From cfb2da268b323f55d7e742d0a42eb8fe6ef32ca6 Mon Sep 17 00:00:00 2001 From: joey Date: Wed, 7 Mar 2007 18:42:41 +0000 Subject: [PATCH] further refinement fix a regexp injection hole --- IkiWiki/Plugin/table.pm | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/IkiWiki/Plugin/table.pm b/IkiWiki/Plugin/table.pm index c08087c71..dfa595812 100644 --- a/IkiWiki/Plugin/table.pm +++ b/IkiWiki/Plugin/table.pm @@ -7,29 +7,25 @@ use strict; use IkiWiki; use IkiWiki::Plugin::mdwn; -my %defaults = ( - data => undef, - file => undef, - format => 'auto', - sep_char => { - 'csv' => ',', - 'dsv' => '\|', - }, - class => undef, - header => 1, -); - sub import { #{{{ hook(type => "preprocess", id => "table", call => \&preprocess); } # }}} sub preprocess (@) { #{{{ - my %params = (%defaults, @_); - - if (defined $params{delimiter}) { + my %params =( + format => 'auto', + header => 'yes', + sep_char => { + 'csv' => ',', + 'dsv' => '|', + }, + @_ + ); + + if (exists $params{delimiter}) { $params{sep_char}->{$params{format}} = $params{delimiter}; } - if (defined $params{file}) { + if (exists $params{file}) { if (! $pagesources{$params{file}}) { return "[[table ".gettext("cannot find file")."]]"; } @@ -40,7 +36,7 @@ sub preprocess (@) { #{{{ # first try the more simple format if (is_dsv_data($params{data})) { $params{format} = 'dsv'; - $params{sep_char}->{dsv} = '\|'; + $params{sep_char}->{dsv} = '|'; } else { $params{format} = 'csv'; @@ -60,7 +56,7 @@ sub preprocess (@) { #{{{ } my $header; - if ($params{header} != 1) { + if (lc($params{header}) eq "yes") { $header=shift @data; } if (! @data) { @@ -71,7 +67,7 @@ sub preprocess (@) { #{{{ build_rows(\%params, @data), close_table(\%params, $header)); - if (defined $params{file}) { + if (exists $params{file}) { return $html."\n\n". htmllink($params{page}, $params{destpage}, $params{file}, linktext => gettext('Direct data download')); @@ -134,7 +130,7 @@ sub read_dsv ($) { #{{{ my @text_lines = split(/\n/, $params->{data}); my @data; - my $splitter = qr{$params->{sep_char}->{dsv}}; + my $splitter = qr{\Q$params->{sep_char}->{dsv}\E}; foreach my $line (@text_lines) { push @data, [ split($splitter, $line) ]; } -- 2.39.5