Fix a few XSS-ish issues.

[pr0n] / perl / Sesse / pr0n / Common.pm

diff --git a/perl/Sesse/pr0n/Common.pm b/perl/Sesse/pr0n/Common.pm
index e446ca831969567ae788fc4289912df6fd4289d7..073996f187bc06783d1dc8ac8c27019e6974d691 100644 (file)
--- a/perl/Sesse/pr0n/Common.pm
+++ b/perl/Sesse/pr0n/Common.pm
@@ -24,6 +24,7 @@ use LWP::Simple;
 # use Image::Info;
 use Image::ExifTool;
 use HTML::Entities;
+use URI::Escape;
 
 BEGIN {
        use Exporter ();
@@ -34,7 +35,7 @@ BEGIN {
                require Sesse::pr0n::Config_local;
        };
 
-       $VERSION     = "v2.40";
+       $VERSION     = "v2.41";
        @ISA         = qw(Exporter);
        @EXPORT      = qw(&error &dberror);
        %EXPORT_TAGS = qw();
@@ -129,6 +130,12 @@ sub get_query_string {
        while (my ($key, $value) = each %$param) {
                next unless defined($value);
                next if (defined($defparam->{$key}) && $value == $defparam->{$key});
+
+               $value = URI::Escape::uri_escape($value);
+
+               # Unescape a few for prettiness (we'll need something for a real _, though)
+               $value =~ s/%20/_/g;
+               $value =~ s/%2F/\//g;
        
                $str .= ($first) ? "?" : ';';
                $str .= "$key=$value";
@@ -404,7 +411,7 @@ sub ensure_cached {
                                        $parms{'interlace'} = 'Plane';
                                }
                                if (defined($sf)) {
-                                       $parms{'scaling-factor'} = $sf;
+                                       $parms{'sampling-factor'} = $sf;
                                }
                                $err = $cimg->write(%parms);
                        }