On Sun, May 11, 2014 at 10:12 AM, <[email protected]> wrote: > Commit: 066a3c46cf554167ecf3ccc8778ff192a1d08901 > Author: Sobak <[email protected]> Sun, 11 May 2014 19:12:23 > +0200 > Parents: 5aea2a996ff375cd4c5e475ff09796dc020cffe6 > Branches: master > > Link: > http://git.php.net/?p=web/wiki.git;a=commitdiff;h=066a3c46cf554167ecf3ccc8778ff192a1d08901 > > Log: > Link users to their PHP.net profile > > Changed paths: > M dokuwiki/inc/common.php > > > Diff: > diff --git a/dokuwiki/inc/common.php b/dokuwiki/inc/common.php > index 3277128..ca410c5 100644 > --- a/dokuwiki/inc/common.php > +++ b/dokuwiki/inc/common.php > @@ -1418,34 +1418,7 @@ function shorten($keep, $short, $max, $min = 9, $char > = '…') { > * @author Andy Webber <dokuwiki AT andywebber DOT com> > */ > function editorinfo($username) { > - global $conf; > - global $auth; > - > - switch($conf['showuseras']) { > - case 'username': > - case 'email': > - case 'email_link': > - if($auth) $info = $auth->getUserData($username); > - break; > - default: > - return hsc($username); > - } > - > - if(isset($info) && $info) { > - switch($conf['showuseras']) { > - case 'username': > - return hsc($info['name']); > - case 'email': > - return obfuscate($info['mail']); > - case 'email_link': > - $mail = obfuscate($info['mail']); > - return '<a href="mailto:'.$mail.'">'.$mail.'</a>'; > - default: > - return hsc($username); > - } > - } else { > - return hsc($username); > - } > + return '<a href="//people.php.net/'.$username.'">'.$username.'</a>';
- Not all wiki users have @php.net karma/profile pages (it depends on the login method) - You need to escape the $username (XSS...) - Modifying dokuwiki core code is evil as it will get lost next time we upgrade (say, a new security release is out). Please attempt to make these changes as part of a custom plugin or maintain a patch file in the patches/ directory -Hannes -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
