Translate action URL by escapeHTML() (lib/CGI.pm).

PR: ports/57390 Submitted by: IIJIMA Hiromitsu <delmonta@ht.sakura.ne.jp>
svn path=/head/; revision=90148
2024-10-22 20:41:26 +00:00 · 2003-10-03 16:27:06 +00:00 · 2003-10-03 16:27:06 +00:00 · e42039bc30 · 2021-03-31 03:12:20 +00:00
commit e42039bc30
parent d823ed96c0
1 changed files with 13 additions and 0 deletions
--- a/japanese/perl5/files/patch-lib:CGI.pm
+++ b/japanese/perl5/files/patch-lib:CGI.pm
@ -0,0 +1,13 @@
+--- lib/CGI.pm.orig	Fri Feb 12 09:05:57 1999
+++ lib/CGI.pm	Sat Oct  4 01:14:41 2003
+@@ -1413,8 +1413,8 @@
+ 
+     $method = $method || 'POST';
+     $enctype = $enctype || &URL_ENCODED;
+-    $action = $action ? qq/ACTION="$action"/ : $method eq 'GET' ?
+-	'ACTION="'.$self->script_name.'"' : '';
+    $action = $action ? 'ACTION="'.$self->escapeHTML($action).'"' : $method eq 'GET' ?
+	'ACTION="'.$self->escapeHTML($self->script_name).'"' : '';
+     my($other) = @other ? " @other" : '';
+     $self->{'.parametersToAdd'}={};
+     return qq/<FORM METHOD="$method" $action ENCTYPE="$enctype"$other>\n/;