]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/userlist.pm
meta: Security fix; add missing sanitization of author and authorurl. Thanks, Raúl...
[git.ikiwiki.info.git] / IkiWiki / Plugin / userlist.pm
index f3e5cd462b28645041de6c8a81ffddaf54f89294..2ebf6197884729d81188c27306348b964e25c30c 100644 (file)
@@ -58,10 +58,13 @@ sub showuserlist ($$) {
        my $h="<table border=\"1\">\n";
        $h.="<tr><th>".gettext("login")."</th><th>".gettext("email")."</th></tr>\n";
        my $info=IkiWiki::userinfo_retrieve();
+       eval q{use HTML::Entities};
        if (ref $info) {
                foreach my $user (sort { $info->{$a}->{regdate} <=> $info->{$b}->{regdate} } keys %$info) {
                        my %i=%{$info->{$user}};
-                       $h.="<tr><td>$user</td><td>".(defined $i{email} ? $i{email} : "")."</tr>\n";
+                       $h.="<tr><td>".encode_entities($user)."</td><td>".
+                               encode_entities(defined $i{email} ? $i{email} : "").
+                               "</td></tr>\n";
                }
        }
        $h.="</table>\n";