* Gnatsweb: HTML escape patch
@ 2001-03-21 14:42 Yngve Svendsen
0 siblings, 0 replies; only message in thread
From: Yngve Svendsen @ 2001-03-21 14:42 UTC (permalink / raw)
To: gnats-devel, Gerald Pfeifer
This patch fixes a bug in Gnatsweb where the synopses of PRs aren't
properly escaped before being printed to the query results page. This
creates problems when a synopsis contains < and/or > characters. It is
against the latest CVS version of Gnatsweb 3.95.
This fixes
< http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view&pr=961&database=gcc >
Gerald: I hope this applies without the problems you encountered with the
last patch from me.
- Yngve
gnatsweb.pl (display_query_results): Apply escapeHTML to $fieldcontents
before printing.
Index: gnatsweb.pl
===================================================================
RCS file: /cvs/gnats/gnats/contrib/gnatsweb/gnatsweb.pl,v
retrieving revision 2.27
diff -u -p -r2.27 gnatsweb.pl
--- gnatsweb.pl 2001/03/21 09:09:27 2.27
+++ gnatsweb.pl 2001/03/21 22:21:54
@@ -1816,6 +1816,7 @@ sub display_query_results
my $enumvals = fieldinfo($ufields[$whichfield], 'values');
$fieldcontents = $$enumvals[$fieldcontents - 1] || 'invalid';
}
+ $fieldcontents = $q->escapeHTML($fieldcontents);
print "<td nowrap>$fieldcontents";
$whichfield++;
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2001-03-21 14:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-03-21 14:42 Gnatsweb: HTML escape patch Yngve Svendsen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).