Merge branch 'security/rve-2024-1' into develop

2026-01-03 16:51:40 +09:00 · 2024-01-30 23:45:17 +09:00 · 2024-01-30 23:45:17 +09:00 · 9eea71631a
commit 9eea71631a
parent 36c3f89d4a 56af0cb5c3
4 changed files with 11 additions and 10 deletions
--- a/modules/board/skins/default/_read.html
+++ b/modules/board/skins/default/_read.html
@ -67,7 +67,7 @@
 				<li class="delicious link"><a href="https://delicious.com/">Delicious</a></li>
 			</ul>
 			<script>
-				var sTitle = '{str_ireplace(array('<script', '</script'), array("<scr'+'ipt", "</scr'+'ipt"), addslashes($oDocument->getTitleText()))}';
+				var sTitle = {json_encode($oDocument->getTitleText())};
 				jQuery(function($){
 					$('.twitter>a').snspost({
 						type : 'twitter',
--- a/modules/board/skins/xedition/_read.html
+++ b/modules/board/skins/xedition/_read.html
@ -64,7 +64,7 @@
 		    </li>
 		    </ul>
 			<script>
-				var sTitle = '{$oDocument->getTitleText()}';
+				var sTitle = {json_encode($oDocument->getTitleText())};
 				jQuery(function($){
 					$('.twitter').snspost({
 						type : 'twitter',
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@ -748,11 +748,11 @@ class DocumentController extends Document

 		// If the tile is empty, extract string from the contents.
 		$obj->title = escape($obj->title, false);
-		if($obj->title == '')
+		if ($obj->title === '')
 		{
-			$obj->title = cut_str(trim(strip_tags(nl2br($obj->content))),20,'...');
+			$obj->title = escape(cut_str(trim(utf8_normalize_spaces(strip_tags($obj->content))), 20, '...'), false);
 		}
-		if($obj->title == '')
+		if ($obj->title === '')
 		{
 			$obj->title = 'Untitled';
 		}
@ -1047,11 +1047,11 @@ class DocumentController extends Document

 		// If the tile is empty, extract string from the contents.
 		$obj->title = escape($obj->title, false);
-		if($obj->title == '')
+		if ($obj->title === '')
 		{
-			$obj->title = cut_str(strip_tags($obj->content),20,'...');
+			$obj->title = escape(cut_str(trim(utf8_normalize_spaces(strip_tags($obj->content))), 20, '...'), false);
 		}
-		if($obj->title == '')
+		if ($obj->title === '')
 		{
 			$obj->title = 'Untitled';
 		}
--- a/modules/document/document.item.php
+++ b/modules/document/document.item.php
@ -495,7 +495,8 @@ class DocumentItem extends BaseObject
 			return;
 		}

-		return $cut_size ? cut_str($this->get('title'), $cut_size, $tail) : $this->get('title');
+		$title = $cut_size ? cut_str($this->get('title'), $cut_size, $tail) : $this->get('title');
+		return escape($title, false);
 	}

 	function getVoted()
@ -593,7 +594,7 @@ class DocumentItem extends BaseObject
 			return false;
 		}

-		$title = escape($this->getTitleText($cut_size, $tail), false);
+		$title = $this->getTitleText($cut_size, $tail);
 		$this->add('title_color', trim($this->get('title_color') ?? ''));

 		$attrs = array();