From: Thomas Moschny <thm@fedoraproject.org>
Subject: [PATCH] t/cve-2012-0220

Apply changes from these commits:

commit fbfcea89f8e06426c73ab8ea369ca4cdc566db6f
Author: Joey Hess <joey@kitenet.net>
Date:   Wed May 16 19:54:41 2012 -0400

    meta: Security fix; add missing sanitization of author and authorurl. Thanks, Raúl Benencia

commit 18b0f2737b3f1478deff6e9c48217c6f22a576ea
Author: Joey Hess <joey@kitenet.net>
Date:   Wed May 16 22:13:23 2012 -0400

    ensure HTML::Entities is always loaded
    
    (Worked ok in my tests w/o this, but not sure I tested every case,
    and this is correct.)


Signed-off-by: Thomas Moschny <thm@fedoraproject.org>

---
 IkiWiki/Plugin/meta.pm |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/IkiWiki/Plugin/meta.pm b/IkiWiki/Plugin/meta.pm
index 220fff9..38938ed 100644
--- a/IkiWiki/Plugin/meta.pm
+++ b/IkiWiki/Plugin/meta.pm
@@ -312,8 +312,9 @@ sub pagetemplate (@) {
 		$template->param(title_overridden => 1);
 	}
 
-	foreach my $field (qw{author authorurl}) {
-		$template->param($field => $pagestate{$page}{meta}{$field})
+	foreach my $field (qw{authorurl}) {
+		eval q{use HTML::Entities};
+		$template->param($field => HTML::Entities::encode_entities($pagestate{$page}{meta}{$field}))
 			if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);
 	}
 
@@ -324,7 +325,7 @@ sub pagetemplate (@) {
 		}
 	}
 
-	foreach my $field (qw{description}) {
+	foreach my $field (qw{description author}) {
 		eval q{use HTML::Entities};
 		$template->param($field => HTML::Entities::encode_numeric($pagestate{$page}{meta}{$field}))
 			if exists $pagestate{$page}{meta}{$field} && $template->query(name => $field);
-- 
tg: (5fd076e..) t/cve-2012-0220 (depends on: master)