PukiWiki
| Revision | 842ebb433d326f6bb667222d8a99e84ddf27257f (tree) |
|---|---|
| Time | 2016-02-07 01:33:03 |
| Author |  umorigu <umorigu@gmai...> |
| Commiter | umorigu |
Make sure page name is valid for tracker plugin action
plugin/tracker.inc.php (diff)| @@ -114,6 +114,13 @@ function plugin_tracker_action() | ||
| 114 | 114 | } |
| 115 | 115 | // ページ名を決定 |
| 116 | 116 | $base = $post['_base']; |
| 117 | + if (!is_pagename($base)) | |
| 118 | + { | |
| 119 | + return array( | |
| 120 | + 'msg'=>'cannot write', | |
| 121 | + 'body'=>'page name ('.htmlsc($base).') is not valid.' | |
| 122 | + ); | |
| 123 | + } | |
| 117 | 124 | $num = 0; |
| 118 | 125 | $name = (array_key_exists('_name',$post)) ? $post['_name'] : ''; |
| 119 | 126 | if (array_key_exists('_page',$post)) |
Fork