meta: Security fix; add missing sanitization of author and authorurl. Thanks, Raúl...

[ikiwiki.git] / IkiWiki / Plugin / meta.pm

diff --git a/IkiWiki/Plugin/meta.pm b/IkiWiki/Plugin/meta.pm
index b19ea2b3294b0e1c985c56162084b5e2430d6398..c79c8ccc08169842c8c292157015332af5ed855a 100644 (file)
--- a/IkiWiki/Plugin/meta.pm
+++ b/IkiWiki/Plugin/meta.pm
@@ -318,8 +318,8 @@ sub pagetemplate (@) {
                $template->param(title_overridden => 1);
        }
 
-       foreach my $field (qw{author authorurl}) {
-               $template->param($field => $pagestate{$page}{meta}{$field})
+       foreach my $field (qw{authorurl}) {
+               $template->param($field => HTML::Entities::encode_entities($pagestate{$page}{meta}{$field}))
                        if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);
        }
 
@@ -330,7 +330,7 @@ sub pagetemplate (@) {
                }
        }
 
-       foreach my $field (qw{description}) {
+       foreach my $field (qw{description author}) {
                eval q{use HTML::Entities};
                $template->param($field => HTML::Entities::encode_numeric($pagestate{$page}{meta}{$field}))
                        if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);