From 8f6627378af2f3173128a582f3fb629d1c051264 Mon Sep 17 00:00:00 2001
From: low012 <low012@6c8d7289-2bf4-0310-a012-ef5d649a1542>
Date: Fri, 24 Feb 2006 02:23:47 +0000
Subject: [PATCH] *) Fixed another XSS vulnerability. By adding </textarea>[add
 nasty text/commands here] it was possible to mess up the edit and the preview
 page.

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@1756 6c8d7289-2bf4-0310-a012-ef5d649a1542
---
 htroot/Wiki.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htroot/Wiki.java b/htroot/Wiki.java
index 8b7cd9d51..c92f06f24 100644
--- a/htroot/Wiki.java
+++ b/htroot/Wiki.java
@@ -118,7 +118,7 @@ public class Wiki {
             try {
                 prop.put("mode", 1); //edit
                 prop.put("mode_author", author);
-                prop.put("mode_page-code", new String(page.page(), "UTF-8"));
+                prop.put("mode_page-code", new String(page.page(), "UTF-8").replaceAll("</textarea>","<&#047;textarea>"));
                 prop.put("mode_pagename", pagename);
             } catch (UnsupportedEncodingException e) {}
         }
@@ -132,7 +132,7 @@ public class Wiki {
             prop.put("mode_author", author);
             prop.put("mode_date", dateString(new Date()));
             prop.put("mode_page", wikiTransformer.transform(post.get("content", "")));
-            prop.put("mode_page-code", post.get("content", ""));
+            prop.put("mode_page-code", post.get("content", "").replaceAll("</textarea>","<&#047;textarea>"));
         }
         //end contrib of [MN]