From: Julien Moutinho <julm+ikiwiki+poll@autogeree.net>
Date: Fri, 14 Mar 2014 04:01:27 +0000 (+0100)
Subject: Correction : expression rationnelle.
X-Git-Url: http://git.heureux-cyclage.org/?p=ikiwiki%2Fpoll.git;a=commitdiff_plain;h=2af402570220c582546515129925f9dadcc155ec

Correction : expression rationnelle.
---

diff --git a/poll.pm b/poll.pm
index 612b49d..b79fd0e 100644
--- a/poll.pm
+++ b/poll.pm
@@ -22,6 +22,22 @@ sub getsetup () {
 		 , section => "widget"
 		 };
  }
+my $params_re
+ = qr{
+	(?>
+		(?>(?:[^\[\]]|\[[^\[]|\][^\]])+)
+	|
+		(?'loop'
+			\[\[
+			(?>
+				(?>(?:[^\[\]]|\[[^\[]|\][^\]])+)
+			|
+				(?&loop)
+			)*
+			\]\]
+		)
+	)*
+ }x;
 sub scan (@) {
 	my %params = @_;
 	my $page = $params{page};
@@ -30,7 +46,7 @@ sub scan (@) {
 	my $type = IkiWiki::pagetype($pagesources{$page});
 	if (defined $type and $type eq "mdwn") {
 		my %polls = ();
-		while ($content =~ m{(\\?)\[\[\Q$prefix\E(\s+id="([^"]*)")?\s+(.+?)\s*\]\]}gs) {
+		while ($content =~ m{(\\?)\[\[\Q$prefix\E(\s+id="([^"]*)")?\s+($params_re)\s*\]\]}gs) {
 			my ($escape, $poll, $directive) = ($1, $3, $4);
 			next if $escape;
 			$poll = '' unless defined $poll;
@@ -119,10 +135,11 @@ sub preprocess (@) {
 				if $choices{$choice}{unknown_votes};
 		 }
 		if ($open && exists $config{cgiurl}) {
+			my $choice_escaped = URI::Escape::uri_escape_utf8($choice, '^A-Za-z0-9\ \-\._~/');
 			$ret.="<input type=\"hidden\" name=\"do\" value=\"poll\" />\n";
 			$ret.="<input type=\"hidden\" name=\"num\" value=\"$num\" />\n";
 			$ret.="<input type=\"hidden\" name=\"page\" value=\"$uri_page\" />\n";
-			$ret.="<input type=\"hidden\" name=\"choice\" value=\"$choice\" />\n";
+			$ret.="<input type=\"hidden\" name=\"choice\" value=\"$choice_escaped\" />\n";
 			$ret.="<input type=\"submit\" value=\"".gettext("vote")."\" />\n";
 		 }
 		$ret.="<span class='description'>$choice</span>";
@@ -156,7 +173,8 @@ sub sessioncgi ($$) {
 	my $cgi=shift;
 	my $session=shift;
 	if (defined $cgi->param('do') && $cgi->param('do') eq "poll") {
-		my $choice=decode_utf8($cgi->param('choice'));
+		my $choice = Encode::decode_utf8(URI::Escape::uri_unescape(IkiWiki::possibly_foolish_untaint($cgi->param('choice'))));
+		
 		if (! defined $choice || not length $choice) {
 			error("no choice specified");
 		 }
@@ -239,7 +257,25 @@ sub sessioncgi ($$) {
 			return "$params";
 		 };
 		my $id='';
-		$content =~ s{(\\?)\[\[\Q$prefix\E(\s+id="([^"]*)")?(\s+)(.+?)(\s*)\]\]}{$id=$3;$1.'[['.$prefix.$2.$4.$edit->($1, $5).$6.']]'}gse;
+		$content =~
+		 s{
+			(?<escape>\\?)
+			\[\[\Q$prefix\E
+				(?:\s+id="(?<id>[^"]*)")?
+				(?<space_begin>\s+)
+				(?<params>$params_re)
+				(?<space_end>\s*)
+			\]\]
+			}
+		 {$id=$+{id};
+			$+{escape}
+			.'[['.$prefix
+				.($+{id} eq ''?'':'id="'.$+{id}.'"')
+				.$+{space_begin}
+				.$edit->($+{escape}, $+{params})
+				.$+{space_end}
+			.']]'
+		 }egsx;
 		
 		# Store their vote, update the page, and redirect to it.
 		writefile($pagesources{$page}, $config{srcdir}, $content);