X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/c21eb47e627de2dfd5409b459b2e11498c534f3c..d048e9c64aca24b8e064aaf1608862b50c427de2:/IkiWiki/Plugin/comments.pm diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm index 8f8472f07..58bd4b851 100644 --- a/IkiWiki/Plugin/comments.pm +++ b/IkiWiki/Plugin/comments.pm @@ -221,7 +221,9 @@ sub preprocess { } if (defined $params{subject}) { - $pagestate{$page}{meta}{title} = $params{subject}; + # decode title the same way meta does + eval q{use HTML::Entities}; + $pagestate{$page}{meta}{title} = decode_entities($params{subject}); } if ($params{page} =~ m/\/\Q$config{comments_pagename}\E\d+_/) { @@ -336,7 +338,7 @@ sub editcomment ($$) { my $page = $form->field('page'); $page = IkiWiki::possibly_foolish_untaint($page); if (! defined $page || ! length $page || - IkiWiki::file_pruned($page, $config{srcdir})) { + IkiWiki::file_pruned($page)) { error(gettext("bad page name")); } @@ -546,7 +548,7 @@ sub commentmoderation ($$) { # pending comment before untainting. my ($f)= $id =~ /$config{wiki_file_regexp}/; if (! defined $f || ! length $f || - IkiWiki::file_pruned($f, $config{srcdir})) { + IkiWiki::file_pruned($f)) { error("illegal file"); } @@ -642,18 +644,14 @@ sub comments_pending () { find({ no_chdir => 1, wanted => sub { - $_=decode_utf8($_); - if (IkiWiki::file_pruned($_, $dir)) { - $File::Find::prune=1; - } - elsif (! -l $_ && ! -d _) { - $File::Find::prune=0; - my ($f)=/$config{wiki_file_regexp}/; # untaint - if (defined $f && $f =~ /\Q._comment\E$/) { - my $ctime=(stat($f))[10]; - $f=~s/^\Q$dir\E\/?//; - push @ret, [$f, $ctime]; - } + my $file=decode_utf8($_); + $file=~s/^\Q$dir\E\/?//; + return if ! length $file || IkiWiki::file_pruned($file) + || -l $_ || -d _ || $file !~ /\Q._comment\E$/; + my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint + if (defined $f) { + my $ctime=(stat($_))[10]; + push @ret, [$f, $ctime]; } } }, $dir); @@ -839,7 +837,7 @@ sub unique_comment_location ($$$) { eval q{use Digest::MD5 'md5_hex'}; error($@) if $@; - my $content_md5=md5_hex(shift); + my $content_md5=md5_hex(Encode::encode_utf8(shift)); my $dir=shift; @@ -855,14 +853,14 @@ sub unique_comment_location ($$$) { sub page_to_id ($) { # Converts a comment page name into a unique, legal html id - # addtibute value, that can be used as an anchor to link to the + # attribute value, that can be used as an anchor to link to the # comment. my $page=shift; eval q{use Digest::MD5 'md5_hex'}; error($@) if $@; - return "comment-".md5_hex($page); + return "comment-".md5_hex(Encode::encode_utf8(($page))); } package IkiWiki::PageSpec;