From: cjwatson <>
Date: Thu, 31 Oct 2002 08:55:31 +0000 (-0800)
Subject: [project @ 2002-10-31 00:55:31 by cjwatson]
X-Git-Tag: release/2.6.0~1014
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=6ef9199c73532a52161aa0490cded4c53dfb6fab;p=debbugs.git

[project @ 2002-10-31 00:55:31 by cjwatson]
'&' needs to be escaped to '&amp;' in HREF attributes too; see HTML 4.01
section 5.3.2.
---

diff --git a/cgi/common.pl b/cgi/common.pl
index 1e255ee7..043c795d 100644
--- a/cgi/common.pl
+++ b/cgi/common.pl
@@ -216,9 +216,9 @@ sub urlsanit {
     my $url = shift;
     $url =~ s/%/%25/g;
     $url =~ s/\+/%2b/g;
-    my %saniarray = ('<','lt', '>','gt', '"','quot');
+    my %saniarray = ('<','lt', '>','gt', '&','amp', '"','quot');
     my $out;
-    while ($url =~ m/[<>"]/) {
+    while ($url =~ m/[<>&"]/) {
         $out .= $`. '&'. $saniarray{$&}. ';';
         $url = $';
     }