page: retain conditional login elements in editor

[minimedit.git] / article.inc.php

diff --git a/article.inc.php b/article.inc.php
index 7f8e622cde5297f5d71523a42b106a14983f09eb..36639f2a222129d13cf632629a4ce5e7e6c88a95 100644 (file)
--- a/article.inc.php
+++ b/article.inc.php
@@ -89,7 +89,7 @@ class ArchiveArticle
        }
        function name()
        {
-               return $this->safetitle ?: $this->link;
+               return $this->safetitle ?: htmlspecialchars($this->link);
        }
 
        function last()
@@ -220,8 +220,13 @@ class ArchiveArticle
 
                # keep either login or logout parts depending on user level
                global $User;
-               $hideclass = $User && property_exists($User, 'login') && $User->login ? 'logout' : 'login';
-               $doc = preg_replace('{\s*<([a-z]+) class="'.$hideclass.'">.*?</\1>}s', '', $doc);
+               $userexists = $User && property_exists($User, 'login') && $User->login;
+               if (! ($userexists and $User->admin("edit {$this->link}")) ) {
+                       # remove matching elements until first corresponding closing tag
+                       $hideclass = $userexists ? 'logout' : 'login';
+                       $tagmatch = '<([a-z]+) class="'.$hideclass.'"[^>]*>';
+                       $doc = preg_replace("{\s*{$tagmatch}.*?</\\1>}s", '', $doc);
+               }
 
                return preg_replace_callback(
                        '{ \[\[ ([^] ]+) ([^]]*) \]\] }x',