Escape titles and dates on their way out of the HTML. It _shouldn't_ be

possible under the current regime to get illegal characters into the database,
but we had one such event, so just do it to be safe; it doesn't harm.
(One might actually also want to fix WebDAV; should be checked, but hey...)

diff --git a/perl/Sesse/pr0n/Common.pm b/perl/Sesse/pr0n/Common.pm
index 324efe9fb0fabc9a39e3caaf1caf3bce47db4b0d..1f1eac878537ebaffcfdb4e0c54187d0bfdf1841 100644 (file)
--- a/perl/Sesse/pr0n/Common.pm
+++ b/perl/Sesse/pr0n/Common.pm
@@ -23,6 +23,7 @@ use MIME::Types;
 use LWP::Simple;
 # use Image::Info;
 use Image::ExifTool;
 use LWP::Simple;
 # use Image::Info;
 use Image::ExifTool;

+use HTML::Entities;

 
 BEGIN {
        use Exporter ();
 
 BEGIN {
        use Exporter ();

diff --git a/perl/Sesse/pr0n/Index.pm b/perl/Sesse/pr0n/Index.pm
index 41b4db1689d1be44e5fadb64c416beb5e78d533c..ca02b75003ed4bb54f04d801978ed1e7da8072f1 100644 (file)
--- a/perl/Sesse/pr0n/Index.pm
+++ b/perl/Sesse/pr0n/Index.pm
@@ -86,8 +86,8 @@ sub handler {
                undef, $event, $r->get_server_name)
                or error($r, "Could not find event $event", 404, "File not found");
 
                undef, $event, $r->get_server_name)
                or error($r, "Could not find event $event", 404, "File not found");
 

-       my $name = $ref->{'name'};
-       my $date = $ref->{'date'};
+       my $date = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'date'}));
+       my $name = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'name'}));

        $r->set_last_modified($ref->{'last_update'});
                                
        # If the client can use cache, do so
        $r->set_last_modified($ref->{'last_update'});
                                
        # If the client can use cache, do so

diff --git a/perl/Sesse/pr0n/Listing.pm b/perl/Sesse/pr0n/Listing.pm
index f478bb892b36319169ab39a1df5d34a669a897b5..294b7bc278c472a650733e7051e29050a0b216d7 100644 (file)
--- a/perl/Sesse/pr0n/Listing.pm
+++ b/perl/Sesse/pr0n/Listing.pm
@@ -31,8 +31,8 @@ sub handler {
 
        while (my $ref = $q->fetchrow_hashref()) {
                my $id = $ref->{'id'};
 
        while (my $ref = $q->fetchrow_hashref()) {
                my $id = $ref->{'id'};

-               my $date = $ref->{'date'};
-               my $name = $ref->{'name'};
+               my $date = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'date'}));
+               my $name = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'name'}));

                
                $r->print("      <li><a href=\"$id/\">$name</a> ($date)</li>\n");
        }
                
                $r->print("      <li><a href=\"$id/\">$name</a> ($date)</li>\n");
        }