comments: Fix missing entity encoding in title.

The meta title data set by comments needs to be encoded the same way that meta encodes it. (NB The security implications of the missing encoding are small.) Note that meta's encoding of title, description, and guid data, and not other data, is probably a special case that should be removed. Instead, these values should be encoded when used. I have avoided doing so here because that would mean forcing a wiki rebuild on upgrade to have the data consitently encoded.
author: Joey Hess <joey@gnu.kitenet.net> 2010-04-05 16:34:49 -0400
committer: Joey Hess <joey@gnu.kitenet.net> 2010-04-05 16:34:49 -0400
commit: 09d4e9d6bb7a049b0721ffbf7dc6e64bee4404cc (patch)
tree: ea0543fd1ea1dd5b01455281fa13750838acb3ec /IkiWiki
parent: 10f4695abd65db6c009864c5abb7cb5dfa1cf153 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm
index 98786f432..460341710 100644
--- a/IkiWiki/Plugin/comments.pm
+++ b/IkiWiki/Plugin/comments.pm
@@ -221,7 +221,9 @@ sub preprocess {
 	}
 
 	if (defined $params{subject}) {
-		$pagestate{$page}{meta}{title} = $params{subject};
+		# encode title the same way meta does
+		eval q{use HTML::Entities};
+		$pagestate{$page}{meta}{title} = HTML::Entities::encode_numeric(decode_entities($params{subject}));
 	}
 
 	if ($params{page} =~ m/\/\Q$config{comments_pagename}\E\d+_/) {
author	Joey Hess <joey@gnu.kitenet.net>	2010-04-05 16:34:49 -0400
committer	Joey Hess <joey@gnu.kitenet.net>	2010-04-05 16:34:49 -0400
commit	09d4e9d6bb7a049b0721ffbf7dc6e64bee4404cc (patch)
tree	ea0543fd1ea1dd5b01455281fa13750838acb3ec /IkiWiki
parent	10f4695abd65db6c009864c5abb7cb5dfa1cf153 (diff)