]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/meta.pm
projects / git.ikiwiki.info.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
meta: Security fix; don't allow alternative stylesheets to be added on pages where...
[git.ikiwiki.info.git] / IkiWiki / Plugin / meta.pm
diff --git a/IkiWiki/Plugin/meta.pm b/IkiWiki/Plugin/meta.pm
index eccbf976c6a7e368966b13801ef1ab3b53a4cce8..c33c8b23882f7e23c8114d67c7ecd388666475e3 100644 (file)
--- a/IkiWiki/Plugin/meta.pm
+++ b/IkiWiki/Plugin/meta.pm
@@ -173,10 +173,10 @@ sub preprocess (@) {
                if (! length $stylesheet) {
                        error gettext("stylesheet not found")
                }
-               push @{$metaheaders{$page}}, '<link href="'.urlto($stylesheet, $page).
+               push @{$metaheaders{$page}}, scrub('<link href="'.urlto($stylesheet, $page).
                        '" rel="'.encode_entities($rel).
                        '" title="'.encode_entities($title).
-                       "\" type=\"text/css\" />";
+                       "\" type=\"text/css\" />", $page, $destpage);
        }
        elsif ($key eq 'openid') {
                my $delegate=0; # both by default
Unnamed repository; edit this file 'description' to name the repository.