escape HTML @html_title.

git-svn-id: https://tdiary.svn.sourceforge.net/svnroot/tdiary/trunk/core@1638 7f22e88f-374d-0410-998f-c91420d97ba2
tdiary · Oct 23, 2003 · b4155df · b4155df
1 parent 8f71a72
commit b4155df
Show file tree

Hide file tree

Showing 17 changed files with 38 additions and 30 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,11 @@
+2003-10-23  Kazuhiko  <kazuhiko@fdiary.net>
+	* plugin/ja/00default.rb, plugin/ja/00default.rb,
+	skel/category.rhtml, skel/conf.rhtml, skel/i.conf.rhtml,
+	skel/i.day.rhtml, skel/i.latest.rhtml, skel/i.month.rhtml,
+	skel/i.show.rhtml, skel/i.update.rhtml, skel/i.update.rhtml.en,
+	skel/preview.rhtml, skel/preview.rhtml.en, skel/show.rhtml,
+	skel/update.rhtml, skel/update.rhtml.en: escape HTML @html_title.
+
 2003.10.22 TADA Tadashi <sho@spc.gr.jp>
 	* skel/tdiary.rconf: fix error when @author_mail was nil.
 

diff --git a/plugin/en/00default.rb b/plugin/en/00default.rb
@@ -6,7 +6,7 @@
 # header
 #
 def title_tag
-	r = "<title>#{@html_title}"
+	r = "<title>#{CGI::escapeHTML( @html_title )}"
 	case @mode
 	when 'day', 'comment'
 		r << "(#{@date.strftime( '%Y-%m-%d' )})" if @date

diff --git a/plugin/ja/00default.rb b/plugin/ja/00default.rb
@@ -6,7 +6,7 @@
 # header
 #
 def title_tag
-	r = "<title>#{@html_title}"
+	r = "<title>#{CGI::escapeHTML( @html_title )}"
 	case @mode
 	when 'day', 'comment'
 		r << "(#{@date.strftime( '%Y-%m-%d' )})" if @date

diff --git a/skel/category.rhtml b/skel/category.rhtml
@@ -1,4 +1,4 @@
-<%# category.rhtml $Revision: 1.4 $ %>
+<%# category.rhtml $Revision: 1.5 $ %>
 <%%=navi %>
 <%
 case mode
@@ -18,7 +18,7 @@ when /latest/
 	param = []
 end
 %>
-<h1><%= @conf.html_title %> [<%%= category_title %>: <%%= <%= label %> %>]</h1>
+<h1><%= CGI::escapeHTML( @conf.html_title ) %> [<%%= category_title %>: <%%= <%= label %> %>]</h1>
 <hr class="sep">
 <%%= category_form %>
 <hr class="sep">

diff --git a/skel/conf.rhtml b/skel/conf.rhtml
@@ -1,7 +1,7 @@
-<%# conf.rhtml $Revision: 1.19 $ %>
+<%# conf.rhtml $Revision: 1.20 $ %>
 <%%=navi%>
 
-<h1><%= @conf.html_title %> [<%%=navi_preference%>]</h1>
+<h1><%= CGI::escapeHTML( @conf.html_title ) %> [<%%=navi_preference%>]</h1>
 
 <div class="sidebar">
 <ul style="margin-top: 5em;">

diff --git a/skel/i.conf.rhtml b/skel/i.conf.rhtml
@@ -1,5 +1,5 @@
-<%# i.conf.rhtml $Revision: 1.7 $ %>
-<h1><%= @conf.html_title %> [<%%=navi_preference%>]</h1>
+<%# i.conf.rhtml $Revision: 1.8 $ %>
+<h1><%= CGI::escapeHTML( @conf.html_title ) %> [<%%=navi_preference%>]</h1>
 <P>
 <%%= mobile_navi %>
 </P>

diff --git a/skel/i.day.rhtml b/skel/i.day.rhtml
@@ -1,6 +1,6 @@
-<%# i.day.rhtml $Revision: 1.13 $ %>
+<%# i.day.rhtml $Revision: 1.14 $ %>
 <%%update_proc if @mode == 'comment'%>
-<H1><%= @conf.html_title %></H1>
+<H1><%= CGI::escapeHTML( @conf.html_title ) %></H1>
 <P>
 <%%= mobile_navi %>
 </P>

diff --git a/skel/i.latest.rhtml b/skel/i.latest.rhtml
@@ -1,5 +1,5 @@
-<%# i.latest.rhtml $Revision: 1.10 $ %>
-<H1><%= @conf.html_title %></H1>
+<%# i.latest.rhtml $Revision: 1.11 $ %>
+<H1><%= CGI::escapeHTML( @conf.html_title ) %></H1>
 <%
 param = {
 	'prefix' => 'i.',

diff --git a/skel/i.month.rhtml b/skel/i.month.rhtml
@@ -1,5 +1,5 @@
-<%# i.day.rhtml $Revision: 1.10 $ %>
-<H1><%= @conf.html_title %></H1>
+<%# i.day.rhtml $Revision: 1.11 $ %>
+<H1><%= CGI::escapeHTML( @conf.html_title ) %></H1>
 <%
 diary = @diaries[@diaries.keys.sort[0]]
 if diary then

diff --git a/skel/i.show.rhtml b/skel/i.show.rhtml
@@ -1,6 +1,6 @@
-<%# i.show.rhtml $Revision: 1.8 $ %>
+<%# i.show.rhtml $Revision: 1.9 $ %>
 <%%update_proc%>
-<H1><%= @conf.html_title %> <%%=label_update_complete%></H1>
+<H1><%= CGI::escapeHTML( @conf.html_title ) %> <%%=label_update_complete%></H1>
 <P>
 <%%= mobile_navi %>
 </P>

diff --git a/skel/i.update.rhtml b/skel/i.update.rhtml
@@ -1,5 +1,5 @@
-<%# i.update.rhtml $Revision: 1.15 $ %>
-<H1><%= @conf.html_title %> [<%%= submit_label %>]</H1>
+<%# i.update.rhtml $Revision: 1.16 $ %>
+<H1><%= CGI::escapeHTML( @conf.html_title ) %> [<%%= submit_label %>]</H1>
 
 <P>
 <%%= mobile_navi %>

diff --git a/skel/i.update.rhtml.en b/skel/i.update.rhtml.en
@@ -1,5 +1,5 @@
-<%# i.update.rhtml $Revision: 1.8 $ %>
-<H1><%= @conf.html_title %> [<%%= submit_label %>]</H1>
+<%# i.update.rhtml $Revision: 1.9 $ %>
+<H1><%= CGI::escapeHTML( @conf.html_title ) %> [<%%= submit_label %>]</H1>
 
 <P>
 <%%= mobile_navi %>

diff --git a/skel/preview.rhtml b/skel/preview.rhtml
@@ -1,7 +1,7 @@
-<%# preview.rhtml $Revision: 1.9 $ %>
+<%# preview.rhtml $Revision: 1.10 $ %>
 <%%=navi%>
 
-<h1><%= @conf.html_title %> [<%%=preview_label%>]</h1>
+<h1><%= CGI::escapeHTML( @conf.html_title ) %> [<%%=preview_label%>]</h1>
 <%
 param = {
 	'date_format' => @conf.date_format,

diff --git a/skel/preview.rhtml.en b/skel/preview.rhtml.en
@@ -1,7 +1,7 @@
-<%# preview.rhtml.en $Revision: 1.8 $ %>
+<%# preview.rhtml.en $Revision: 1.9 $ %>
 <%%=navi%>
 
-<h1><%= @conf.html_title %> [<%%=preview_label%>]</h1>
+<h1><%= CGI::escapeHTML( @conf.html_title ) %> [<%%=preview_label%>]</h1>
 <%
 param = {
 	'date_format' => @conf.date_format,

diff --git a/skel/show.rhtml b/skel/show.rhtml
@@ -1,7 +1,7 @@
-<%# show.rhtml $Revision: 1.9 $ %>
+<%# show.rhtml $Revision: 1.10 $ %>
 <%%=navi%><%%update_proc%>
 
-<h1><%= @conf.html_title %> <%%=label_update_complete%></h1>
+<h1><%= CGI::escapeHTML( @conf.html_title ) %> <%%=label_update_complete%></h1>
 <% unless @diary.visible? then %><p class="message"><%%=label_hidden_diary%></p><% end %>
 <%
 param = {

diff --git a/skel/update.rhtml b/skel/update.rhtml
@@ -1,7 +1,7 @@
-<%# update.rhtml $Revision: 1.24 $ %>
+<%# update.rhtml $Revision: 1.25 $ %>
 <%%=navi%>
 
-<h1><%= @conf.html_title %> [<%%= submit_label %>]</h1>
+<h1><%= CGI::escapeHTML( @conf.html_title ) %> [<%%= submit_label %>]</h1>
 
 <div class="update day">
 <div class="form">

diff --git a/skel/update.rhtml.en b/skel/update.rhtml.en
@@ -1,7 +1,7 @@
-<%# update.rhtml $Revision: 1.9 $ %>
+<%# update.rhtml $Revision: 1.10 $ %>
 <%%=navi%>
 
-<h1><%= @conf.html_title %> [<%%= submit_label %>]</h1>
+<h1><%= CGI::escapeHTML( @conf.html_title ) %> [<%%= submit_label %>]</h1>
 
 <div class="update day">
 <div class="form">