meta: Security fix; add missing sanitization of author and authorurl. Thanks, Raúl Benencia

author: Joey Hess <joey@kitenet.net> 2012-05-16 19:54:41 -0400
committer: Joey Hess <joey@kitenet.net> 2012-05-16 19:54:41 -0400
commit: fbfcea89f8e06426c73ab8ea369ca4cdc566db6f (patch)
tree: 74d5ea5f91937dad82e265170392ab832724632f /IkiWiki
parent: 95a8b8868f1bbf73a9b8a4f36c5e21c2fcd0141b (diff)
download: ikiwiki-fbfcea89f8e06426c73ab8ea369ca4cdc566db6f.tar
ikiwiki-fbfcea89f8e06426c73ab8ea369ca4cdc566db6f.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/IkiWiki/Plugin/meta.pm b/IkiWiki/Plugin/meta.pm
index b19ea2b32..c79c8ccc0 100644
--- a/IkiWiki/Plugin/meta.pm
+++ b/IkiWiki/Plugin/meta.pm
@@ -318,8 +318,8 @@ sub pagetemplate (@) {
 		$template->param(title_overridden => 1);
 	}
 
-	foreach my $field (qw{author authorurl}) {
-		$template->param($field => $pagestate{$page}{meta}{$field})
+	foreach my $field (qw{authorurl}) {
+		$template->param($field => HTML::Entities::encode_entities($pagestate{$page}{meta}{$field}))
 			if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);
 	}
 
@@ -330,7 +330,7 @@ sub pagetemplate (@) {
 		}
 	}
 
-	foreach my $field (qw{description}) {
+	foreach my $field (qw{description author}) {
 		eval q{use HTML::Entities};
 		$template->param($field => HTML::Entities::encode_numeric($pagestate{$page}{meta}{$field}))
 			if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);
author	Joey Hess <joey@kitenet.net>	2012-05-16 19:54:41 -0400
committer	Joey Hess <joey@kitenet.net>	2012-05-16 19:54:41 -0400
commit	fbfcea89f8e06426c73ab8ea369ca4cdc566db6f (patch)
tree	74d5ea5f91937dad82e265170392ab832724632f /IkiWiki
parent	95a8b8868f1bbf73a9b8a4f36c5e21c2fcd0141b (diff)
download	ikiwiki-fbfcea89f8e06426c73ab8ea369ca4cdc566db6f.tar ikiwiki-fbfcea89f8e06426c73ab8ea369ca4cdc566db6f.tar.gz