[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
HTML-escape patch for Gnatsweb 2.7 beta
|
From: |
Yngve Svendsen |
|
Subject: |
HTML-escape patch for Gnatsweb 2.7 beta |
|
Date: |
Fri, 20 Apr 2001 10:59:21 +0200 |
The following patch for Gnatsweb 2.7 beta ensures that everything displayed
on the query results page is properly HTML escaped. Previously, the query
results display could become badly messed up if HTML tags, or indeed
anything containing the symbols < and >, were included in the
subject/synopsis or in other PR fields. This patch ensures that everything
printed on the query results page has been passed through the escapeHTML
method of CGI.pm.
Yngve Svendsen
IS Engineer
Clustra AS, Trondheim, Norway
address@hidden
*** gnatsweb-2.7beta/gnatsweb.pl Fri Apr 20 10:40:32 2001
--- gnatsweb.pl Fri Apr 20 10:34:40 2001
***************
*** 1658,1683 ****
"\"><font size=-1>edit</font></a>"
if can_edit();
print "</td>";
! print "<td nowrap>$cat</td>" if $vis{'category'};
! print "<td nowrap>$conf</td>" if $vis{'confidential'};
! print "<td nowrap>$state[$state]</td>" if $vis{'state'};
! print "<td nowrap>$class[$class]</td>" if $vis{'class'};
! print "<td nowrap>$severity[$sev]</td>" if $vis{'severity'};
! print "<td nowrap>$priority[$pri]</td>" if $vis{'priority'};
! print "<td nowrap>", nonempty($release), "</td>" if $vis{'release'};
! print "<td nowrap>", nonempty($quarter), "</td>" if($site_release_based
! && $vis{'quarter'});
! print "<td>", nonempty($keywords), "</td>" if($site_release_based
! && $vis{'keywords'});
! print "<td nowrap>$resp</td>" if $vis{'responsible'};
! print "<td nowrap>", nonempty($sub), "</td>" if $vis{'submitter_id'};
! print "<td nowrap>", nonempty($orig), "</td>" if $vis{'originator'};
! print "<td nowrap>$arrival</td>" if $vis{'arrival_date'};
! print "<td nowrap>", nonempty($daterequired), "</td>"
! if($site_release_based && $vis{'date_required'});
! print "<td nowrap>",nonempty($lastmoddate),"</td>" if
$vis{'last_modified'};
! print "<td nowrap>",nonempty($closeddate),"</td>" if $vis{'closed_date'};
! print "<td>$syn</td>" if $vis{'synopsis'};
print "</tr>\n";
}
print "</table>\n";
--- 1658,1685 ----
"\"><font size=-1>edit</font></a>"
if can_edit();
print "</td>";
!
! print $q->td({nowrap}, $q->escapeHTML($cat)) if $vis{'category'};
! print $q->td({nowrap}, $q->escapeHTML($conf)) if $vis{'confidential'};
! print $q->td({nowrap}, $q->escapeHTML($state[$state])) if $vis{'state'};
! print $q->td({nowrap}, $q->escapeHTML($class[$class])) if $vis{'class'};
! print $q->td({nowrap}, $q->escapeHTML($severity[$sev])) if
$vis{'severity'};
! print $q->td({nowrap}, $q->escapeHTML($priority[$pri])) if
$vis{'priority'};
! print $q->td({nowrap}, nonempty($q->escapeHTML($release))) if
$vis{'release'};
! print $q->td({nowrap}, nonempty($q->escapeHTML($quarter)))
if($site_release_based
! &&
$vis{'quarter'});
! print $q->td({nowrap}, nonempty($q->escapeHTML($keywords)))
if($site_release_based
! &&
$vis{'keywords'});
! print $q->td({nowrap}, $q->escapeHTML($resp)) if $vis{'responsible'};
! print $q->td({nowrap}, nonempty($q->escapeHTML($sub))) if
$vis{'submitter_id'};
! print $q->td({nowrap}, nonempty($q->escapeHTML($orig))) if
$vis{'originator'};
! print $q->td({nowrap}, $q->escapeHTML($arrival)) if $vis{'arrival_date'};
! print $q->td({nowrap}, nonempty($q->escapeHTML($daterequired)))
if($site_release_based
! &&
$vis{'date_required'});
! print $q->td({nowrap}, $q->nonempty(escapeHTML($lastmoddate))) if
$vis{'last_modified'};
! print $q->td({nowrap}, $q->nonempty(escapeHTML($closeddate))) if
$vis{'closed_date'};
! print $q->td({nowrap}, $q->escapeHTML($syn)) if $vis{'synopsis'};
!
print "</tr>\n";
}
print "</table>\n";
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- HTML-escape patch for Gnatsweb 2.7 beta,
Yngve Svendsen <=