]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki.pm
HTML-escape error messages (CVE-2016-4561)
[git.ikiwiki.info.git] / IkiWiki.pm
index f68797ae3b962bc7556308fffa0da5d644c46ca3..1433af99b3b8b0a6c9a93dc9ff6edd8ff808674b 100644 (file)
@@ -1481,6 +1481,8 @@ sub preprocess ($$$;$$) {
                                if ($@) {
                                        my $error=$@;
                                        chomp $error;
                                if ($@) {
                                        my $error=$@;
                                        chomp $error;
+                                       eval q{use HTML::Entities};
+                                       $error = encode_entities($error);
                                        $ret="[[!$command <span class=\"error\">".
                                                gettext("Error").": $error"."</span>]]";
                                }
                                        $ret="[[!$command <span class=\"error\">".
                                                gettext("Error").": $error"."</span>]]";
                                }