Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
util.format: Allow newlines but ensure following lines are indented
authorKim Alvefur <zash@zash.se>
Sat, 03 Jul 2021 04:29:25 +0200
changeset 11651 0fe6a9a3676f
parent 11650 b6ea0148ad37
child 11652 96d3cbeb9275
util.format: Allow newlines but ensure following lines are indented This should a) prevent injection of text that looks like legitimate log lines and b) not mangle tracebacks.
util/format.lua file | annotate | diff | comparison | revisions 
--- a/util/format.lua	Sat Jul 03 04:24:13 2021 +0200
+++ b/util/format.lua	Sat Jul 03 04:29:25 2021 +0200
@@ -60,7 +60,7 @@
 				args[i] = dump(arg);
 				spec = "%s";
 			elseif option == "s" then
-				args[i] = tostring(arg):gsub("[%z\1-\31\127]", control_symbols);
+				args[i] = tostring(arg):gsub("[%z\1-\8\11-\31\127]", control_symbols):gsub("\n\t?", "\n\t");
 			elseif type(arg) ~= "number" then -- arg isn't number as expected?
 				args[i] = tostring(arg);
 				spec = "[%s]";
prosody