X-Git-Url: https://git.deb.at/?p=pkg%2Fblosxom.git;a=blobdiff_plain;f=blosxom.cgi;h=c6ae87779c8a593e5f73bc33637799722b506ea4;hp=3d7727a9c3448bf45be0cc24387d71c39ce06f07;hb=9652d395819c4912e306a5b1cd836fc7dbd23e2f;hpb=843e99101526c5103eb6938c4449a34339cb1793 diff --git a/blosxom.cgi b/blosxom.cgi index 3d7727a..c6ae877 100755 --- a/blosxom.cgi +++ b/blosxom.cgi @@ -1,7 +1,7 @@ #!/usr/bin/perl # Blosxom -# Author: Rael Dornfest +# Author: Rael Dornfest (2002-2003), The Blosxom Development Team (2005-2008) # Version: 2.1.0 # Home/Docs/Licensing: http://blosxom.sourceforge.net/ # Development/Downloads: http://sourceforge.net/projects/blosxom @@ -79,7 +79,7 @@ $static_entries = 0; # -------------------------------- use vars - qw! $version $blog_title $blog_description $blog_language $blog_encoding $datadir $url %template $template $depth $num_entries $file_extension $default_flavour $static_or_dynamic $config_dir $plugin_list $plugin_path $plugin_dir $plugin_state_dir @plugins %plugins $static_dir $static_password @static_flavours $static_entries $path_info_full $path_info $path_info_yr $path_info_mo $path_info_da $path_info_mo_num $flavour $static_or_dynamic %month2num @num2month $interpolate $entries $output $header $show_future_entries %files %indexes %others $encode_xml_entities !; + qw! $version $blog_title $blog_description $blog_language $blog_encoding $datadir $url %template $template $depth $num_entries $file_extension $default_flavour $static_or_dynamic $config_dir $plugin_list $plugin_path $plugin_dir $plugin_state_dir @plugins %plugins $static_dir $static_password @static_flavours $static_entries $path_info_full $path_info $path_info_yr $path_info_mo $path_info_da $path_info_mo_num $flavour $static_or_dynamic %month2num @num2month $interpolate $entries $output $header $show_future_entries %files %indexes %others $encode_xml_entities $content_type !; use strict; use FileHandle; @@ -436,7 +436,7 @@ if ( !$ENV{GATEWAY_INTERFACE} mkdir "$static_dir/$p", 0755 unless ( -d "$static_dir/$p" or $p =~ /\.$file_extension$/ ); foreach $flavour (@static_flavours) { - my $content_type + $content_type = ( &$template( $p, 'content_type', $flavour ) ); $content_type =~ s!\n.*!!s; my $fn = $p =~ m!^(.+)\.$file_extension$! ? $1 : "$p/index"; @@ -473,7 +473,7 @@ if ( !$ENV{GATEWAY_INTERFACE} # Dynamic else { - my $content_type = ( &$template( $path_info, 'content_type', $flavour ) ); + $content_type = ( &$template( $path_info, 'content_type', $flavour ) ); $content_type =~ s!\n.*!!s; $content_type =~ s/(\$\w+(?:::\w+)*)/"defined $1 ? $1 : ''"/gee; @@ -660,18 +660,33 @@ sub generate { } } - if ( $encode_xml_entities && $content_type =~ m{\bxml\b} ) { + if ( $encode_xml_entities && + $content_type =~ m{\bxml\b} && + $content_type !~ m{\bxhtml\b} ) { + # Escape special characters inside the container + + # The following line should be moved more towards to top for + # performance reasons -- Axel Beckert, 2008-07-22 + my $url_escape_re = qr([^-/a-zA-Z0-9:._]); + + $url =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; + $path =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; + $fn =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; # Escape <, >, and &, and to produce valid RSS my %escape = ( '<' => '<', '>' => '>', '&' => '&', - '"' => '"' + '"' => '"', + "'" => ''' ); my $escape_re = join '|' => keys %escape; $title =~ s/($escape_re)/$escape{$1}/g; $body =~ s/($escape_re)/$escape{$1}/g; + $url =~ s/($escape_re)/$escape{$1}/g; + $path =~ s/($escape_re)/$escape{$1}/g; + $fn =~ s/($escape_re)/$escape{$1}/g; } $story = &$interpolate($story); @@ -738,7 +753,7 @@ html content_type text/html; charset=$blog_encoding html head html head html head -html head +html head html head html head $blog_title $path_info_da $path_info_mo $path_info_yr html head @@ -780,7 +795,7 @@ rss story $title rss story $dw, $da $mo $yr $ti:00 $utc_offset rss story $url/$yr/$mo_num/$da#$fn rss story $path -rss story $path/$fn +rss story $url$path/$fn rss story $body rss story