Created
June 19, 2014 01:37
-
-
Save hail2u/25cc0a9f219b1fffdaad to your computer and use it in GitHub Desktop.
Escape `$url` before processing `head.flavour`
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git blosxom.cgi blosxom.cgi | |
index 8ffe7ae..0fb7041 100755 | |
--- blosxom.cgi | |
+++ blosxom.cgi | |
@@ -764,6 +764,30 @@ sub generate { | |
} | |
} | |
+ # Save unescaped versions and allow them to be used in flavour | |
+ # templates. | |
+ use vars qw/$url_unesc/; | |
+ $url_unesc = $url; | |
+ | |
+ # Fix special characters in links inside XML content | |
+ if ( $encode_xml_entities | |
+ && $content_type =~ m{\bxml\b} | |
+ && $content_type !~ m{\bxhtml\b} ) | |
+ { | |
+ | |
+ # Escape special characters inside the <link> container | |
+ | |
+ &url_escape_url(); | |
+ | |
+ # Escape <, >, and &, and to produce valid RSS | |
+ $url = blosxom_html_escape($url); | |
+ } | |
+ | |
+ # Fix special characters in links inside XML content | |
+ if ($encode_8bit_chars) { | |
+ &url_escape_url(); | |
+ } | |
+ | |
# Head | |
my $head = ( &$template( $currentdir, 'head', $flavour ) ); | |
@@ -890,8 +914,7 @@ sub generate { | |
# Save unescaped versions and allow them to be used in | |
# flavour templates. | |
- use vars qw/$url_unesc $path_unesc $fn_unesc/; | |
- $url_unesc = $url; | |
+ use vars qw/$path_unesc $fn_unesc/; | |
$path_unesc = $path; | |
$fn_unesc = $fn; | |
@@ -903,19 +926,18 @@ sub generate { | |
# Escape special characters inside the <link> container | |
- &url_escape_url_path_and_fn(); | |
+ &url_escape_path_and_fn(); | |
# Escape <, >, and &, and to produce valid RSS | |
$title = blosxom_html_escape($title); | |
$body = blosxom_html_escape($body); | |
- $url = blosxom_html_escape($url); | |
$path = blosxom_html_escape($path); | |
$fn = blosxom_html_escape($fn); | |
} | |
# Fix special characters in links inside XML content | |
if ($encode_8bit_chars) { | |
- &url_escape_url_path_and_fn(); | |
+ &url_escape_path_and_fn(); | |
} | |
$story = &$interpolate($story); | |
@@ -975,8 +997,11 @@ sub nice_date { | |
return ( $dw, $mo, $mo_num, $da, $ti, $yr, $utc_offset ); | |
} | |
-sub url_escape_url_path_and_fn { | |
- $url =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; | |
+sub url_escape_url { | |
+ $url =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; | |
+} | |
+ | |
+sub url_escape_path_and_fn { | |
$path =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; | |
$fn =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment