_text )} #{editor.escapeHTML} (<a href="#{@conf.cgi_name}#{cmdstr('diff',"p=#{k.escape}")}">#{@conf.msg_diff}</a>)|
+ %Q|#{format_date( tm )}: #{@plugin.hiki_anchor( k.escape, display_text )} #{h(editor)} (<a href="#{@conf.cgi_name}#{cmdstr('diff',"p=#{k.escape}")}">#{@conf.msg_diff}</a>)|
}
[list, last_modified]
end
def cmd_edit( page, text=nil, msg=nil, d_title=nil )
- page_title = d_title ? d_title.escapeHTML : @plugin.page_name(page)
+ page_title = d_title ? h(d_title) : @plugin.page_name(page)
save_button = @cmd == 'edit' ? '' : nil
preview_text = nil
@@ -308,14 +308,14 @@
formatter =****@conf*****( p, @db, @plugin, @conf )
preview_text, toc = formatter.to_s, formatter.toc
save_button = ''
- data[:keyword] = CGI.escapeHTML( @params['keyword'][0] || '' )
+ data[:keyword] = h(@params['keyword'][0] || '')
data[:update_timestamp] = @params['update_timestamp'][0] ? ' checked' : ''
data[:freeze] = @params['freeze'][0] ? ' checked' : ''
elsif @cmd == 'conflict'
old = text.gsub(/\r/, '')
new =****@db*****( page ) || ''
differ = word_diff( old, new ).gsub( /\n/, "<br>\n" )
- link =****@plugi*****_anchor( page.escape, page.escapeHTML )
+ link =****@plugi*****_anchor( page.escape, h(page))
end
@cmd = 'edit'
@@ -332,17 +332,17 @@
data[:title] = title( page )
data[:toc] =****@plugi*****_f ? toc : nil
- data[:pagename] = page.escapeHTML
+ data[:pagename] = h(page)
data[:md5hex] = md5hex
data[:edit_proc] =****@plugi*****_proc
- data[:contents] =****@plugi*****
+ data[:contents] = h(@plugin.text)
data[:msg] = msg
data[:button] = save_button
data[:preview_button] = save_button
data[:link] = link
data[:differ] = differ
data[:body] = preview_text ? formatter.apply_tdiary_theme(preview_text) : nil
- data[:keyword] ||= CGI.escapeHTML( @db.get_attribute(page, :keyword).join("\n") )
+ data[:keyword] ||= h(@db.get_attribute(page, :keyword).join("\n"))
data[:update_timestamp] ||= ' checked'
data[:page_title] = page_title
data[:form_proc] =****@plugi*****_proc
@@ -378,7 +378,7 @@
data = get_common_data( @db, @plugin, @conf )
data[:title] =****@conf*****_delete
data[:msg] =****@conf*****_delete_page
- data[:link] = page.escapeHTML
+ data[:link] = h(page)
generate_page(data)
else
title = @params['page_title'][0] ? @params['page_title'][0].strip : page
@@ -426,13 +426,13 @@
data[:title] = title( @conf.msg_search_result )
data[:msg2] =****@conf*****_search + ': '
data[:button] =****@conf*****_search
- data[:key] = %Q|value="#{word.escapeHTML}"|
+ data[:key] = %Q|value="#{h(word)}"|
word2 = word.split.join("', '")
if l.size > 0
- data[:msg1] = sprintf( @conf.msg_search_hits, word2.escapeHTML, total, l.size )
+ data[:msg1] = sprintf(@conf.msg_search_hits, h(word2), total, l.size)
data[:list] = l
else
- data[:msg1] = sprintf( @conf.msg_search_not_found, word2.escapeHTML )
+ data[:msg1] = sprintf(@conf.msg_search_not_found, h(word2))
data[:list] = nil
end
else
@@ -474,7 +474,7 @@
data[:msg1] = msg
data[:msg2] =****@conf*****_create + ': '
data[:button] =****@conf*****_newpage
- data[:key] = %Q|value="#{msg ? @p.escapeHTML : ''}"|
+ data[:key] = %Q|value="#{msg ? h(@p) : ''}"|
data[:list] = nil
data[:method] = 'get'
@@ -511,7 +511,7 @@
data[:title] = title( @conf.msg_login )
data[:button] =****@conf*****_ok
data[:login_result] = msg_login_result
- data[:page] = ( page || '' ).escapeHTML
+ data[:page] = h(page || '')
generate_page( data, status )
end
@@ -519,7 +519,7 @@
raise PermissionError, 'Permission denied' unles****@plugi*****?
data = get_common_data( @db, @plugin, @conf )
- data[:key] = ( @cgi.params['conf'][0] || 'default' ).escapeHTML
+ data[:key] = h(@cgi.params['conf'][0] || 'default')
data[:title] = title( @conf.msg_admin )
data[:session_id] =****@plugi*****_id
Modified: hiki/trunk/hiki/interwiki.rb
===================================================================
--- hiki/trunk/hiki/interwiki.rb 2009-08-23 05:34:07 UTC (rev 988)
+++ hiki/trunk/hiki/interwiki.rb 2009-08-23 13:16:47 UTC (rev 989)
@@ -1,9 +1,11 @@
# $Id: interwiki.rb,v 1.10 2005-12-28 23:42:18 fdiary Exp $
# Copyright (C) 2002-2003 TAKEUCHI Hitoshi <hitos****@namar*****>
+require 'hiki/util'
+
module Hiki
class InterWiki
- require 'hiki/util'
+ include Hiki::Util
URL = '(?:http|https|ftp|mailto|file):[a-zA-Z0-9;/?:@&=+$,\-_.!~*\'()#%]+'
INTERWIKI_NAME_RE = /\[\[([^|]+)\|(#{URL})\]\](?:\s+(sjis|euc|utf8|alias))?/
@@ -18,7 +20,7 @@
end
end
- def interwiki(s, p, display_text = "#{s}:#{p}".escapeHTML)
+ def interwiki(s, p, display_text = h("#{s}:#{p}"))
if @interwiki_names.has_key?(s)
encoding = @interwiki_names[s][:encoding]
page = case encoding
@@ -32,9 +34,9 @@
p
end
if @interwiki_names[s][:url].index('$1')
- [@interwiki_names[s][:url].dup.sub(/\$1/, page).escapeHTML, display_text]
+ [h(@interwiki_names[s][:url].dup.sub(/\$1/, page)), display_text]
else
- ["#{@interwiki_names[s][:url]}#{page}".escapeHTML, display_text]
+ [h("#{@interwiki_names[s][:url]}#{page}"), display_text]
end
else
nil
@@ -43,7 +45,7 @@
def outer_alias(s)
if @interwiki_names.has_key?(s) && @interwiki_names[s][:encoding] == 'alias'
- return [@interwiki_names[s][:url].escapeHTML, s.escapeHTML]
+ return [h(@interwiki_names[s][:url]), h(s)]
else
return nil
end
Modified: hiki/trunk/hiki/pluginutil.rb
===================================================================
--- hiki/trunk/hiki/pluginutil.rb 2009-08-23 05:34:07 UTC (rev 988)
+++ hiki/trunk/hiki/pluginutil.rb 2009-08-23 13:16:47 UTC (rev 989)
@@ -11,6 +11,7 @@
# Based on shellwords.rb(in ruby standard library).
require 'cgi'
+require 'erb'
module Hiki
module Util
@@ -48,7 +49,7 @@
elsif NIL_RE =~ field
nil
elsif field.size > 0
- field = CGI.escapeHTML(field) if escape
+ field = ERB::Util.h(field) if escape
field
else
:no_data
Modified: hiki/trunk/hiki/storage.rb
===================================================================
--- hiki/trunk/hiki/storage.rb 2009-08-23 05:34:07 UTC (rev 988)
+++ hiki/trunk/hiki/storage.rb 2009-08-23 13:16:47 UTC (rev 989)
@@ -62,11 +62,11 @@
keys.each do |key|
quoted_key = Regexp.quote(key)
if keyword and keyword.join("\n").index(/#{quoted_key}/i)
- status << @conf.msg_match_keyword.gsub(/\]/, " <strong>#{key.escapeHTML}</strong>]")
+ status << @conf.msg_match_keyword.gsub(/\]/, " <strong>#{h(key)}</strong>]")
elsif title and title.index(/#{quoted_key}/i)
- status << @conf.msg_match_title.gsub(/\]/, " <strong>#{key.escapeHTML}</strong>]")
+ status << @conf.msg_match_title.gsub(/\]/, " <strong>#{h(key)}</strong>]")
elsif load( page ).index(/^.*#{quoted_key}.*$/i)
- status << '[' + $&.escapeHTML.gsub(/#{Regexp.quote(key.escapeHTML)}/i) { "<strong>#{$&}</strong>"} + ']'
+ status << '[' + h($&).gsub(/#{Regexp.quote(h(key))}/i) { "<strong>#{$&}</strong>"} + ']'
else
status = nil
break
Modified: hiki/trunk/hiki/util.rb
===================================================================
--- hiki/trunk/hiki/util.rb 2009-08-23 05:34:07 UTC (rev 988)
+++ hiki/trunk/hiki/util.rb 2009-08-23 13:16:47 UTC (rev 989)
@@ -3,6 +3,7 @@
require 'nkf'
require 'cgi'
+require 'erb'
autoload( :Document, 'docdiff' )
autoload( :Diff, 'docdiff' )
@@ -32,10 +33,11 @@
end
def escapeHTML
- CGI.escapeHTML(self)
+ ERB::Util.h(self)
end
def unescapeHTML
+ # ???
CGI.unescapeHTML(self)
end
@@ -52,8 +54,10 @@
class PluginException < Exception; end
module Util
- def plugin_error( method, e )
- msg = "<strong>#{e.class} (#{e.message.escapeHTML}): #{method.escapeHTML}</strong><br>"
+ include ERB::Util
+
+ def plugin_error(method, e)
+ msg = "<strong>#{e.class} (#{h(e.message)}): #{h(method)}</strong><br>"
msg << "<strong>#{e.backtrace.join("<br>\n")}</strong>" if****@conf*****_debug
msg
end
@@ -62,12 +66,12 @@
"?c=#{cmd};#{param}"
end
- def title( s )
- CGI.escapeHTML( "#{@conf.site_name} - #{s}" )
+ def title(s)
+ h("#{@conf.site_name} - #{s}")
end
def view_title( s )
- %Q!<a href="#{@conf.cgi_name}#{cmdstr('search', "key=#{s.escape}") }">#{s.escapeHTML}</a>!
+ %Q!<a href="#{@conf.cgi_name}#{cmdstr('search', "key=#{s.escape}") }">#{h(s)}</a>!
end
def format_date( tm )
@@ -77,7 +81,7 @@
def get_common_data( db, plugin, conf )
data = {}
data[:author_name] = conf.author_name
- data[:view_style] = conf.use_sidebar ? CGI.escapeHTML( conf.main_class ) : 'hiki' # for tDiary theme
+ data[:view_style] = conf.use_sidebar ? h(conf.main_class) : 'hiki' # for tDiary theme
data[:cgi_name] = conf.cgi_name
if conf.use_sidebar
t = db.load_cache( conf.side_menu )
@@ -90,7 +94,7 @@
f = conf.formatter.new( t, db, plugin, conf, 's' )
data[:sidebar] = f.to_s
data[:main_class] = conf.main_class
- data[:sidebar_class] = CGI.escapeHTML( conf.sidebar_class )
+ data[:sidebar_class] = h(conf.sidebar_class)
else
data[:sidebar] = nil
end