dépôts / lhc / web / wiklou.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6a87ccc)
Validate input
authorBrion Vibber <brion@users.mediawiki.org>
Thu, 14 Oct 2004 08:38:06 +0000 (08:38 +0000)
committerBrion Vibber <brion@users.mediawiki.org>
Thu, 14 Oct 2004 08:38:06 +0000 (08:38 +0000)
includes/Skin.php patch | blob | history
includes/SkinPHPTal.php patch | blob | history

diff --git a/includes/Skin.php b/includes/Skin.php
index 1464d9b..528e5c3 100644 (file)
--- a/includes/Skin.php
+++ b/includes/Skin.php
@@ -299,11 +299,11 @@ class Skin {
                  (!$wgTitle->isProtected() || $wgUser->isSysop()) ) {
                        $t = wfMsg( 'editthispage' );
                        $oid = $red = '';
-                       if ( !empty($redirect) ) {
+                       if ( !empty($redirect) && $redirect == 'no' ) {
                                $red = "&redirect={$redirect}";
                        }
                        if ( !empty($oldid) && ! isset( $diff ) ) {
-                               $oid = "&oldid={$oldid}";
+                               $oid = "&oldid=" . IntVal( $oldid );
                        }
                        $s = $wgTitle->getFullURL( "action=edit{$oid}{$red}" );
                        $s = 'document.location = "' .$s .'";';
diff --git a/includes/SkinPHPTal.php b/includes/SkinPHPTal.php
index b5e6369..f6cc7b9 100644 (file)
--- a/includes/SkinPHPTal.php
+++ b/includes/SkinPHPTal.php
@@ -435,7 +435,7 @@ class SkinPHPTal extends Skin {
                        }
 
                        if ( $wgTitle->userCanEdit() ) {
-                               $oid = ( $oldid && ! isset( $diff ) ) ? '&oldid='.$oldid : false;
+                               $oid = ( $oldid && ! isset( $diff ) ) ? '&oldid='.IntVal( $oldid ) : false;
                                $istalk = ( Namespace::isTalk( $wgTitle->getNamespace()) );
                                $istalkclass = $istalk?' istalk':'';
                                $content_actions['edit'] = array(
@@ -451,7 +451,7 @@ class SkinPHPTal extends Skin {
                                        );
                                }
                        } else {
-                                       $oid = ( $oldid && ! isset( $diff ) ) ? '&oldid='.$oldid : '';
+                                       $oid = ( $oldid && ! isset( $diff ) ) ? '&oldid='.IntVal( $oldid ) : '';
                                $content_actions['viewsource'] = array('class' => ($action == 'edit') ? 'selected' : false,
                                'text' => wfMsg('viewsource'),
                                'href' => $this->makeUrl($this->thispage, 'action=edit'.$oid));
Wiklou, le Wiki du Wiklou