From dac07d23a95c6ee96240fe9cffa8a84cab57d74f Mon Sep 17 00:00:00 2001
From: Albert S <mail@quitesimple.org>
Date: Fri, 29 Jan 2021 16:45:04 +0100
Subject: [PATCH] HandlerPageView: Use revision from db, not query param, as
 template value.

Not a vulnerability, but more correct this way.
---
 handlers/handlerpageview.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/handlers/handlerpageview.cpp b/handlers/handlerpageview.cpp
index 84ef242..232f52a 100644
--- a/handlers/handlerpageview.cpp
+++ b/handlers/handlerpageview.cpp
@@ -162,19 +162,20 @@ Response HandlerPageView::handleRequest(PageDao &pageDao, std::string pagename,
 			this->cache->put(cachekeyparsedcontent, parsedcontent);
 		}
 	}
+	std::string revisionstr = std::to_string(revision->revision);
 	page.setVar("content", parsedcontent);
 	page.setVar("index", indexcontent);
 	page.setVar("editedby", revision->author);
 	page.setVar("editedon", utils::toISODate(revision->timestamp));
 	page.setVar("historyurl", this->urlProvider->pageHistory(pagename));
-	page.setVar("revision", revisionparam);
+	page.setVar("revision", revisionstr);
 	setPageVars(page, pagename);
 	std::string body = page.render();
 	if(revisionid == 0 && !this->userSession->loggedIn)
 	{
 		this->cache->put("page:foranon:" + pagename, body);
 	}
-	result.addHeader("ETAG", std::to_string(revision->revision) + "+" + std::to_string(this->userSession->loggedIn));
+	result.addHeader("ETAG", revisionstr + "+" + std::to_string(this->userSession->loggedIn));
 	result.setBody(body);
 	return result;
 }