Properly sanitize CGI arguments (like `gtk+').

[sw-tools] / perl / SWCGI.pm

diff --git a/perl/SWCGI.pm b/perl/SWCGI.pm
index 2e28455..d092a0f 100644 (file)
--- a/perl/SWCGI.pm
+++ b/perl/SWCGI.pm
@@ -1,6 +1,6 @@
 # -*-perl-*-
 #
-# $Id: SWCGI.pm,v 1.1 1999/07/30 18:46:37 mdw Exp $
+# $Id: SWCGI.pm,v 1.2 1999/08/24 12:15:33 mdw Exp $
 #
 # Miscellaneous CGI support functions
 #
@@ -28,6 +28,9 @@
 #----- Revision history -----------------------------------------------------
 #
 # $Log: SWCGI.pm,v $
+# Revision 1.2  1999/08/24 12:15:33  mdw
+# Properly sanitize CGI arguments (like `gtk+').
+#
 # Revision 1.1  1999/07/30 18:46:37  mdw
 # New CGI script for browsing installed software and documentation.
 #
@@ -41,7 +44,7 @@ use SWConfig;
 
 @ISA = qw(Exporter);
 @EXPORT = qw(barf %Q $ref);
-@EXPORT_OK = qw(read);
+@EXPORT_OK = qw(read sanitize);
 %EXPORT_TAGS = (layout => [qw(header footer)],
                debug => [qw(dumphash)]);
 
@@ -130,6 +133,16 @@ sub dumphash(\%) {
   print "</table>\n";
 }
 
+#----- Sanitizing links -----------------------------------------------------
+
+sub sanitize($) {
+  my ($l) = @_;
+  $l =~ s/[+&%=]/"%" . sprintf("%02x", ord($&))/eg;
+  $l =~ tr/ /+/;
+  $l =~ s/[^!-~]/"%" . sprintf("%02x", ord($&))/eg;
+  return $l;
+}
+
 #----- Argument reading -----------------------------------------------------
 
 %Q = ();