# -*-perl-*-
#
-# $Id: SWCGI.pm,v 1.1 1999/07/30 18:46:37 mdw Exp $
+# $Id: SWCGI.pm,v 1.2 1999/08/24 12:15:33 mdw Exp $
#
# Miscellaneous CGI support functions
#
#----- Revision history -----------------------------------------------------
#
# $Log: SWCGI.pm,v $
+# Revision 1.2 1999/08/24 12:15:33 mdw
+# Properly sanitize CGI arguments (like `gtk+').
+#
# Revision 1.1 1999/07/30 18:46:37 mdw
# New CGI script for browsing installed software and documentation.
#
@ISA = qw(Exporter);
@EXPORT = qw(barf %Q $ref);
-@EXPORT_OK = qw(read);
+@EXPORT_OK = qw(read sanitize);
%EXPORT_TAGS = (layout => [qw(header footer)],
debug => [qw(dumphash)]);
print "</table>\n";
}
+#----- Sanitizing links -----------------------------------------------------
+
+sub sanitize($) {
+ my ($l) = @_;
+ $l =~ s/[+&%=]/"%" . sprintf("%02x", ord($&))/eg;
+ $l =~ tr/ /+/;
+ $l =~ s/[^!-~]/"%" . sprintf("%02x", ord($&))/eg;
+ return $l;
+}
+
#----- Argument reading -----------------------------------------------------
%Q = ();
# -*-perl-*-
#
-# $Id: SWInfo.pm,v 1.3 1999/08/19 12:11:10 mdw Exp $
+# $Id: SWInfo.pm,v 1.4 1999/08/24 12:15:33 mdw Exp $
#
# Read and output GNU Info files
#
#----- Revision history -----------------------------------------------------
#
# $Log: SWInfo.pm,v $
+# Revision 1.4 1999/08/24 12:15:33 mdw
+# Properly sanitize CGI arguments (like `gtk+').
+#
# Revision 1.3 1999/08/19 12:11:10 mdw
# More improvements to URL recognizer.
#
# --- Transform it into something that won't get mangled ---
- $node =~ s/[+&=%]|[^ -~]/sprintf("%%%02x", ord($&))/eg;
- $node =~ tr/ /+/;
+ $node = SWCGI::sanitize($node);
($dir = $i->{dir}) =~ s:$C{prefix}/info/?::;
- $dir = "&dir=$dir" if $dir;
+ $dir = "&dir=" . SWCGI::sanitize($dir) if $dir;
return "<a href=\"$ref?act=info&file=$file&node=$node$dir\">$oref</a>$tail";
}
# -*-perl-*-
#
-# $Id: SWList.pm,v 1.1 1999/07/30 18:46:37 mdw Exp $
+# $Id: SWList.pm,v 1.2 1999/08/24 12:15:34 mdw Exp $
#
# Create the main list of installed packages
#
#----- Revision history -----------------------------------------------------
#
# $Log: SWList.pm,v $
+# Revision 1.2 1999/08/24 12:15:34 mdw
+# Properly sanitize CGI arguments (like `gtk+').
+#
# Revision 1.1 1999/07/30 18:46:37 mdw
# New CGI script for browsing installed software and documentation.
#
# --- If the documentation file exists, put a link in ---
if (-r "$C{doc}/$pkg") {
- print(" <td><a href=\"$ref?act=doc&pkg=$pkg\">Yes</a>\n");
+ printf(" <td><a href=\"$ref?act=doc&pkg=%s\">Yes</a>\n",
+ SWCGI::sanitize($pkg));
} else {
print(" <td>No\n");
}
# -*-perl-*-
#
-# $Id: SWMan.pm,v 1.3 1999/08/19 12:11:10 mdw Exp $
+# $Id: SWMan.pm,v 1.4 1999/08/24 12:15:34 mdw Exp $
#
# Display and other fiddling of manual pages
#
#----- Revision history -----------------------------------------------------
#
# $Log: SWMan.pm,v $
+# Revision 1.4 1999/08/24 12:15:34 mdw
+# Properly sanitize CGI arguments (like `gtk+').
+#
# Revision 1.3 1999/08/19 12:11:10 mdw
# More improvements to URL recognizer.
#
sub subst($$$) {
my ($s, $n, $sec) = @_;
check($n, $sec) and
- return "<a href=\"$ref?act=man&man=$n&sec=$sec\">$s</a>";
- return "$s";
+ return sprintf("<a href=\"$ref?act=man&man=%s&sec=$sec\">$s</a>",
+ SWCGI::sanitize($n));
+ return $s;
}
# --- @urlsubst(URL, STRING)@ ---