]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Wrapper.pm
Fix XSS in openid selector. Thanks, Raghav Bisht.
[git.ikiwiki.info.git] / IkiWiki / Wrapper.pm
index ffbaf99086cfc80d93140acca579812c56c21300..4c99cdaa0b670080ac8548e8d95de91b7b74de07 100644 (file)
@@ -63,7 +63,8 @@ EOF
        if (ref $config{ENV} eq 'HASH') {
                foreach my $key (keys %{$config{ENV}}) {
                        my $val=$config{ENV}{$key};
-                       $val =~ s/([\\"])/\\$1/g;
+                       utf8::encode($val) if utf8::is_utf8($val);
+                       $val =~ s/([^A-Za-z0-9])/sprintf '""\\x%02x""', ord($1)/ge;
                        $envsize += 1;
                        $envsave.=<<"EOF";
        addenv("$key", "$val");