delete $params{$key};
my $page=$params{page};
delete $params{page};
+ delete $params{destpage};
+
+ eval q{use CGI 'escapeHTML'};
if ($key eq 'link') {
if (%params) {
$meta{$page}='' unless exists $meta{$page};
- $meta{$page}.="<link href=\"$value\" ".
- join(" ", map { "$_=\"$params{$_}\"" } keys %params).
+ $meta{$page}.="<link href=\"".escapeHTML($value)."\" ".
+ join(" ", map { escapeHTML("$_=\"$params{$_}\"") } keys %params).
" />\n";
}
else {
}
}
elsif ($key eq 'title') {
- $title{$page}=$value;
+ $title{$page}=escapeHTML($value);
}
else {
$meta{$page}='' unless exists $meta{$page};
- $meta{$page}.="<meta name=\"$key\" content=\"$value\" />\n";
+ $meta{$page}.="<meta name=\"".escapeHTML($key)."\" content=\"".escapeHTML($value)."\" />\n";
}
return "";
} # }}}
-sub pagetemplate ($$) { #{{{
- my $page=shift;
- my $template=shift;
+sub pagetemplate (@) { #{{{
+ my %params=@_;
+ my $page=$params{page};
+ my $template=$params{template};
- $template->param(meta => $meta{$page}) if exists $meta{$page};
- $template->param(title => $title{$page}) if exists $title{$page};
+ $template->param(meta => $meta{$page})
+ if exists $meta{$page} && $template->query(name => "meta");
+ $template->param(title => $title{$page})
+ if exists $title{$page} && $template->query(name => "title");
} # }}}
1