Fossil SCM
When setting <var>$webpagename</var> pass the value of <var>g.zPath</var> though <code>escape_quotes()</code>. This is unclear how <var>g.zPath</var> can contain quotes but let this strange case be handled in a safe way.
Commit
288fe34ced9099e0ccc5ce9cc90f091312d2435e6a913b4b037c8e5ae544b176
Parent
6d135904ad51698…
1 file changed
+1
-1
+1
-1
| --- src/style.c | ||
| +++ src/style.c | ||
| @@ -795,11 +795,11 @@ | ||
| 795 | 795 | Th_Store("index_page", db_get("index-page","/home")); |
| 796 | 796 | if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); |
| 797 | 797 | Th_Store("current_page", local_zCurrentPage); |
| 798 | 798 | if( !local_zBaseHrefSuffix ) style_set_base_href_suffix("%s",g.zRelReqURI); |
| 799 | 799 | Th_Store("base_href_suffix", local_zBaseHrefSuffix); |
| 800 | - Th_Store("webpagename", g.zPath); | |
| 800 | + Th_Store("webpagename", escape_quotes(g.zPath)); | |
| 801 | 801 | Th_Store("csrf_token", g.zCsrfToken); |
| 802 | 802 | Th_Store("release_version", RELEASE_VERSION); |
| 803 | 803 | Th_Store("manifest_version", MANIFEST_VERSION); |
| 804 | 804 | Th_Store("manifest_date", MANIFEST_DATE); |
| 805 | 805 | Th_Store("compiler_name", COMPILER_NAME); |
| 806 | 806 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -795,11 +795,11 @@ | |
| 795 | Th_Store("index_page", db_get("index-page","/home")); |
| 796 | if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); |
| 797 | Th_Store("current_page", local_zCurrentPage); |
| 798 | if( !local_zBaseHrefSuffix ) style_set_base_href_suffix("%s",g.zRelReqURI); |
| 799 | Th_Store("base_href_suffix", local_zBaseHrefSuffix); |
| 800 | Th_Store("webpagename", g.zPath); |
| 801 | Th_Store("csrf_token", g.zCsrfToken); |
| 802 | Th_Store("release_version", RELEASE_VERSION); |
| 803 | Th_Store("manifest_version", MANIFEST_VERSION); |
| 804 | Th_Store("manifest_date", MANIFEST_DATE); |
| 805 | Th_Store("compiler_name", COMPILER_NAME); |
| 806 |
| --- src/style.c | |
| +++ src/style.c | |
| @@ -795,11 +795,11 @@ | |
| 795 | Th_Store("index_page", db_get("index-page","/home")); |
| 796 | if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); |
| 797 | Th_Store("current_page", local_zCurrentPage); |
| 798 | if( !local_zBaseHrefSuffix ) style_set_base_href_suffix("%s",g.zRelReqURI); |
| 799 | Th_Store("base_href_suffix", local_zBaseHrefSuffix); |
| 800 | Th_Store("webpagename", escape_quotes(g.zPath)); |
| 801 | Th_Store("csrf_token", g.zCsrfToken); |
| 802 | Th_Store("release_version", RELEASE_VERSION); |
| 803 | Th_Store("manifest_version", MANIFEST_VERSION); |
| 804 | Th_Store("manifest_date", MANIFEST_DATE); |
| 805 | Th_Store("compiler_name", COMPILER_NAME); |
| 806 |