svnno****@sourc*****
svnno****@sourc*****
2009年 8月 23日 (日) 22:16:47 JST
Revision: 989 http://sourceforge.jp/projects/hiki/svn/view?view=rev&revision=989 Author: okkez Date: 2009-08-23 22:16:47 +0900 (Sun, 23 Aug 2009) Log Message: ----------- use ERB::Util#h instead of CGi.escapeHTML and String#escapeHTML Modified Paths: -------------- hiki/trunk/ChangeLog hiki/trunk/hiki/command.rb hiki/trunk/hiki/interwiki.rb hiki/trunk/hiki/pluginutil.rb hiki/trunk/hiki/storage.rb hiki/trunk/hiki/util.rb Modified: hiki/trunk/ChangeLog =================================================================== --- hiki/trunk/ChangeLog 2009-08-23 05:34:07 UTC (rev 988) +++ hiki/trunk/ChangeLog 2009-08-23 13:16:47 UTC (rev 989) @@ -1,3 +1,12 @@ +2009-08-23 okkez <okkez****@gmail*****> + + * hiki/command.rb (Hiki::Command): use ERB::Util#h + instead of String#escapeHTML or CGI::Util#escapeHTML . + * hiki/interwiki.rb (Hiki::InterWiki): ditto. + * hiki/pluginutil.rb (Hiki::Util): ditto. + * hiki/storage.rb (Hiki::HikiDBBase): ditto. + * hiki/util.rb (Hiki::Util): ditto. + 2009-08-23 Kazuhiko <kazuh****@fdiar*****> * style/default/hikidoc.rb: use recent hikidoc.rb (rev.122). fix a bug: strings after non-WikiName expression are ignored. Modified: hiki/trunk/hiki/command.rb =================================================================== --- hiki/trunk/hiki/command.rb 2009-08-23 05:34:07 UTC (rev 988) +++ hiki/trunk/hiki/command.rb 2009-08-23 13:16:47 UTC (rev 989) @@ -119,9 +119,9 @@ end } rescue NoMethodError, PermissionError, SessionError, Timeout::Error - data = get_common_data( @db, @plugin, @conf ) - data[:message] = CGI.escapeHTML( $!.message ) - generate_error_page( data ) + data = get_common_data(@db, @plugin, @conf) + data[:message] = h($!.message) + generate_error_page(data) end end @@ -204,7 +204,7 @@ pg_title =****@plugi*****_name(@p) - data[:page_title] = (@plugin.hiki_anchor( @p.escape, @p.escapeHTML )) + data[:page_title] =****@plugi*****_anchor(@p.escape, h(@p)) data[:view_title] = pg_title data[:title] = title( pg_title.unescapeHTML ) data[:toc] =****@plugi*****_f ? toc : nil @@ -243,7 +243,7 @@ }.collect {|f| k = f.keys[0] editor = f[k][:editor] ? "by #{f[k][:editor]}" : '' - display_text = ((f[k][:title] and f[k][:title].size > 0) ? f[k][:title] : k).escapeHTML + display_text = h((f[k][:title] and f[k][:title].size > 0) ? f[k][:title] : k) display_text << " [#{@aliaswiki.aliaswiki(k)}]" if k !=****@alias*****(k) %Q!#{@plugin.hiki_anchor(k.escape, display_text)}: #{format_date(f[k][:last_modified] )} #{editor}#{@conf.msg_freeze_mark if f[k][:freeze]}! } @@ -281,15 +281,15 @@ tm = f[k][:last_modified] editor = f[k][:editor] ? "by #{f[k][:editor]}" : '' display_text = (f[k][:title] and f[k][:title].size > 0) ? f[k][:title] : k - display_text = display_text.escapeHTML + display_text = h(display_text) display_text << " [#{@aliaswiki.aliaswiki(k)}]" if k !=****@alias*****(k) - %Q|#{format_date( tm )}: #{@plugin.hiki_anchor( k.escape, display_text )} #{editor.escapeHTML} (<a href="#{@conf.cgi_name}#{cmdstr('diff',"p=#{k.escape}")}">#{@conf.msg_diff}</a>)| + %Q|#{format_date( tm )}: #{@plugin.hiki_anchor( k.escape, display_text )} #{h(editor)} (<a href="#{@conf.cgi_name}#{cmdstr('diff',"p=#{k.escape}")}">#{@conf.msg_diff}</a>)| } [list, last_modified] end def cmd_edit( page, text=nil, msg=nil, d_title=nil ) - page_title = d_title ? d_title.escapeHTML : @plugin.page_name(page) + page_title = d_title ? h(d_title) : @plugin.page_name(page) save_button = @cmd == 'edit' ? '' : nil preview_text = nil @@ -308,14 +308,14 @@ formatter =****@conf*****( p, @db, @plugin, @conf ) preview_text, toc = formatter.to_s, formatter.toc save_button = '' - data[:keyword] = CGI.escapeHTML( @params['keyword'][0] || '' ) + data[:keyword] = h(@params['keyword'][0] || '') data[:update_timestamp] = @params['update_timestamp'][0] ? ' checked' : '' data[:freeze] = @params['freeze'][0] ? ' checked' : '' elsif @cmd == 'conflict' old = text.gsub(/\r/, '') new =****@db*****( page ) || '' differ = word_diff( old, new ).gsub( /\n/, "<br>\n" ) - link =****@plugi*****_anchor( page.escape, page.escapeHTML ) + link =****@plugi*****_anchor( page.escape, h(page)) end @cmd = 'edit' @@ -332,17 +332,17 @@ data[:title] = title( page ) data[:toc] =****@plugi*****_f ? toc : nil - data[:pagename] = page.escapeHTML + data[:pagename] = h(page) data[:md5hex] = md5hex data[:edit_proc] =****@plugi*****_proc - data[:contents] =****@plugi***** + data[:contents] = h(@plugin.text) data[:msg] = msg data[:button] = save_button data[:preview_button] = save_button data[:link] = link data[:differ] = differ data[:body] = preview_text ? formatter.apply_tdiary_theme(preview_text) : nil - data[:keyword] ||= CGI.escapeHTML( @db.get_attribute(page, :keyword).join("\n") ) + data[:keyword] ||= h(@db.get_attribute(page, :keyword).join("\n")) data[:update_timestamp] ||= ' checked' data[:page_title] = page_title data[:form_proc] =****@plugi*****_proc @@ -378,7 +378,7 @@ data = get_common_data( @db, @plugin, @conf ) data[:title] =****@conf*****_delete data[:msg] =****@conf*****_delete_page - data[:link] = page.escapeHTML + data[:link] = h(page) generate_page(data) else title = @params['page_title'][0] ? @params['page_title'][0].strip : page @@ -426,13 +426,13 @@ data[:title] = title( @conf.msg_search_result ) data[:msg2] =****@conf*****_search + ': ' data[:button] =****@conf*****_search - data[:key] = %Q|value="#{word.escapeHTML}"| + data[:key] = %Q|value="#{h(word)}"| word2 = word.split.join("', '") if l.size > 0 - data[:msg1] = sprintf( @conf.msg_search_hits, word2.escapeHTML, total, l.size ) + data[:msg1] = sprintf(@conf.msg_search_hits, h(word2), total, l.size) data[:list] = l else - data[:msg1] = sprintf( @conf.msg_search_not_found, word2.escapeHTML ) + data[:msg1] = sprintf(@conf.msg_search_not_found, h(word2)) data[:list] = nil end else @@ -474,7 +474,7 @@ data[:msg1] = msg data[:msg2] =****@conf*****_create + ': ' data[:button] =****@conf*****_newpage - data[:key] = %Q|value="#{msg ? @p.escapeHTML : ''}"| + data[:key] = %Q|value="#{msg ? h(@p) : ''}"| data[:list] = nil data[:method] = 'get' @@ -511,7 +511,7 @@ data[:title] = title( @conf.msg_login ) data[:button] =****@conf*****_ok data[:login_result] = msg_login_result - data[:page] = ( page || '' ).escapeHTML + data[:page] = h(page || '') generate_page( data, status ) end @@ -519,7 +519,7 @@ raise PermissionError, 'Permission denied' unles****@plugi*****? data = get_common_data( @db, @plugin, @conf ) - data[:key] = ( @cgi.params['conf'][0] || 'default' ).escapeHTML + data[:key] = h(@cgi.params['conf'][0] || 'default') data[:title] = title( @conf.msg_admin ) data[:session_id] =****@plugi*****_id Modified: hiki/trunk/hiki/interwiki.rb =================================================================== --- hiki/trunk/hiki/interwiki.rb 2009-08-23 05:34:07 UTC (rev 988) +++ hiki/trunk/hiki/interwiki.rb 2009-08-23 13:16:47 UTC (rev 989) @@ -1,9 +1,11 @@ # $Id: interwiki.rb,v 1.10 2005-12-28 23:42:18 fdiary Exp $ # Copyright (C) 2002-2003 TAKEUCHI Hitoshi <hitos****@namar*****> +require 'hiki/util' + module Hiki class InterWiki - require 'hiki/util' + include Hiki::Util URL = '(?:http|https|ftp|mailto|file):[a-zA-Z0-9;/?:@&=+$,\-_.!~*\'()#%]+' INTERWIKI_NAME_RE = /\[\[([^|]+)\|(#{URL})\]\](?:\s+(sjis|euc|utf8|alias))?/ @@ -18,7 +20,7 @@ end end - def interwiki(s, p, display_text = "#{s}:#{p}".escapeHTML) + def interwiki(s, p, display_text = h("#{s}:#{p}")) if @interwiki_names.has_key?(s) encoding = @interwiki_names[s][:encoding] page = case encoding @@ -32,9 +34,9 @@ p end if @interwiki_names[s][:url].index('$1') - [@interwiki_names[s][:url].dup.sub(/\$1/, page).escapeHTML, display_text] + [h(@interwiki_names[s][:url].dup.sub(/\$1/, page)), display_text] else - ["#{@interwiki_names[s][:url]}#{page}".escapeHTML, display_text] + [h("#{@interwiki_names[s][:url]}#{page}"), display_text] end else nil @@ -43,7 +45,7 @@ def outer_alias(s) if @interwiki_names.has_key?(s) && @interwiki_names[s][:encoding] == 'alias' - return [@interwiki_names[s][:url].escapeHTML, s.escapeHTML] + return [h(@interwiki_names[s][:url]), h(s)] else return nil end Modified: hiki/trunk/hiki/pluginutil.rb =================================================================== --- hiki/trunk/hiki/pluginutil.rb 2009-08-23 05:34:07 UTC (rev 988) +++ hiki/trunk/hiki/pluginutil.rb 2009-08-23 13:16:47 UTC (rev 989) @@ -11,6 +11,7 @@ # Based on shellwords.rb(in ruby standard library). require 'cgi' +require 'erb' module Hiki module Util @@ -48,7 +49,7 @@ elsif NIL_RE =~ field nil elsif field.size > 0 - field = CGI.escapeHTML(field) if escape + field = ERB::Util.h(field) if escape field else :no_data Modified: hiki/trunk/hiki/storage.rb =================================================================== --- hiki/trunk/hiki/storage.rb 2009-08-23 05:34:07 UTC (rev 988) +++ hiki/trunk/hiki/storage.rb 2009-08-23 13:16:47 UTC (rev 989) @@ -62,11 +62,11 @@ keys.each do |key| quoted_key = Regexp.quote(key) if keyword and keyword.join("\n").index(/#{quoted_key}/i) - status << @conf.msg_match_keyword.gsub(/\]/, " <strong>#{key.escapeHTML}</strong>]") + status << @conf.msg_match_keyword.gsub(/\]/, " <strong>#{h(key)}</strong>]") elsif title and title.index(/#{quoted_key}/i) - status << @conf.msg_match_title.gsub(/\]/, " <strong>#{key.escapeHTML}</strong>]") + status << @conf.msg_match_title.gsub(/\]/, " <strong>#{h(key)}</strong>]") elsif load( page ).index(/^.*#{quoted_key}.*$/i) - status << '[' + $&.escapeHTML.gsub(/#{Regexp.quote(key.escapeHTML)}/i) { "<strong>#{$&}</strong>"} + ']' + status << '[' + h($&).gsub(/#{Regexp.quote(h(key))}/i) { "<strong>#{$&}</strong>"} + ']' else status = nil break Modified: hiki/trunk/hiki/util.rb =================================================================== --- hiki/trunk/hiki/util.rb 2009-08-23 05:34:07 UTC (rev 988) +++ hiki/trunk/hiki/util.rb 2009-08-23 13:16:47 UTC (rev 989) @@ -3,6 +3,7 @@ require 'nkf' require 'cgi' +require 'erb' autoload( :Document, 'docdiff' ) autoload( :Diff, 'docdiff' ) @@ -32,10 +33,11 @@ end def escapeHTML - CGI.escapeHTML(self) + ERB::Util.h(self) end def unescapeHTML + # ??? CGI.unescapeHTML(self) end @@ -52,8 +54,10 @@ class PluginException < Exception; end module Util - def plugin_error( method, e ) - msg = "<strong>#{e.class} (#{e.message.escapeHTML}): #{method.escapeHTML}</strong><br>" + include ERB::Util + + def plugin_error(method, e) + msg = "<strong>#{e.class} (#{h(e.message)}): #{h(method)}</strong><br>" msg << "<strong>#{e.backtrace.join("<br>\n")}</strong>" if****@conf*****_debug msg end @@ -62,12 +66,12 @@ "?c=#{cmd};#{param}" end - def title( s ) - CGI.escapeHTML( "#{@conf.site_name} - #{s}" ) + def title(s) + h("#{@conf.site_name} - #{s}") end def view_title( s ) - %Q!<a href="#{@conf.cgi_name}#{cmdstr('search', "key=#{s.escape}") }">#{s.escapeHTML}</a>! + %Q!<a href="#{@conf.cgi_name}#{cmdstr('search', "key=#{s.escape}") }">#{h(s)}</a>! end def format_date( tm ) @@ -77,7 +81,7 @@ def get_common_data( db, plugin, conf ) data = {} data[:author_name] = conf.author_name - data[:view_style] = conf.use_sidebar ? CGI.escapeHTML( conf.main_class ) : 'hiki' # for tDiary theme + data[:view_style] = conf.use_sidebar ? h(conf.main_class) : 'hiki' # for tDiary theme data[:cgi_name] = conf.cgi_name if conf.use_sidebar t = db.load_cache( conf.side_menu ) @@ -90,7 +94,7 @@ f = conf.formatter.new( t, db, plugin, conf, 's' ) data[:sidebar] = f.to_s data[:main_class] = conf.main_class - data[:sidebar_class] = CGI.escapeHTML( conf.sidebar_class ) + data[:sidebar_class] = h(conf.sidebar_class) else data[:sidebar] = nil end