User: sits
Date: 08/01/18 13:20:14
Modified: . CHANGELOG
lib/Codestriker/Http Input.pm
Log:
* Make sure if an invalid CGI parameter value is specified that its
value is encoded when displaying the generic error page. Reported
by [EMAIL PROTECTED]
Index: CHANGELOG
===================================================================
RCS file: /cvsroot/codestriker/codestriker/CHANGELOG,v
retrieving revision 1.222
retrieving revision 1.223
diff -u -r1.222 -r1.223
--- CHANGELOG 13 Jan 2008 09:15:20 -0000 1.222
+++ CHANGELOG 18 Jan 2008 21:20:13 -0000 1.223
@@ -19,6 +19,10 @@
* Support for TestDirector as a supported bug tracking system.
Submitted by [EMAIL PROTECTED]
+
+* Make sure if an invalid CGI parameter value is specified that its
+ value is encoded when displaying the generic error page. Reported
+ by [EMAIL PROTECTED]
Version 1.9.4
Index: Input.pm
===================================================================
RCS file: /cvsroot/codestriker/codestriker/lib/Codestriker/Http/Input.pm,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- Input.pm 25 Aug 2007 06:23:12 -0000 1.45
+++ Input.pm 18 Jan 2008 21:20:13 -0000 1.46
@@ -304,7 +304,7 @@
$self->{$name} = $1;
} else {
my $error_message = "Input parameter $name has invalid value: " .
- "\"$value\"";
+ HTML::Entities::encode($value);
$self->{http_response}->error($error_message);
}
} else {
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Codestriker-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/codestriker-commits
