aboutsummaryrefslogtreecommitdiffstats
path: root/include/wiki.php
diff options
context:
space:
mode:
authorAndrew Manning <tamanning@zoho.com>2016-06-12 07:17:23 -0400
committerredmatrix <git@macgirvin.com>2016-06-12 15:18:43 -0700
commit410f5389ae90e1c219b097b051aaa9922e73efd5 (patch)
tree378bbaee1d43c3de2bb45bec89a39a3434d432a9 /include/wiki.php
parent1789c3242adcf11fe37f0ef0ec6180966853eeda (diff)
downloadvolse-hubzilla-410f5389ae90e1c219b097b051aaa9922e73efd5.tar.gz
volse-hubzilla-410f5389ae90e1c219b097b051aaa9922e73efd5.tar.bz2
volse-hubzilla-410f5389ae90e1c219b097b051aaa9922e73efd5.zip
Apply purify_html to page content before preview and save to prevent JavaScript code injection.
Diffstat (limited to 'include/wiki.php')
-rw-r--r--include/wiki.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/wiki.php b/include/wiki.php
index f0785d549..4aa3fc1b4 100644
--- a/include/wiki.php
+++ b/include/wiki.php
@@ -279,7 +279,7 @@ function wiki_page_history($arr) {
function wiki_save_page($arr) {
$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
- $content = ((array_key_exists('content',$arr)) ? $arr['content'] : '');
+ $content = ((array_key_exists('content',$arr)) ? purify_html($arr['content']) : '');
$resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : '');
$w = wiki_get_wiki($resource_id);
if (!$w['path']) {