diff options
| author | Anton Berezin <tobez@FreeBSD.org> | 2003-09-30 08:33:57 +0000 |
|---|---|---|
| committer | Anton Berezin <tobez@FreeBSD.org> | 2003-09-30 08:33:57 +0000 |
| commit | 8c1a9ff69598b1ec5d4eda67cab4ee063268eb3c (patch) | |
| tree | 5cd273474019e37d250b5948d79715bc8601906c /lang/perl5.6/files/patch-CGI.pm | |
| parent | Correct a typo in the plist. (diff) | |
Add a patch to properly escape generated action attribute in
CGI::start_form. The escape code is taken from CGI.pm v.3.00.
PR: 57391
Reported by: IIJIMA Hiromitsu <delmonta@ht.sakura.ne.jp>
Diffstat (limited to '')
| -rw-r--r-- | lang/perl5.6/files/patch-CGI.pm | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/lang/perl5.6/files/patch-CGI.pm b/lang/perl5.6/files/patch-CGI.pm new file mode 100644 index 000000000000..01410684a7ed --- /dev/null +++ b/lang/perl5.6/files/patch-CGI.pm @@ -0,0 +1,15 @@ +--- lib/CGI.pm.orig Tue Sep 30 10:16:33 2003 ++++ lib/CGI.pm Tue Sep 30 10:20:35 2003 +@@ -1497,8 +1497,10 @@ sub startform { + $method = lc($method) || 'post'; + $enctype = $enctype || &URL_ENCODED; + unless (defined $action) { +- $action = $self->url(-absolute=>1,-path=>1); +- $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING}; ++ $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1)); ++ if (length($ENV{QUERY_STRING})>0) { ++ $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1); ++ } + } + $action = qq(action="$action"); + my($other) = @other ? " @other" : ''; |