meta: Security fix; don't allow alternative stylesheets to be added on pages where...

[git.ikiwiki.info.git] / IkiWiki.pm

diff --git a/IkiWiki.pm b/IkiWiki.pm
index a4657a311e36c37b22daddc6ee88e4416526ca12..443c7044796a29947936fd5de57e8e09c14bfec4 100644 (file)
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@@ -151,7 +151,9 @@ sub loadplugins () { #{{{
                unshift @INC, possibly_foolish_untaint($config{libdir});
        }
 
-       loadplugin($_) foreach @{$config{plugin}};
+       foreach my $plugin (@{$config{plugin}}) {
+               loadplugin($plugin);
+       }
 
        run_hooks(getopt => sub { shift->() });
        if (grep /^-/, @ARGV) {
@@ -332,6 +334,10 @@ sub readfile ($;$$) { #{{{
        binmode($in) if ($binary);
        return \*$in if $wantfd;
        my $ret=<$in>;
+       # check for invalid utf-8, and toss it back to avoid crashes
+       if (! utf8::valid($ret)) {
+               $ret=encode_utf8($ret);
+       }
        close $in || error("failed to read $file: $!");
        return $ret;
 } #}}}
@@ -562,7 +568,7 @@ sub urlto ($$;$) { #{{{
        }
 
        if ($absolute) {
-               return $config{url}.beautify_urlpath("/".$to);
+               return $config{url}.beautify_url("/".$to);
        }
 
        my $link = abs2rel($to, dirname(htmlpage($from)));
@@ -725,7 +731,7 @@ sub preprocess ($$$;$$) { #{{{
                my $params=shift;
                $params="" if ! defined $params;
 
-               f (length $escape) {
+               if (length $escape) {
                        return "[[$prefix$command $params]]";
                }
                elsif (exists $hooks{preprocess}{$command}) {