X-Git-Url: http://git.shiar.net/minimedit.git/blobdiff_plain/ee9702f9ff640f0108e52490d256c789acb09433..872f3df9586c901552dc51fc835a5afe12db6c66:/article.inc.php

diff --git a/article.inc.php b/article.inc.php
index 7f8e622..36639f2 100644
--- a/article.inc.php
+++ b/article.inc.php
@@ -89,7 +89,7 @@ class ArchiveArticle
 	}
 	function name()
 	{
-		return $this->safetitle ?: $this->link;
+		return $this->safetitle ?: htmlspecialchars($this->link);
 	}
 
 	function last()
@@ -220,8 +220,13 @@ class ArchiveArticle
 
 		# keep either login or logout parts depending on user level
 		global $User;
-		$hideclass = $User && property_exists($User, 'login') && $User->login ? 'logout' : 'login';
-		$doc = preg_replace('{\s*<([a-z]+) class="'.$hideclass.'">.*?</\1>}s', '', $doc);
+		$userexists = $User && property_exists($User, 'login') && $User->login;
+		if (! ($userexists and $User->admin("edit {$this->link}")) ) {
+			# remove matching elements until first corresponding closing tag
+			$hideclass = $userexists ? 'logout' : 'login';
+			$tagmatch = '<([a-z]+) class="'.$hideclass.'"[^>]*>';
+			$doc = preg_replace("{\s*{$tagmatch}.*?</\\1>}s", '', $doc);
+		}
 
 		return preg_replace_callback(
 			'{ \[\[ ([^] ]+) ([^]]*) \]\] }x',