X-Git-Url: https://git.stderr.nl/gitweb?p=matthijs%2Fupstream%2Fblosxom.git;a=blobdiff_plain;f=blosxom.cgi;h=3ebe972c88108cbcb1746d2fc513da371bc63565;hp=674ff10f7a691e686b3d42cad6555ef2b76c3348;hb=f58f1e6d9a3d9e8f31c8bb80e3a422f4312109ba;hpb=9f94051f5dd9294a6d2a6e474087dd94bf1ebfe4 diff --git a/blosxom.cgi b/blosxom.cgi index 674ff10..3ebe972 100755 --- a/blosxom.cgi +++ b/blosxom.cgi @@ -1,8 +1,8 @@ #!/usr/bin/perl # Blosxom -# Author: Rael Dornfest -# Version: 2.0.2 +# Author: Rael Dornfest (2003), The Blosxom Development Team (2005-2008) +# Version: 2.1.0 # Home/Docs/Licensing: http://blosxom.sourceforge.net/ # Development/Downloads: http://sourceforge.net/projects/blosxom @@ -88,7 +88,7 @@ use File::stat; use Time::Local; use CGI qw/:standard :netscape/; -$version = "2.0.2"; +$version = "2.1.0"; # Should I encode entities for xml content-types? (plugins can turn this off if they do it themselves) $encode_xml_entities = 1; @@ -661,17 +661,30 @@ sub generate { } if ( $encode_xml_entities && $content_type =~ m{\bxml\b} ) { + # Escape special characters inside the container + + # The following line should be moved more towards to top for + # performance reasons -- Axel Beckert, 2008-07-22 + my $url_escape_re = qr([^-/a-zA-Z0-9:._]); + + $url =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; + $path =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; + $fn =~ s($url_escape_re)(sprintf('%%%02X', ord($&)))eg; # Escape <, >, and &, and to produce valid RSS my %escape = ( '<' => '<', '>' => '>', '&' => '&', - '"' => '"' + '"' => '"', + "'" => ''' ); my $escape_re = join '|' => keys %escape; $title =~ s/($escape_re)/$escape{$1}/g; $body =~ s/($escape_re)/$escape{$1}/g; + $url =~ s/($escape_re)/$escape{$1}/g; + $path =~ s/($escape_re)/$escape{$1}/g; + $fn =~ s/($escape_re)/$escape{$1}/g; } $story = &$interpolate($story); @@ -780,7 +793,7 @@ rss story $title rss story $dw, $da $mo $yr $ti:00 $utc_offset rss story $url/$yr/$mo_num/$da#$fn rss story $path -rss story $path/$fn +rss story $url$path/$fn rss story $body rss story