}
}
elsif ($key eq 'title') {
- $title{$page}=$value;
+ $title{$page}=encode_entities($value);
}
elsif ($key eq 'permalink') {
$permalink{$page}=$value;
same time, and let the second person resolve the conflict.
* Applied a patch from MichaĆ to make the mercurial backend pass --quiet to
hg.
- * Fix a security hole that allowed a web user to insert
- arbitrary html in the title of a page due to missing escaping.
+ * Fix a security hole that allowed a web user to insert arbitrary html in
+ the title of a page due to missing escaping of titles in the meta plugin.
-- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 01:51:30 -0400
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-03-21 02:05-0400\n"
+"POT-Creation-Date: 2007-03-21 02:42-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<title><TMPL_VAR TITLE ESCAPE=HTML></title>
+<title><TMPL_VAR TITLE></title>
<link rel="stylesheet" href="<TMPL_VAR BASEURL>style.css" type="text/css" />
<link rel="stylesheet" href="<TMPL_VAR BASEURL>local.css" type="text/css" />
<TMPL_IF NAME="FAVICON">
projects / ikiwiki.git / commitdiff