From a6a9f827dee9c98c70aee5bd51f7f7d16f3b8368 Mon Sep 17 00:00:00 2001 From: KatolaZ Date: Sat, 8 Jul 2017 07:47:51 +0100 Subject: Fixed form parsing and template escaping --- templ.go | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) (limited to 'templ.go') diff --git a/templ.go b/templ.go index 0151c71..d5ea3d4 100644 --- a/templ.go +++ b/templ.go @@ -9,19 +9,18 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * - * You should have received a copy of the GNU Affero General Public + * You should have received a copy of the GNU Affero General Public * License along with this program. If not, see * . * * (c) Vincenzo "KatolaZ" Nicosia 2017 -- - * - * - * This file is part of "binnit", a minimal no-fuss pastebin-like + * + * + * This file is part of "binnit", a minimal no-fuss pastebin-like * server written in golang * */ - /* * * minimal Templating support for binnit @@ -35,29 +34,28 @@ import ( "io/ioutil" "os" "regexp" - "strings" "strconv" + "strings" ) -func format_rows(content string) (string) { +func format_rows(content string) string { var ret string lines := strings.Split(content, "\n") ret += "" - + for l_num, l := range lines { ret += "\n" - ret += "" - ret += "" + ret += "" + ret += "" ret += "" } ret += "
"+ strconv.Itoa(l_num+1) + "
"+ l +"
" + strconv.Itoa(l_num+1) + "
" + l + "
" return ret } - func prepare_paste_page(title, date, content, templ_dir string) (string, error) { s := "" @@ -83,28 +81,26 @@ func prepare_paste_page(title, date, content, templ_dir string) (string, error) f_templ, err := os.Open(templ_file) defer f_templ.Close() - if cont, err := ioutil.ReadFile(templ_file); err == nil { tmpl := string(cont) - // ...and replace {{CONTENT}} with the paste itself! re, _ := regexp.Compile("{{TITLE}}") - tmpl = string(re.ReplaceAll([]byte(tmpl), []byte(title))) + tmpl = string(re.ReplaceAllLiteralString(tmpl, title)) re, _ = regexp.Compile("{{DATE}}") - tmpl = string(re.ReplaceAll([]byte(tmpl), []byte(date))) + tmpl = string(re.ReplaceAllLiteralString(tmpl, date)) re, _ = regexp.Compile("{{CONTENT}}") - tmpl = string(re.ReplaceAll([]byte(tmpl), []byte(format_rows(content)))) + tmpl = string(re.ReplaceAllLiteralString(tmpl, format_rows(content))) re, _ = regexp.Compile("{{RAW_CONTENT}}") - tmpl = string(re.ReplaceAll([]byte(tmpl), []byte(content))) + tmpl = string(re.ReplaceAllLiteralString(tmpl, content)) s += tmpl - + } else { return "", errors.New("Error opening template file") } - + // insert footer foot_file := templ_dir + "/footer.html" f_foot, err := os.Open(foot_file) -- cgit v1.2.3