Properly sanitize CGI arguments (like `gtk+').

[sw-tools] / perl / SWList.pm

diff --git a/perl/SWList.pm b/perl/SWList.pm
index e2e83be..579665b 100644 (file)
--- a/perl/SWList.pm
+++ b/perl/SWList.pm
@@ -1,6 +1,6 @@
 # -*-perl-*-
 #
-# $Id: SWList.pm,v 1.1 1999/07/30 18:46:37 mdw Exp $
+# $Id: SWList.pm,v 1.2 1999/08/24 12:15:34 mdw Exp $
 #
 # Create the main list of installed packages
 #
@@ -28,6 +28,9 @@
 #----- Revision history -----------------------------------------------------
 #
 # $Log: SWList.pm,v $
+# Revision 1.2  1999/08/24 12:15:34  mdw
+# Properly sanitize CGI arguments (like `gtk+').
+#
 # Revision 1.1  1999/07/30 18:46:37  mdw
 # New CGI script for browsing installed software and documentation.
 #
@@ -197,7 +200,8 @@ EOF
     # --- If the documentation file exists, put a link in ---
 
     if (-r "$C{doc}/$pkg") {
-      print("  <td><a href=\"$ref?act=doc&pkg=$pkg\">Yes</a>\n");
+      printf("  <td><a href=\"$ref?act=doc&pkg=%s\">Yes</a>\n",
+            SWCGI::sanitize($pkg));
     } else {
       print("  <td>No\n");
     }