<?php
// PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: lookup.inc.php,v 1.21 2005/05/06 05:59:43 henoheno Exp $
-// Copyright (C)
-// 2002-2005 PukiWiki Developers Team
+// lookup.inc.php
+// Copyright
+// 2002-2017 PukiWiki Development Team
// 2001-2002 Originally written by yu-ji
// License: GPL v2 or (at your option) any later version
//
if ($num == 0 || $num > 3) return PLUGIN_LOOKUP_USAGE;
$args = func_get_args();
- $interwiki = htmlspecialchars(trim($args[0]));
- $button = isset($args[1]) ? trim($args[1]) : '';
- $button = ($button != '') ? htmlspecialchars($button) : 'lookup';
- $default = ($num > 2) ? htmlspecialchars(trim($args[2])) : '';
- $s_page = htmlspecialchars($vars['page']);
+ $interwiki = htmlsc(trim($args[0]));
+ $button = isset($args[1]) ? trim($args[1]) : '';
+ $button = ($button != '') ? htmlsc($button) : 'lookup';
+ $default = ($num > 2) ? htmlsc(trim($args[2])) : '';
+ $s_page = htmlsc($vars['page']);
++$id;
- $script = get_script_uri();
+ $script = get_base_uri();
$ret = <<<EOD
<form action="$script" method="post">
<div>
$page = isset($post['page']) ? $post['page'] : '';
$inter = isset($post['inter']) ? $post['inter'] : '';
if ($page == '') return FALSE; // Do nothing
- if ($inter == '') return array(msg=>'Invalid access', body=>'');
+ if ($inter == '') return array('msg'=>'Invalid access', 'body'=>'');
$url = get_interwiki_url($inter, $page);
if ($url === FALSE) {
$msg = sprintf('InterWikiName "%s" not found', $inter);
- $msg = htmlspecialchars($msg);
- return array(msg=>'Not found', body=>$msg);
+ $msg = htmlsc($msg);
+ return array('msg'=>'Not found', 'body'=>$msg);
}
pkwk_headers_sent();
header('Location: ' . $url); // Publish as GET method
exit;
}
-?>