validate page parameter to be a local filename
continuous-integration/drone/pr Build encountered an error Details

This commit is contained in:
Alexander 2023-01-26 18:39:24 +00:00
parent e5eb43ecc6
commit c2ec0439df
1 changed files with 13 additions and 3 deletions

View File

@ -17,7 +17,17 @@ $additional_head = "
$parser = wiki::factory(true);
if (!isset($_GET["page"]) || !file_exists("pages/{$_GET['page']}.md")) {
if(isset($_GET["page"])) {
$page=$_GET["page"];
} else {
$page="";
}
if(preg_match("/[^a-z0-9_-]/", $page)) {
$page="";
}
if ($page=="" || !file_exists("pages/$page.md")) {
$title = "tilde.chat~wiki";
$additional_head .= "
@ -73,7 +83,7 @@ if (!isset($_GET["page"]) || !file_exists("pages/{$_GET['page']}.md")) {
} else {
$pg = $parser->parse(file_get_contents("pages/{$_GET["page"]}.md"));
$pg = $parser->parse(file_get_contents("pages/$page.md"));
$yml = $pg->getYAML();
$title = $yml['title'] . " | tilde.chat~wiki";
$description = $yml['description'] ?? "tilde.chat wiki article {$yml['title']}";
@ -91,7 +101,7 @@ if (!isset($_GET["page"]) || !file_exists("pages/{$_GET['page']}.md")) {
<hr>
<?=$pg->getContent()?>
<hr>
<a href="https://tildegit.org/tildeverse/tilde.chat/src/branch/master/wiki/pages/<?=$_GET["page"]?>.md">
<a href="https://tildegit.org/tildeverse/tilde.chat/src/branch/master/wiki/pages/<?=$page?>.md">
<i class="fa fa-edit"></i> source
</a>