Properly sanitize CGI arguments (like `gtk+').

[sw-tools] / perl / SWMan.pm

diff --git a/perl/SWMan.pm b/perl/SWMan.pm
index e799148..4a48eb5 100644 (file)
--- a/perl/SWMan.pm
+++ b/perl/SWMan.pm
@@ -1,6 +1,6 @@
 # -*-perl-*-
 #
-# $Id: SWMan.pm,v 1.3 1999/08/19 12:11:10 mdw Exp $
+# $Id: SWMan.pm,v 1.4 1999/08/24 12:15:34 mdw Exp $
 #
 # Display and other fiddling of manual pages
 #
@@ -28,6 +28,9 @@
 #----- Revision history -----------------------------------------------------
 #
 # $Log: SWMan.pm,v $
+# Revision 1.4  1999/08/24 12:15:34  mdw
+# Properly sanitize CGI arguments (like `gtk+').
+#
 # Revision 1.3  1999/08/19 12:11:10  mdw
 # More improvements to URL recognizer.
 #
@@ -106,8 +109,9 @@ sub check($$) {
 sub subst($$$) {
   my ($s, $n, $sec) = @_;
   check($n, $sec) and
-    return "<a href=\"$ref?act=man&man=$n&sec=$sec\">$s</a>";
-  return "$s";
+    return sprintf("<a href=\"$ref?act=man&man=%s&sec=$sec\">$s</a>",
+                  SWCGI::sanitize($n));
+  return $s;
 }
 
 # --- @urlsubst(URL, STRING)@ ---