Properly sanitize CGI arguments (like `gtk+').

[sw-tools] / perl / SWInfo.pm

diff --git a/perl/SWInfo.pm b/perl/SWInfo.pm
index 42c4119..c4cf7bb 100644 (file)
--- a/perl/SWInfo.pm
+++ b/perl/SWInfo.pm
@@ -1,6 +1,6 @@
 # -*-perl-*-
 #
-# $Id: SWInfo.pm,v 1.3 1999/08/19 12:11:10 mdw Exp $
+# $Id: SWInfo.pm,v 1.4 1999/08/24 12:15:33 mdw Exp $
 #
 # Read and output GNU Info files
 #
@@ -28,6 +28,9 @@
 #----- Revision history -----------------------------------------------------
 #
 # $Log: SWInfo.pm,v $
+# Revision 1.4  1999/08/24 12:15:33  mdw
+# Properly sanitize CGI arguments (like `gtk+').
+#
 # Revision 1.3  1999/08/19 12:11:10  mdw
 # More improvements to URL recognizer.
 #
@@ -80,11 +83,10 @@ sub subst($$$) {
 
   # --- Transform it into something that won't get mangled ---
 
-  $node =~ s/[+&=%]|[^ -~]/sprintf("%%%02x", ord($&))/eg;
-  $node =~ tr/ /+/;
+  $node = SWCGI::sanitize($node);
 
   ($dir = $i->{dir}) =~ s:$C{prefix}/info/?::;
-  $dir = "&dir=$dir" if $dir;
+  $dir = "&dir=" . SWCGI::sanitize($dir) if $dir;
 
   return "<a href=\"$ref?act=info&file=$file&node=$node$dir\">$oref</a>$tail";
 }