From 9b824a0788c3dc704428c1ee75d92550763946ab Mon Sep 17 00:00:00 2001
From: sergiotarxz <sergio.iglesias7890@gmail.com>
Date: Tue, 28 Jul 2020 20:12:22 +0200
Subject: [PATCH 1/2] Sanitizing html output and using page.php

Issues #1 and #4
---
 index.php          |   8 +++-
 php/home.php       | 100 ++++++++++++---------------------------------
 php/page.php       |  40 ++++++++++--------
 php/pagination.php |  42 +++++++++++++++++++
 4 files changed, 100 insertions(+), 90 deletions(-)
 create mode 100644 php/pagination.php

diff --git a/index.php b/index.php
index cfce00e..74f1890 100755
--- a/index.php
+++ b/index.php
@@ -16,7 +16,13 @@
 						</div>
 
 						<div class="col-lg-6">
-						<?php include(THEME_DIR_PHP.'home.php') ?>
+						<?php 
+                            if ( $WHERE_AM_I === 'home' ) {
+                                include(THEME_DIR_PHP.'home.php');
+                            } elseif ( $WHERE_AM_I === 'page' ) {
+                                include(THEME_DIR_PHP.'page.php');
+                            }
+                        ?>
 						</div>
 					</div>
 				</div>
diff --git a/php/home.php b/php/home.php
index df86469..97b6bd2 100644
--- a/php/home.php
+++ b/php/home.php
@@ -1,77 +1,31 @@
-<!-- Section -->
 <section class="content">
-        <?php foreach ($content as $page): ?>
-                <article class="page">
-                        <header>
-                            <?php if ( $page->title() ): ?>
-                            <h2>
-                                <a href="<?php echo htmlentities($page->permalink(), ENT_QUOTES | ENT_HTML401)?>">
-                                    <?php 
-                                        echo htmlentities( $page->title() );
-                                    ?>
-                                </a>
-                            </h2>
-                            <?php endif; ?>
-                        </header>
-                        <?php if ($page->coverImage()): ?>
-                        <img src="<?php echo $page->coverImage() ?>" alt="<?php echo $page->slug() ?>">
-                        <?php endif ?>
+    <?php foreach ($content as $page): ?>
+        <article class="page">
+            <header>
+                <?php if ( $page->title() ): ?>
+                <h2>
+                    <a href="<?php echo htmlentities($page->permalink(), ENT_QUOTES | ENT_HTML401)?>">
+                        <?php 
+                            echo htmlentities( $page->title() );
+                        ?>
+                    </a>
+                </h2>
+                <?php endif; ?>
+            </header>
+            <?php if ($page->coverImage()): ?>
+                    <img src="<?php echo $page->coverImage() ?>" alt="<?php echo $page->slug(); ?>"/>
+            <?php endif ?>
 
-                        <?php echo $page->content() ?>
-
-                        <footer>
-                                <a href="<?php echo htmlentities($page->permalink(), ENT_QUOTES | ENT_HTML401)?>">
-                                    <?php echo htmlentities( $L->get('Read this article.') ); ?>
-                                </a>
-                                <br/>
-                                <?php echo $page->date() ?>
-                        </footer>
-                </article>
-        <?php endforeach ?>
+            <?php echo $page->content() ?>
+            <footer>
+                <a href="<?php echo htmlentities($page->permalink(), ENT_QUOTES | ENT_HTML401)?>">
+                    <?php echo htmlentities( $L->get('Read this article.') ); ?>
+                </a>
+                <br/>
+                <?php echo htmlentities($page->date()); ?>
+            </footer>
+        </article>
+    <?php endforeach ?>
 </section>
 
-<!-- Pagination -->
-<ul class="pagination">
-    <?php 
-
-    $isPage = $WHERE_AM_I === 'page';
-    $isHome = $WHERE_AM_I === 'home';
-    $pageHandler = new Pages();
-    $previousLink = null;
-    $nextLink = null;
-    $areTherePages = !!count($content);
-    if ( $isPage && $areTherePages ) {
-        $currentPage = $content[0]; 
-        if( isset($currentPage) ) {
-            if ( $currentPage->previousKey() ) {
-                $previousLink = buildPage($currentPage->previousKey())->permalink();
-            }
-            if ( $currentPage->nextKey() ) {
-                $nextLink = buildPage($currentPage->nextKey())->permalink();
-            }
-        }
-    }
-    if ( $isHome ) {
-        if ( Paginator::showPrev() ) {
-            $previousLink = Paginator::previousPageUrl();
-        }
-        if ( Paginator::showNext() ) {
-            $nextLink = Paginator::nextPageUrl();
-        }
-    }
-    ?>
-    <?php if ( isset($previousLink) ): ?>
-        <li class="float-left">
-            <a href="<?php echo htmlentities( $previousLink, ENT_QUOTES | ENT_HTML401 ); ?>">
-                <?php echo $L->get('Previous page') ?>
-            </a>
-        </li>
-    <?php endif; ?>
-    <?php if ( isset($nextLink) ): ?>
-        <li class="float-right">
-            <a href="<?php echo htmlentities( $nextLink, ENT_QUOTES | ENT_HTML401 ); ?>">
-                <?php echo $L->get('Next page') ?>
-            </a>
-        </li>
-    <?php endif; ?>
-</ul>
+<?php include(THEME_DIR_PHP.'pagination.php'); ?>
diff --git a/php/page.php b/php/page.php
index 3a72773..a858afc 100644
--- a/php/page.php
+++ b/php/page.php
@@ -1,18 +1,26 @@
-<!-- Section -->
 <section class="content">
-                <article class="page">
-                        <header>
-                                <a href="<?php echo $page->permalink() ?>">
-                                        <h2><?php echo $page->title() ?></h2>
-                                </a>
+    <article class="page">
+        <header>
+            <?php if ( $page->title() ): ?>
+            <h2>
+                <a href="<?php echo htmlentities($page->permalink(), ENT_QUOTES | ENT_HTML401)?>">
+                    <?php 
+                        echo htmlentities( $page->title() );
+                    ?>
+                </a>
+            </h2>
+            <?php endif; ?>
+        </header>
+        <?php if ($page->coverImage()): ?>
+        <img src="<?php echo htmlentities($page->coverImage(), ENT_QUOTES | ENT_HTML401); ?>" alt="<?php echo htmlentities($page->slug(), ENT_QUOTES | ENT_HTML401); ?>"/>
+        <?php endif ?>
 
-                                <?php if($page->coverImage()): ?>
-                                <img src="<?php echo $page->coverImage() ?>" alt="<?php echo $page->slug() ?>">
-                                <?php endif ?>
-                        </header>
-                        <?php echo $page->content() ?>
-                        <footer>
-                                <div class="date"><?php echo $page->date() ?></div>
-                        </footer>
-                </article>
-</section>
\ No newline at end of file
+        <?php echo $page->content() ?>
+
+        <footer>
+            <?php echo $page->date() ?>
+        </footer>
+    </article>
+</section>
+
+<?php include(THEME_DIR_PHP.'pagination.php'); ?>
diff --git a/php/pagination.php b/php/pagination.php
new file mode 100644
index 0000000..1b9d9c6
--- /dev/null
+++ b/php/pagination.php
@@ -0,0 +1,42 @@
+<!-- Pagination -->
+<ul class="pagination">
+    <?php 
+    $isPage = $WHERE_AM_I === 'page';
+    $isHome = $WHERE_AM_I === 'home';
+    $pageHandler = new Pages();
+    $previousLink = null;
+    $nextLink = null;
+    if ( $isPage && isset($page) ) {
+        if( isset($page) ) {
+            if ( $page->previousKey() ) {
+                $previousLink = buildPage($page->previousKey())->permalink();
+            }
+            if ( $page->nextKey() ) {
+                $nextLink = buildPage($page->nextKey())->permalink();
+            }
+        }
+    }
+    if ( $isHome ) {
+        if ( Paginator::showPrev() ) {
+            $previousLink = Paginator::previousPageUrl();
+        }
+        if ( Paginator::showNext() ) {
+            $nextLink = Paginator::nextPageUrl();
+        }
+    }
+    ?>
+    <?php if ( isset($previousLink) ): ?>
+        <li class="float-left">
+            <a href="<?php echo htmlentities( $previousLink, ENT_QUOTES | ENT_HTML401 ); ?>">
+                <?php echo $L->get('Previous page') ?>
+            </a>
+        </li>
+    <?php endif; ?>
+    <?php if ( isset($nextLink) ): ?>
+        <li class="float-right">
+            <a href="<?php echo htmlentities( $nextLink, ENT_QUOTES | ENT_HTML401 ); ?>">
+                <?php echo $L->get('Next page') ?>
+            </a>
+        </li>
+    <?php endif; ?>
+</ul>

From 146cacd16f4a89377474f0f31b38915ae8fdfbdb Mon Sep 17 00:00:00 2001
From: sergiotarxz <sergio.iglesias7890@gmail.com>
Date: Tue, 28 Jul 2020 20:16:42 +0200
Subject: [PATCH 2/2] fix: Solving unsanitized data left.

Issues #1 and #4
---
 php/home.php | 2 +-
 php/page.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/home.php b/php/home.php
index 97b6bd2..038c81c 100644
--- a/php/home.php
+++ b/php/home.php
@@ -13,7 +13,7 @@
                 <?php endif; ?>
             </header>
             <?php if ($page->coverImage()): ?>
-                    <img src="<?php echo $page->coverImage() ?>" alt="<?php echo $page->slug(); ?>"/>
+                    <img src="<?php echo htmlentities($page->coverImage(), ENT_QUOTES | ENT_HTML401); ?>" alt="<?php htmlentities(echo $page->slug(), ENT_QUOTES | ENT_HTML401); ?>"/>
             <?php endif ?>
 
             <?php echo $page->content() ?>
diff --git a/php/page.php b/php/page.php
index a858afc..dbba5be 100644
--- a/php/page.php
+++ b/php/page.php
@@ -18,7 +18,7 @@
         <?php echo $page->content() ?>
 
         <footer>
-            <?php echo $page->date() ?>
+            <?php echo htmlentities($page->date()); ?>
         </footer>
     </article>
 </section>