diff options
author | Eric Wong <e@80x24.org> | 2016-06-17 18:56:02 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2016-06-17 19:03:02 +0000 |
commit | 38a90ce29cb9cae6f045f516ef160d8e6accdd21 (patch) | |
tree | 9048e5e5a34d15b623eef567421ac912f6026839 /lib | |
parent | 5e800c1aac067ec42cc6bcac10a0c339467a26d6 (diff) | |
download | public-inbox-38a90ce29cb9cae6f045f516ef160d8e6accdd21.tar.gz |
This isn't a security vulnerability since $GIT_DIR/description is controlled by the admin; but it causes the footer to misrender.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/PublicInbox/WWW.pm | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm index c25deff3..78b8826e 100644 --- a/lib/PublicInbox/WWW.pm +++ b/lib/PublicInbox/WWW.pm @@ -15,6 +15,7 @@ use strict; use warnings; use Plack::Request; use PublicInbox::Config; +use PublicInbox::Hval; use URI::Escape qw(uri_escape_utf8 uri_unescape); use constant SSOMA_URL => '//ssoma.public-inbox.org/'; use constant PI_URL => '//public-inbox.org/'; @@ -255,6 +256,7 @@ sub footer { # auto-generate a footer chomp(my $desc = $obj->description); + $desc = PublicInbox::Hval::ascii_html($desc); my $urls; my @urls = @{$obj->cloneurl}; |