Prevent cross-site-scripting by escaping input text.
Pointed out by: "Benjamin Krueger" <roo@ufies.org> Reference: http://securityfocus.com/cgi-bin/archive.pl?id=1&mid=220101&start=2001-10-09&end=2001-10-15
This commit is contained in:
parent
45981a7b76
commit
eef8406907
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/www/; revision=11073
1 changed files with 2 additions and 1 deletions
|
@ -15,7 +15,7 @@
|
|||
# Disclaimer:
|
||||
# This is pretty ugly in places.
|
||||
#
|
||||
# $FreeBSD: www/en/cgi/search.cgi,v 1.20 2000/12/28 13:37:51 wosch Exp $
|
||||
# $FreeBSD: www/en/cgi/search.cgi,v 1.21 2001/02/22 11:51:39 wosch Exp $
|
||||
|
||||
|
||||
$server_root = '/usr/local/www';
|
||||
|
@ -116,6 +116,7 @@ sub do_wais {
|
|||
else {
|
||||
print "The archive <em>@AVAIL_source</em> contains ";
|
||||
}
|
||||
@FORM_words = map { s/&/&/g; s/</</g; s/>/>/g; $_; } @FORM_words;
|
||||
print " the following items relevant to \`@FORM_words\':\n";
|
||||
print "<OL>\n";
|
||||
|
||||
|
|
Loading…
Reference in a new issue