diff options
| author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2007-03-07 18:42:41 +0000 |
|---|---|---|
| committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2007-03-07 18:42:41 +0000 |
| commit | cfb2da268b323f55d7e742d0a42eb8fe6ef32ca6 (patch) | |
| tree | c0f1bf6bfe848326e3d4262082cecddf92b9d78b | |
| parent | 355494b78b47e9882c18150eea5a173d14fc20b5 (diff) | |
further refinement
fix a regexp injection hole
| -rw-r--r-- | IkiWiki/Plugin/table.pm | 36 |
1 files changed, 16 insertions, 20 deletions
diff --git a/IkiWiki/Plugin/table.pm b/IkiWiki/Plugin/table.pm index c08087c71..dfa595812 100644 --- a/IkiWiki/Plugin/table.pm +++ b/IkiWiki/Plugin/table.pm @@ -7,29 +7,25 @@ use strict; use IkiWiki; use IkiWiki::Plugin::mdwn; -my %defaults = ( - data => undef, - file => undef, - format => 'auto', - sep_char => { - 'csv' => ',', - 'dsv' => '\|', - }, - class => undef, - header => 1, -); - sub import { #{{{ hook(type => "preprocess", id => "table", call => \&preprocess); } # }}} sub preprocess (@) { #{{{ - my %params = (%defaults, @_); - - if (defined $params{delimiter}) { + my %params =( + format => 'auto', + header => 'yes', + sep_char => { + 'csv' => ',', + 'dsv' => '|', + }, + @_ + ); + + if (exists $params{delimiter}) { $params{sep_char}->{$params{format}} = $params{delimiter}; } - if (defined $params{file}) { + if (exists $params{file}) { if (! $pagesources{$params{file}}) { return "[[table ".gettext("cannot find file")."]]"; } @@ -40,7 +36,7 @@ sub preprocess (@) { #{{{ # first try the more simple format if (is_dsv_data($params{data})) { $params{format} = 'dsv'; - $params{sep_char}->{dsv} = '\|'; + $params{sep_char}->{dsv} = '|'; } else { $params{format} = 'csv'; @@ -60,7 +56,7 @@ sub preprocess (@) { #{{{ } my $header; - if ($params{header} != 1) { + if (lc($params{header}) eq "yes") { $header=shift @data; } if (! @data) { @@ -71,7 +67,7 @@ sub preprocess (@) { #{{{ build_rows(\%params, @data), close_table(\%params, $header)); - if (defined $params{file}) { + if (exists $params{file}) { return $html."\n\n". htmllink($params{page}, $params{destpage}, $params{file}, linktext => gettext('Direct data download')); @@ -134,7 +130,7 @@ sub read_dsv ($) { #{{{ my @text_lines = split(/\n/, $params->{data}); my @data; - my $splitter = qr{$params->{sep_char}->{dsv}}; + my $splitter = qr{\Q$params->{sep_char}->{dsv}\E}; foreach my $line (@text_lines) { push @data, [ split($splitter, $line) ]; } |