More cautious escaping of environment values.

Tightened the escaping per this review comment: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=f35fc6a603b5473ce2c07bb0236e28e57f718315 (I didn't introduce a $tmp, as $val was local to that block already, and each hex encoding is in its own C string literal to avoid consuming subsequent chars that are valid hex digits.)
author: Lafayette Chamber Singers Webmaster <webmaster@lafayettechambersingers.org> 2014-09-14 20:07:43 -0400
committer: Lafayette Chamber Singers Webmaster <webmaster@lafayettechambersingers.org> 2014-09-14 20:07:43 -0400
commit: 29e80b4eedadc2afd3f9f36d215076c82982971b (patch)
tree: d4054f18379616ef301eddda6fbf423b34a785ac
parent: bc4721da0441a30822225c51b250be4cc5f8af24 (diff)
download: ikiwiki-29e80b4eedadc2afd3f9f36d215076c82982971b.tar
ikiwiki-29e80b4eedadc2afd3f9f36d215076c82982971b.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm
index ffbaf9908..4c99cdaa0 100644
--- a/IkiWiki/Wrapper.pm
+++ b/IkiWiki/Wrapper.pm
@@ -63,7 +63,8 @@ EOF
 	if (ref $config{ENV} eq 'HASH') {
 		foreach my $key (keys %{$config{ENV}}) {
 			my $val=$config{ENV}{$key};
-			$val =~ s/([\\"])/\\$1/g;
+			utf8::encode($val) if utf8::is_utf8($val);
+			$val =~ s/([^A-Za-z0-9])/sprintf '""\\x%02x""', ord($1)/ge;
 			$envsize += 1;
 			$envsave.=<<"EOF";
 	addenv("$key", "$val");
author	Lafayette Chamber Singers Webmaster <webmaster@lafayettechambersingers.org>	2014-09-14 20:07:43 -0400
committer	Lafayette Chamber Singers Webmaster <webmaster@lafayettechambersingers.org>	2014-09-14 20:07:43 -0400
commit	29e80b4eedadc2afd3f9f36d215076c82982971b (patch)
tree	d4054f18379616ef301eddda6fbf423b34a785ac
parent	bc4721da0441a30822225c51b250be4cc5f8af24 (diff)
download	ikiwiki-29e80b4eedadc2afd3f9f36d215076c82982971b.tar ikiwiki-29e80b4eedadc2afd3f9f36d215076c82982971b.tar.gz