29,7 → 29,7 |
$pageName = 'Index'; |
} |
|
$page = new Taios_Page('Wiki · ' . $pageName, '../'); |
$page = new Taios_Page('Wiki · ' . htmlentities($pageName, ENT_QUOTES), '../'); |
|
if (isset($_GET['random'])) |
{ |
56,10 → 56,12 |
|
if ($page->isUserGM($page->getLoggedInUser())) |
{ |
write('<p class="bold"><a href="edit.php?page=' . $pageName . '">Edit Page</a></p><br />'); |
write('<p class="bold"><a href="edit.php?page=' . htmlentities($pageName, ENT_QUOTES) . '">Edit Page</a></p><br />'); |
} |
|
$pageName = str_replace("../", "/", $pageName); |
while (strpos($pageName, '../') !== false) { |
$pageName = str_replace("../", "/", $pageName); |
} |
|
$filename = 'pages/' . $pageName . '.txt'; |
|
76,7 → 78,7 |
|
if(is_dir('pages/' . $pageName)) |
{ |
write('<p>Directory listing of ' . $pageName . ':</p>'); |
write('<p>Directory listing of ' . htmlentities($pageName, ENT_QUOTES) . ':</p>'); |
write('<ul>'); |
$dir = opendir('pages/' . $pageName); |
if($dir) |
86,7 → 88,7 |
if($file != '.' && $file != '..' && (preg_match('/\.txt$/', $file) || is_dir('pages/' . $pageName . '/' . $file))) |
{ |
$file = preg_replace('/\.txt$/', '', $file); |
write('<li><a href="index.php?page=' . $pageName . '/' . htmlspecialchars($file) . '">' . htmlspecialchars($file) . '</a></li>'); |
write('<li><a href="index.php?page=' . htmlentities($pageName, ENT_QUOTES) . '/' . htmlentities($file, ENT_QUOTES) . '">' . htmlentities($file, ENT_QUOTES) . '</a></li>'); |
} |
} |
} |