diff --git a/en/cgi/mid.cgi b/en/cgi/mid.cgi index dfc8bee219..a21d9cab83 100755 --- a/en/cgi/mid.cgi +++ b/en/cgi/mid.cgi @@ -26,7 +26,7 @@ # # Search a mail by Message-ID, References or In-Reply-To field # -# $FreeBSD: www/en/cgi/mid.cgi,v 1.10 2000/08/08 06:04:10 mharo Exp $ +# $FreeBSD: www/en/cgi/mid.cgi,v 1.11 2000/12/28 13:16:39 wosch Exp $ $hsty_base = ''; @@ -42,6 +42,8 @@ $script = $ENV{'SCRIPT_NAME'}; $shortid = 1; $lookCommand = "/usr/bin/look"; +sub escape($) { $_ = $_[0]; s/&/&/g; s/</</g; s/>/>/g; $_; } + sub get_id { local($query, $db) = @_; @@ -76,9 +78,9 @@ sub get_id { if ($#idlist < 0) { # nothing found print &midheader; if ($db eq 'mid') { - print qq{Message-ID: "$query" not found\n}; + printf "Message-ID: \"%s\" not found\n", escape($query); } else { - print qq{No answers found for: "$query"\n}; + printf "No answers found for: \"%s\"\n", escape($query); } print &foot; diff --git a/en/cgi/search.cgi b/en/cgi/search.cgi index 28ab57dfc9..a7ab277b3f 100755 --- a/en/cgi/search.cgi +++ b/en/cgi/search.cgi @@ -15,7 +15,7 @@ # Disclaimer: # This is pretty ugly in places. # -# $FreeBSD: www/en/cgi/search.cgi,v 1.21 2001/02/22 11:51:39 wosch Exp $ +# $FreeBSD: www/en/cgi/search.cgi,v 1.22 2001/10/30 07:26:27 kuriyama Exp $ $server_root = '/usr/local/www'; @@ -31,11 +31,13 @@ require "./cgi-style.pl"; @months = ('Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'); +sub escape($) { $_ = $_[0]; s/&/&/g; s/</</g; s/>/>/g; $_; } + sub do_wais { &ReadParse; - @FORM_words = split(/ /, $in{"words"}); - @FORM_source = split(/\0/, $in{"source"}); + @FORM_words = split(/ /, escape($in{"words"})); + @FORM_source = split(/\0/, escape($in{"source"})); $FORM_max = $in{"max"}; $FORM_docnum = $in{"docnum"}; $FORM_index = $in{"index"}; @@ -116,7 +118,6 @@ sub do_wais { else { print "The archive <em>@AVAIL_source</em> contains "; } - @FORM_words = map { s/&/&/g; s/</</g; s/>/>/g; $_; } @FORM_words; print " the following items relevant to \`@FORM_words\':\n"; print "<OL>\n"; @@ -229,19 +230,12 @@ sub checksource { return(@goodsources); } -sub htmlescape { - local ($data) = @_; - $data =~ s/&/&/g; - $data =~ s/</</g; - return $data; -} - sub docdone { $file =~ s/\.src$//; if ($headline =~ /Search produced no result/) { print "<p>The archive <em>$file</em> contains no relevant documents.</p>" } else { - $headline = &htmlescape($headline); + $headline = escape($headline); $headline =~ s/\\"/\"/g; if ($file eq "www" || $file eq 'pkgdescr') { print "<li><a href=\"$headline\">$headline</a>\n";