Item14235: Strip some unneeded characters

foswiki · Dec 20, 2016 · acdb9ed · acdb9ed
1 parent 4457b66
commit acdb9ed
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/core/lib/Foswiki/UI/Edit.pm b/core/lib/Foswiki/UI/Edit.pm
@@ -318,6 +318,11 @@ sub init_edit {
         }
     }
 
+    # Sanitizing to prevent escape from ENCODE
+    $templateTopic =~ s/['"]//g if $templateTopic;
+    $redirectTo    =~ s/['"]//g if $redirectTo;
+    $parentTopic   =~ s/['"]//g if $parentTopic;
+
     # The template might contain embedded META data,  so serialize it
     # and deserialize it to pick up the embedded meta.
     Foswiki::Serialise::deserialise(

diff --git a/core/lib/Foswiki/UI/Preview.pm b/core/lib/Foswiki/UI/Preview.pm
@@ -110,6 +110,7 @@ sub preview {
     $tmpl =~ s/%CMD%/$saveCmd/g;
 
     my $redirectTo = $query->param('redirectto') || '';
+    $redirectTo =~ s/['"]//g if $redirectTo;
     $tmpl =~ s/%REDIRECTTO%/$redirectTo/g;
 
     $formName ||= '';
@@ -142,17 +143,21 @@ sub preview {
     # see formtables.tmpl
 
     my $originalrev = $query->param('originalrev');    # rev edit started on
-         #ASSERT($originalrev ne '%ORIGINALREV%') if DEBUG;
+    $originalrev =~ s/['"]//g if $originalrev;
+
+    #ASSERT($originalrev ne '%ORIGINALREV%') if DEBUG;
     $tmpl =~ s/%ORIGINALREV%/$originalrev/g if ( defined($originalrev) );
 
     my $templatetopic = $query->param('templatetopic');
+    $templatetopic =~ s/['"]//g if $templatetopic;
 
     #ASSERT($templatetopic ne '%TEMPLATETOPIC%') if DEBUG;
     $tmpl =~ s/%TEMPLATETOPIC%/$templatetopic/g if ( defined($templatetopic) );
 
     #this one's worrying, its special, and not set much at all
     #$tmpl =~ s/%SETTINGSTOPIC%/$settingstopic/g;
     my $newtopic = $query->param('newtopic');
+    $newtopic =~ s/['"]//g if $newtopic;
 
     #ASSERT($newtopic ne '%NEWTOPIC%') if DEBUG;
     $tmpl =~ s/%NEWTOPIC%/$newtopic/g if ( defined($newtopic) );