diff options
author | Joey Hess <joey@gnu.kitenet.net> | 2010-04-05 16:34:49 -0400 |
---|---|---|
committer | Joey Hess <joey@gnu.kitenet.net> | 2010-04-05 16:34:49 -0400 |
commit | 09d4e9d6bb7a049b0721ffbf7dc6e64bee4404cc (patch) | |
tree | ea0543fd1ea1dd5b01455281fa13750838acb3ec | |
parent | 10f4695abd65db6c009864c5abb7cb5dfa1cf153 (diff) | |
download | ikiwiki-09d4e9d6bb7a049b0721ffbf7dc6e64bee4404cc.tar ikiwiki-09d4e9d6bb7a049b0721ffbf7dc6e64bee4404cc.tar.gz |
comments: Fix missing entity encoding in title.
The meta title data set by comments needs to be encoded the same way that
meta encodes it. (NB The security implications of the missing encoding
are small.)
Note that meta's encoding of title, description, and guid data, and not
other data, is probably a special case that should be removed. Instead,
these values should be encoded when used. I have avoided doing so here
because that would mean forcing a wiki rebuild on upgrade to have the data
consitently encoded.
-rw-r--r-- | IkiWiki/Plugin/comments.pm | 4 | ||||
-rw-r--r-- | debian/changelog | 1 |
2 files changed, 4 insertions, 1 deletions
diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm index 98786f432..460341710 100644 --- a/IkiWiki/Plugin/comments.pm +++ b/IkiWiki/Plugin/comments.pm @@ -221,7 +221,9 @@ sub preprocess { } if (defined $params{subject}) { - $pagestate{$page}{meta}{title} = $params{subject}; + # encode title the same way meta does + eval q{use HTML::Entities}; + $pagestate{$page}{meta}{title} = HTML::Entities::encode_numeric(decode_entities($params{subject})); } if ($params{page} =~ m/\/\Q$config{comments_pagename}\E\d+_/) { diff --git a/debian/changelog b/debian/changelog index b7b614604..be89d0918 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,7 @@ ikiwiki (3.20100404) UNRELEASED; urgency=low * bzr: Fix bzr log parsing to work with bzr 2.0. (liw) + * comments: Fix missing entity encoding in title. -- Joey Hess <joeyh@debian.org> Sun, 04 Apr 2010 12:17:11 -0400 |