Escape input from query.
This commit is contained in:
Jun Kuriyama
parent
d7244883cd
commit
bdcf881fcc
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/www/; revision=12845
2 changed files with 11 additions and 15 deletions
en/cgi
|
|
@ -26,7 +26,7 @@
|
|||
#
|
||||
# Search a mail by Message-ID, References or In-Reply-To field
|
||||
#
|
||||
# $FreeBSD: www/en/cgi/mid.cgi,v 1.10 2000/08/08 06:04:10 mharo Exp $
|
||||
# $FreeBSD: www/en/cgi/mid.cgi,v 1.11 2000/12/28 13:16:39 wosch Exp $
|
||||
|
||||
$hsty_base = '';
|
||||
|
||||
|
|
@ -42,6 +42,8 @@ $script = $ENV{'SCRIPT_NAME'};
|
|||
$shortid = 1;
|
||||
$lookCommand = "/usr/bin/look";
|
||||
|
||||
sub escape($) { $_ = $_[0]; s/&/&/g; s/</</g; s/>/>/g; $_; }
|
||||
|
||||
sub get_id {
|
||||
local($query, $db) = @_;
|
||||
|
||||
|
|
@ -76,9 +78,9 @@ sub get_id {
|
|||
if ($#idlist < 0) { # nothing found
|
||||
print &midheader;
|
||||
if ($db eq 'mid') {
|
||||
print qq{Message-ID: "$query" not found\n};
|
||||
printf "Message-ID: \"%s\" not found\n", escape($query);
|
||||
} else {
|
||||
print qq{No answers found for: "$query"\n};
|
||||
printf "No answers found for: \"%s\"\n", escape($query);
|
||||
}
|
||||
print &foot;
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
# Disclaimer:
|
||||
# This is pretty ugly in places.
|
||||
#
|
||||
# $FreeBSD: www/en/cgi/search.cgi,v 1.21 2001/02/22 11:51:39 wosch Exp $
|
||||
# $FreeBSD: www/en/cgi/search.cgi,v 1.22 2001/10/30 07:26:27 kuriyama Exp $
|
||||
|
||||
|
||||
$server_root = '/usr/local/www';
|
||||
|
|
@ -31,11 +31,13 @@ require "./cgi-style.pl";
|
|||
|
||||
@months = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec');
|
||||
|
||||
sub escape($) { $_ = $_[0]; s/&/&/g; s/</</g; s/>/>/g; $_; }
|
||||
|
||||
sub do_wais {
|
||||
&ReadParse;
|
||||
|
||||
@FORM_words = split(/ /, $in{"words"});
|
||||
@FORM_source = split(/\0/, $in{"source"});
|
||||
@FORM_words = split(/ /, escape($in{"words"}));
|
||||
@FORM_source = split(/\0/, escape($in{"source"}));
|
||||
$FORM_max = $in{"max"};
|
||||
$FORM_docnum = $in{"docnum"};
|
||||
$FORM_index = $in{"index"};
|
||||
|
|
@ -116,7 +118,6 @@ sub do_wais {
|
|||
else {
|
||||
print "The archive <em>@AVAIL_source</em> contains ";
|
||||
}
|
||||
@FORM_words = map { s/&/&/g; s/</</g; s/>/>/g; $_; } @FORM_words;
|
||||
print " the following items relevant to \`@FORM_words\':\n";
|
||||
print "<OL>\n";
|
||||
|
||||
|
|
@ -229,19 +230,12 @@ sub checksource {
|
|||
return(@goodsources);
|
||||
}
|
||||
|
||||
sub htmlescape {
|
||||
local ($data) = @_;
|
||||
$data =~ s/&/&/g;
|
||||
$data =~ s/</</g;
|
||||
return $data;
|
||||
}
|
||||
|
||||
sub docdone {
|
||||
$file =~ s/\.src$//;
|
||||
if ($headline =~ /Search produced no result/) {
|
||||
print "<p>The archive <em>$file</em> contains no relevant documents.</p>"
|
||||
} else {
|
||||
$headline = &htmlescape($headline);
|
||||
$headline = escape($headline);
|
||||
$headline =~ s/\\"/\"/g;
|
||||
if ($file eq "www" || $file eq 'pkgdescr') {
|
||||
print "<li><a href=\"$headline\">$headline</a>\n";
|
||||
|
|
|
|||
Loading…
Reference in a new issue