From 6ef9199c73532a52161aa0490cded4c53dfb6fab Mon Sep 17 00:00:00 2001
From: cjwatson <>
Date: Thu, 31 Oct 2002 00:55:31 -0800
Subject: [PATCH] [project @ 2002-10-31 00:55:31 by cjwatson] '&' needs to be
 escaped to '&amp;' in HREF attributes too; see HTML 4.01 section 5.3.2.

---
 cgi/common.pl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cgi/common.pl b/cgi/common.pl
index 1e255ee..043c795 100644
--- a/cgi/common.pl
+++ b/cgi/common.pl
@@ -216,9 +216,9 @@ sub urlsanit {
     my $url = shift;
     $url =~ s/%/%25/g;
     $url =~ s/\+/%2b/g;
-    my %saniarray = ('<','lt', '>','gt', '"','quot');
+    my %saniarray = ('<','lt', '>','gt', '&','amp', '"','quot');
     my $out;
-    while ($url =~ m/[<>"]/) {
+    while ($url =~ m/[<>&"]/) {
         $out .= $`. '&'. $saniarray{$&}. ';';
         $url = $';
     }
-- 
2.39.2