diff options
author | Joey Hess <joey@kitenet.net> | 2011-09-27 10:45:21 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2011-09-27 11:05:34 -0400 |
commit | 6321a75e0ce6591d4071fc022ce418be9698e941 (patch) | |
tree | 68d8ebda13fc1e8fc9753ec66fe0abb2b67d7aad | |
parent | 027455f155860907a3c7822e5f14b6f030e54d2b (diff) | |
download | ikiwiki-6321a75e0ce6591d4071fc022ce418be9698e941.tar ikiwiki-6321a75e0ce6591d4071fc022ce418be9698e941.tar.gz |
track escaping change in upstream template
This is not belived to be XSS exploitable due to other checks in ikiwiki.
Thanks Olly Betts for review.
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | templates/searchquery.tmpl | 2 |
2 files changed, 8 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 34f0ac8ee..d852c6b61 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +ikiwiki (3.20110906) UNRELEASED; urgency=low + + * searchquery.tmpl: Track escaping change in upstream template. + Thanks Olly Betts for review. + + -- Joey Hess <joeyh@debian.org> Tue, 27 Sep 2011 10:47:13 -0400 + ikiwiki (3.20110905) unstable; urgency=low * mercurial: Openid nicknames are now used when committing. (Daniel Andersson) diff --git a/templates/searchquery.tmpl b/templates/searchquery.tmpl index 5b9fbbf7f..15bc78e28 100644 --- a/templates/searchquery.tmpl +++ b/templates/searchquery.tmpl @@ -70,7 +70,7 @@ $if{$field{language},Language: <b>$html{$field{language}}</b><br>} $if{$field{size},<span title="$html{$field{size}} bytes">Size: <b>$html{$filesize{$field{size}}}</b></span><br>} </div> </td> -<td><B><A HREF="$field{url}">$html{$or{$field{caption},$field{title},$field{url},Untitled}}</A></B><BR> +<td><B><A HREF="$html{$field{url}}">$html{$or{$field{caption},$field{title},$field{url},Untitled}}</A></B><BR> <small>$highlight{$field{sample},$terms}$if{$field{sample},...}</small><br> <small> $percentage% relevant$. matching: |