Version 0.9 ()
------------------------------------------------------------------------
+ * Fix possible XSS when using the templatedropdown or shoutbox
+ plugins (garvinhicking)
+
+ * Fix pagination of "Entries by Author" (garvinhicking)
+
* Fix RSS 1.0 missing top-level namespace (garvinhicking)
* Added new event hook to the trackback sending facility so that
$url = $serendipity['serendipityHTTPPath'] . $serendipity['indexFile'] . '?' . $uri['path'] . $qst;
$url = str_replace($serendipity['indexFile'] . '&', '', $url); // Kill possible looped repitions which could occur
- return $url;
+ return strip_tags($url);
}
function serendipity_getUriArguments($uri, $wildcard = false) {
include_once(S9Y_INCLUDE_PATH . 'include/genpage.inc.php');
} else if (preg_match(PAT_AUTHORS, $uri, $matches)) {
+ $_args = $serendipity['uriArguments'];
+
+ /* Attempt to locate hidden variables within the URI */
+ foreach ($_args as $k => $v){
+ if ($v == PATH_AUTHORS) {
+ continue;
+ }
+ if ($v{0} == 'P') { /* Page */
+ $serendipity['GET']['page'] = substr($v, 1);
+ unset($_args[$k]);
+ unset($serendipity['uriArguments'][$k]);
+ }
+ }
+
$serendipity['GET']['viewAuthor'] = $matches[1];
$serendipity['GET']['action'] = 'read';
projects / s9y.git / commitdiff