, section => "widget"
};
}
+my $params_re
+ = qr{
+ (?>
+ (?>(?:[^\[\]]|\[[^\[]|\][^\]])+)
+ |
+ (?'loop'
+ \[\[
+ (?>
+ (?>(?:[^\[\]]|\[[^\[]|\][^\]])+)
+ |
+ (?&loop)
+ )*
+ \]\]
+ )
+ )*
+ }x;
sub scan (@) {
my %params = @_;
my $page = $params{page};
my $type = IkiWiki::pagetype($pagesources{$page});
if (defined $type and $type eq "mdwn") {
my %polls = ();
- while ($content =~ m{(\\?)\[\[\Q$prefix\E(\s+id="([^"]*)")?\s+(.+?)\s*\]\]}gs) {
+ while ($content =~ m{(\\?)\[\[\Q$prefix\E(\s+id="([^"]*)")?\s+($params_re)\s*\]\]}gs) {
my ($escape, $poll, $directive) = ($1, $3, $4);
next if $escape;
$poll = '' unless defined $poll;
if $choices{$choice}{unknown_votes};
}
if ($open && exists $config{cgiurl}) {
+ my $choice_escaped = URI::Escape::uri_escape_utf8($choice, '^A-Za-z0-9\ \-\._~/');
$ret.="<input type=\"hidden\" name=\"do\" value=\"poll\" />\n";
$ret.="<input type=\"hidden\" name=\"num\" value=\"$num\" />\n";
$ret.="<input type=\"hidden\" name=\"page\" value=\"$uri_page\" />\n";
- $ret.="<input type=\"hidden\" name=\"choice\" value=\"$choice\" />\n";
+ $ret.="<input type=\"hidden\" name=\"choice\" value=\"$choice_escaped\" />\n";
$ret.="<input type=\"submit\" value=\"".gettext("vote")."\" />\n";
}
$ret.="<span class='description'>$choice</span>";
my $cgi=shift;
my $session=shift;
if (defined $cgi->param('do') && $cgi->param('do') eq "poll") {
- my $choice=decode_utf8($cgi->param('choice'));
+ my $choice = Encode::decode_utf8(URI::Escape::uri_unescape(IkiWiki::possibly_foolish_untaint($cgi->param('choice'))));
+
if (! defined $choice || not length $choice) {
error("no choice specified");
}
return "$params";
};
my $id='';
- $content =~ s{(\\?)\[\[\Q$prefix\E(\s+id="([^"]*)")?(\s+)(.+?)(\s*)\]\]}{$id=$3;$1.'[['.$prefix.$2.$4.$edit->($1, $5).$6.']]'}gse;
+ $content =~
+ s{
+ (?<escape>\\?)
+ \[\[\Q$prefix\E
+ (?:\s+id="(?<id>[^"]*)")?
+ (?<space_begin>\s+)
+ (?<params>$params_re)
+ (?<space_end>\s*)
+ \]\]
+ }
+ {$id=$+{id};
+ $+{escape}
+ .'[['.$prefix
+ .($+{id} eq ''?'':'id="'.$+{id}.'"')
+ .$+{space_begin}
+ .$edit->($+{escape}, $+{params})
+ .$+{space_end}
+ .']]'
+ }egsx;
# Store their vote, update the page, and redirect to it.
writefile($pagesources{$page}, $config{srcdir}, $content);