HandlerPageView: Use revision from db, not query param, as template value.
Not a vulnerability, but more correct this way.
This commit is contained in:
джерело
0c66fdf70d
коміт
dac07d23a9
@ -162,19 +162,20 @@ Response HandlerPageView::handleRequest(PageDao &pageDao, std::string pagename,
|
||||
this->cache->put(cachekeyparsedcontent, parsedcontent);
|
||||
}
|
||||
}
|
||||
std::string revisionstr = std::to_string(revision->revision);
|
||||
page.setVar("content", parsedcontent);
|
||||
page.setVar("index", indexcontent);
|
||||
page.setVar("editedby", revision->author);
|
||||
page.setVar("editedon", utils::toISODate(revision->timestamp));
|
||||
page.setVar("historyurl", this->urlProvider->pageHistory(pagename));
|
||||
page.setVar("revision", revisionparam);
|
||||
page.setVar("revision", revisionstr);
|
||||
setPageVars(page, pagename);
|
||||
std::string body = page.render();
|
||||
if(revisionid == 0 && !this->userSession->loggedIn)
|
||||
{
|
||||
this->cache->put("page:foranon:" + pagename, body);
|
||||
}
|
||||
result.addHeader("ETAG", std::to_string(revision->revision) + "+" + std::to_string(this->userSession->loggedIn));
|
||||
result.addHeader("ETAG", revisionstr + "+" + std::to_string(this->userSession->loggedIn));
|
||||
result.setBody(body);
|
||||
return result;
|
||||
}
|
||||
|
Завантаження…
Посилання в новій задачі
Block a user