}
function name()
{
- return $this->safetitle ?: $this->link;
+ return $this->safetitle ?: htmlspecialchars($this->link);
}
function last()
# keep either login or logout parts depending on user level
global $User;
- $hideclass = $User && property_exists($User, 'login') && $User->login ? 'logout' : 'login';
- $doc = preg_replace('{\s*<([a-z]+) class="'.$hideclass.'">.*?</\1>}s', '', $doc);
+ $userexists = $User && property_exists($User, 'login') && $User->login;
+ if (! ($userexists and $User->admin("edit {$this->link}")) ) {
+ # remove matching elements until first corresponding closing tag
+ $hideclass = $userexists ? 'logout' : 'login';
+ $tagmatch = '<([a-z]+) class="'.$hideclass.'"[^>]*>';
+ $doc = preg_replace("{\s*{$tagmatch}.*?</\\1>}s", '', $doc);
+ }
return preg_replace_callback(
'{ \[\[ ([^] ]+) ([^]]*) \]\] }x',