From: Steinar H. Gunderson Date: Mon, 22 Jan 2007 23:07:13 +0000 (+0100) Subject: Escape titles and dates on their way out of the HTML. It _shouldn't_ be X-Git-Url: https://git.sesse.net/?p=pr0n;a=commitdiff_plain;h=aebd301b01c9b4e75e382fb7c1fcb9347c48ffd0 Escape titles and dates on their way out of the HTML. It _shouldn't_ be possible under the current regime to get illegal characters into the database, but we had one such event, so just do it to be safe; it doesn't harm. (One might actually also want to fix WebDAV; should be checked, but hey...) --- diff --git a/perl/Sesse/pr0n/Common.pm b/perl/Sesse/pr0n/Common.pm index 324efe9..1f1eac8 100644 --- a/perl/Sesse/pr0n/Common.pm +++ b/perl/Sesse/pr0n/Common.pm @@ -23,6 +23,7 @@ use MIME::Types; use LWP::Simple; # use Image::Info; use Image::ExifTool; +use HTML::Entities; BEGIN { use Exporter (); diff --git a/perl/Sesse/pr0n/Index.pm b/perl/Sesse/pr0n/Index.pm index 41b4db1..ca02b75 100644 --- a/perl/Sesse/pr0n/Index.pm +++ b/perl/Sesse/pr0n/Index.pm @@ -86,8 +86,8 @@ sub handler { undef, $event, $r->get_server_name) or error($r, "Could not find event $event", 404, "File not found"); - my $name = $ref->{'name'}; - my $date = $ref->{'date'}; + my $date = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'date'})); + my $name = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'name'})); $r->set_last_modified($ref->{'last_update'}); # If the client can use cache, do so diff --git a/perl/Sesse/pr0n/Listing.pm b/perl/Sesse/pr0n/Listing.pm index f478bb8..294b7bc 100644 --- a/perl/Sesse/pr0n/Listing.pm +++ b/perl/Sesse/pr0n/Listing.pm @@ -31,8 +31,8 @@ sub handler { while (my $ref = $q->fetchrow_hashref()) { my $id = $ref->{'id'}; - my $date = $ref->{'date'}; - my $name = $ref->{'name'}; + my $date = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'date'})); + my $name = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'name'})); $r->print("
  • $name ($date)
    • \n"); }