}
if (defined $params{subject}) {
- $pagestate{$page}{meta}{title} = $params{subject};
+ # decode title the same way meta does
+ eval q{use HTML::Entities};
+ $pagestate{$page}{meta}{title} = decode_entities($params{subject});
}
if ($params{page} =~ m/\/\Q$config{comments_pagename}\E\d+_/) {
my $page = $form->field('page');
$page = IkiWiki::possibly_foolish_untaint($page);
if (! defined $page || ! length $page ||
- IkiWiki::file_pruned($page, $config{srcdir})) {
+ IkiWiki::file_pruned($page)) {
error(gettext("bad page name"));
}
# pending comment before untainting.
my ($f)= $id =~ /$config{wiki_file_regexp}/;
if (! defined $f || ! length $f ||
- IkiWiki::file_pruned($f, $config{srcdir})) {
+ IkiWiki::file_pruned($f)) {
error("illegal file");
}
find({
no_chdir => 1,
wanted => sub {
- $_=decode_utf8($_);
- if (IkiWiki::file_pruned($_, $dir)) {
- $File::Find::prune=1;
- }
- elsif (! -l $_ && ! -d _) {
- $File::Find::prune=0;
- my ($f)=/$config{wiki_file_regexp}/; # untaint
- if (defined $f && $f =~ /\Q._comment\E$/) {
- my $ctime=(stat($f))[10];
- $f=~s/^\Q$dir\E\/?//;
- push @ret, [$f, $ctime];
- }
+ my $file=decode_utf8($_);
+ $file=~s/^\Q$dir\E\/?//;
+ return if ! length $file || IkiWiki::file_pruned($file)
+ || -l $_ || -d _ || $file !~ /\Q._comment\E$/;
+ my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint
+ if (defined $f) {
+ my $ctime=(stat($_))[10];
+ push @ret, [$f, $ctime];
}
}
}, $dir);
eval q{use Digest::MD5 'md5_hex'};
error($@) if $@;
- return "comment-".md5_hex(Encode::encode_utf8(($page));
+ return "comment-".md5_hex(Encode::encode_utf8(($page)));
}
package IkiWiki::PageSpec;