diff options
| author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2007-03-21 06:46:06 +0000 |
|---|---|---|
| committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2007-03-21 06:46:06 +0000 |
| commit | 72ed9e455c0cb697bd01a2a44b4b63820774cc35 (patch) | |
| tree | e61e2df280af03ba0f3c7f7041d850e893bb2e2e | |
| parent | af63a2ebff201be7173a296aeabfc2713461c543 (diff) | |
| download | ikiwiki-72ed9e455c0cb697bd01a2a44b4b63820774cc35.tar ikiwiki-72ed9e455c0cb697bd01a2a44b4b63820774cc35.tar.gz | |
the real bug turned out to be in the meta plugin
| -rw-r--r-- | IkiWiki/Plugin/meta.pm | 2 | ||||
| -rw-r--r-- | debian/changelog | 4 | ||||
| -rw-r--r-- | po/ikiwiki.pot | 2 | ||||
| -rw-r--r-- | templates/page.tmpl | 2 |
4 files changed, 5 insertions, 5 deletions
diff --git a/IkiWiki/Plugin/meta.pm b/IkiWiki/Plugin/meta.pm index d624757ba..f71b80fb9 100644 --- a/IkiWiki/Plugin/meta.pm +++ b/IkiWiki/Plugin/meta.pm @@ -56,7 +56,7 @@ sub preprocess (@) { #{{{ } } elsif ($key eq 'title') { - $title{$page}=$value; + $title{$page}=encode_entities($value); } elsif ($key eq 'permalink') { $permalink{$page}=$value; diff --git a/debian/changelog b/debian/changelog index 86815828a..976143aee 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,8 +12,8 @@ ikiwiki (1.46) unstable; urgency=low same time, and let the second person resolve the conflict. * Applied a patch from MichaĆ to make the mercurial backend pass --quiet to hg. - * Fix a security hole that allowed a web user to insert - arbitrary html in the title of a page due to missing escaping. + * Fix a security hole that allowed a web user to insert arbitrary html in + the title of a page due to missing escaping of titles in the meta plugin. -- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 01:51:30 -0400 diff --git a/po/ikiwiki.pot b/po/ikiwiki.pot index d4760ed3f..2af2804ae 100644 --- a/po/ikiwiki.pot +++ b/po/ikiwiki.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2007-03-21 02:05-0400\n" +"POT-Creation-Date: 2007-03-21 02:42-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" diff --git a/templates/page.tmpl b/templates/page.tmpl index ba6fb8c60..471ed1a7d 100644 --- a/templates/page.tmpl +++ b/templates/page.tmpl @@ -3,7 +3,7 @@ <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> -<title><TMPL_VAR TITLE ESCAPE=HTML></title> +<title><TMPL_VAR TITLE></title> <link rel="stylesheet" href="<TMPL_VAR BASEURL>style.css" type="text/css" /> <link rel="stylesheet" href="<TMPL_VAR BASEURL>local.css" type="text/css" /> <TMPL_IF NAME="FAVICON"> |