close a possible XSS hole

[git.ikiwiki.info.git] / IkiWiki / CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 8e0339dc5436097e1727390076903fe3933171a5..6e1efbd69927f1199b0af6ccee45285d8ef7ea81 100644 (file)
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -76,12 +76,26 @@ sub cgi_recentchanges ($) { #{{{
        eval q{use Memoize};
        memoize("htmllink");
 
+       eval q{use Time::Duration};
+
+       my $changelog=[rcs_recentchanges(100)];
+       foreach my $change (@$changelog) {
+               $change->{when} = concise(ago($change->{when}));
+               $change->{user} = htmllink("", "", $change->{user}, 1);
+               $change->{pages} = [
+                       map {
+                               $_->{link} = htmllink("", "", $_->{page}, 1);
+                               $_;
+                       } @{$change->{pages}}
+               ];
+       }
+
        my $template=template("recentchanges.tmpl"); 
        $template->param(
                title => "RecentChanges",
                indexlink => indexlink(),
                wikiname => $config{wikiname},
-               changelog => [rcs_recentchanges(100)],
+               changelog => $changelog,
                baseurl => baseurl(),
        );
        print $q->header(-charset => 'utf-8'), $template->output;
@@ -425,7 +439,7 @@ sub cgi_editpage ($$) { #{{{
                                value => $comments, force => 1);
                $config{rss}=0; # avoid preview writing an rss feed!
                $form->tmpl_param("page_preview",
-                       htmlize($type,
+                       htmlize($page, $type,
                        linkify($page, "",
                        preprocess($page, $page,
                        filter($page, $content)))));