X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/4250d389d3ebf3821ac3bdafc04d24ed0e2a6a64..94a51309635b799fd25aeaf60d90fab25939343e:/IkiWiki/Plugin/meta.pm

diff --git a/IkiWiki/Plugin/meta.pm b/IkiWiki/Plugin/meta.pm
index 9b7b9854f..421f1dc86 100644
--- a/IkiWiki/Plugin/meta.pm
+++ b/IkiWiki/Plugin/meta.pm
@@ -275,22 +275,23 @@ sub preprocess (@) {
 		push @{$metaheaders{$page}}, '<meta name="robots"'.
 			' content="'.encode_entities($value).'" />';
 	}
-	elsif ($key eq 'author') {
-		push @{$metaheaders{$page}}, '<meta name="'.
-			encode_entities($key).
-			'" content="'.encode_entities($value).'" />';
-	}
-	elsif ($key eq 'description') {
-		push @{$metaheaders{$page}}, '<meta name="'.
-			encode_entities($key).
+	elsif ($key eq 'description' || $key eq 'author') {
+		push @{$metaheaders{$page}}, '<meta name="'.$key.
 			'" content="'.encode_entities($value).'" />';
 	}
 	elsif ($key eq 'name') {
-		push @{$metaheaders{$page}}, scrub('<meta '.$key.'="'.
+		push @{$metaheaders{$page}}, scrub('<meta name="'.
 			encode_entities($value).
 			join(' ', map { "$_=\"$params{$_}\"" } keys %params).
 			' />', $page, $destpage);
 	}
+	elsif ($key eq 'keywords') {
+		# Make sure the keyword string is safe: only allow alphanumeric
+		# characters, space and comma and strip the rest.
+		$value =~ s/[^[:alnum:], ]+//g;
+		push @{$metaheaders{$page}}, '<meta name="keywords"'.
+			' content="'.encode_entities($value).'" />';
+	}
 	else {
 		push @{$metaheaders{$page}}, scrub('<meta name="'.
 			encode_entities($key).'" content="'.
@@ -317,8 +318,9 @@ sub pagetemplate (@) {
 		$template->param(title_overridden => 1);
 	}
 
-	foreach my $field (qw{author authorurl}) {
-		$template->param($field => $pagestate{$page}{meta}{$field})
+	foreach my $field (qw{authorurl}) {
+		eval q{use HTML::Entities};
+		$template->param($field => HTML::Entities::encode_entities($pagestate{$page}{meta}{$field}))
 			if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);
 	}
 
@@ -329,7 +331,7 @@ sub pagetemplate (@) {
 		}
 	}
 
-	foreach my $field (qw{description}) {
+	foreach my $field (qw{description author}) {
 		eval q{use HTML::Entities};
 		$template->param($field => HTML::Entities::encode_numeric($pagestate{$page}{meta}{$field}))
 			if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);