]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/meta.pm
Add automated test for using the CGI with git, including CVE-2016-10026
[git.ikiwiki.info.git] / IkiWiki / Plugin / meta.pm
index b19ea2b3294b0e1c985c56162084b5e2430d6398..421f1dc86a83d33ac823f9989ad9e42c6dea12c9 100644 (file)
@@ -318,8 +318,9 @@ sub pagetemplate (@) {
                $template->param(title_overridden => 1);
        }
 
-       foreach my $field (qw{author authorurl}) {
-               $template->param($field => $pagestate{$page}{meta}{$field})
+       foreach my $field (qw{authorurl}) {
+               eval q{use HTML::Entities};
+               $template->param($field => HTML::Entities::encode_entities($pagestate{$page}{meta}{$field}))
                        if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);
        }
 
@@ -330,7 +331,7 @@ sub pagetemplate (@) {
                }
        }
 
-       foreach my $field (qw{description}) {
+       foreach my $field (qw{description author}) {
                eval q{use HTML::Entities};
                $template->param($field => HTML::Entities::encode_numeric($pagestate{$page}{meta}{$field}))
                        if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);