From: Lafayette Chamber Singers Webmaster <webmaster@lafayettechambersingers.org>
Date: Mon, 15 Sep 2014 00:07:43 +0000 (-0400)
Subject: More cautious escaping of environment values.
X-Git-Tag: 3.20140916~20^2
X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/29e80b4eedadc2afd3f9f36d215076c82982971b?hp=bc4721da0441a30822225c51b250be4cc5f8af24

More cautious escaping of environment values.

Tightened the escaping per this review comment:
http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=f35fc6a603b5473ce2c07bb0236e28e57f718315

(I didn't introduce a $tmp, as $val was local to that block already, and each
hex encoding is in its own C string literal to avoid consuming subsequent
chars that are valid hex digits.)
---

diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm
index ffbaf9908..4c99cdaa0 100644
--- a/IkiWiki/Wrapper.pm
+++ b/IkiWiki/Wrapper.pm
@@ -63,7 +63,8 @@ EOF
 	if (ref $config{ENV} eq 'HASH') {
 		foreach my $key (keys %{$config{ENV}}) {
 			my $val=$config{ENV}{$key};
-			$val =~ s/([\\"])/\\$1/g;
+			utf8::encode($val) if utf8::is_utf8($val);
+			$val =~ s/([^A-Za-z0-9])/sprintf '""\\x%02x""', ord($1)/ge;
 			$envsize += 1;
 			$envsave.=<<"EOF";
 	addenv("$key", "$val");