HandlerPageView: Use revision from db, not query param, as template value.

Not a vulnerability, but more correct this way.
Αυτή η υποβολή περιλαμβάνεται σε:
Albert S. 2021-01-29 16:45:04 +01:00
γονέας 0c66fdf70d
υποβολή dac07d23a9

@ -162,19 +162,20 @@ Response HandlerPageView::handleRequest(PageDao &pageDao, std::string pagename,
this->cache->put(cachekeyparsedcontent, parsedcontent);
}
}
std::string revisionstr = std::to_string(revision->revision);
page.setVar("content", parsedcontent);
page.setVar("index", indexcontent);
page.setVar("editedby", revision->author);
page.setVar("editedon", utils::toISODate(revision->timestamp));
page.setVar("historyurl", this->urlProvider->pageHistory(pagename));
page.setVar("revision", revisionparam);
page.setVar("revision", revisionstr);
setPageVars(page, pagename);
std::string body = page.render();
if(revisionid == 0 && !this->userSession->loggedIn)
{
this->cache->put("page:foranon:" + pagename, body);
}
result.addHeader("ETAG", std::to_string(revision->revision) + "+" + std::to_string(this->userSession->loggedIn));
result.addHeader("ETAG", revisionstr + "+" + std::to_string(this->userSession->loggedIn));
result.setBody(body);
return result;
}