]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki.pm
projects / git.ikiwiki.info.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
useragent: Don't allow non-HTTP protocols to be used
[git.ikiwiki.info.git] / IkiWiki.pm
diff --git a/IkiWiki.pm b/IkiWiki.pm
index 0d87242ebd53c07f62b0446a0b102550afee83de..d5d1af56ccbbc1ef1acf5ee031fd809d3784c49c 100644 (file)
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@@ -1667,7 +1667,10 @@ sub preprocess ($$$;$$) {
                                        my $error=$@;
                                        chomp $error;
                                        eval q{use HTML::Entities};
-                                       $error = encode_entities($error);
+                                       # Also encode most ASCII punctuation
+                                       # as entities so that error messages
+                                       # are not interpreted as Markdown etc.
+                                       $error = encode_entities($error, '^-A-Za-z0-9+_,./:;= '."'");
                                        $ret="[[!$command <span class=\"error\">".
                                                gettext("Error").": $error"."</span>]]";
                                }
@@ -2467,10 +2470,14 @@ sub add_autofile ($$$) {
 }
 
 sub useragent () {
+       eval q{use LWP};
+       error($@) if $@;
+
        return LWP::UserAgent->new(
                cookie_jar => $config{cookiejar},
                env_proxy => 1,         # respect proxy env vars
                agent => $config{useragent},
+               protocols_allowed => [qw(http https)],
        );
 }
 
Unnamed repository; edit this file 'description' to name the repository.