update wheel to avoid XSS

author Don Armstrong <don@donarmstrong.com>

Tue, 20 Oct 2009 21:23:36 +0000 (21:23 +0000)

committer Don Armstrong <don@donarmstrong.com>

Tue, 30 Dec 2014 02:36:08 +0000 (18:36 -0800)
author Don Armstrong <don@donarmstrong.com>
Tue, 20 Oct 2009 21:23:36 +0000 (21:23 +0000)
committer Don Armstrong <don@donarmstrong.com>
Tue, 30 Dec 2014 02:36:08 +0000 (18:36 -0800)
diff --git a/wheel/wheel.pl b/wheel/wheel.pl

index a4c05c3139538f4052d049033dd117f8624c5f97..3facfe94cdde22e7d95d44e4218383beecb6371c 100755 (executable)
--- a/wheel/wheel.pl
+++ b/wheel/wheel.pl
@@ -20,7 +20,7 @@
  
  
  
  
  
  
-my $VERSION=q$Id: wheel.pl,v 1.3 2004-10-21 22:32:38 don Exp $;
+my $VERSION=q$Id: wheel.pl,v 1.4 2009-10-20 21:23:36 don Exp $;
  
  # Intial Released Version 0.10
  # p01: Fixing displayed angle
  
  # Intial Released Version 0.10
  # p01: Fixing displayed angle
@@ -39,6 +39,8 @@ use GD;
  use GD::Text::Align;
  use POSIX;
  
  use GD::Text::Align;
  use POSIX;
  
+use HTML::Entities qw(encode_entities);
+
  
  sub round($) {
    my ($a) = @_;
  
  sub round($) {
    my ($a) = @_;
@@ -521,7 +523,7 @@ else {
    print $q->header();
    print $q->start_html('Helical Wheel Projections');
    if (defined $q->param('submit') and $q->param('submit')=~/Submit/) {
    print $q->header();
    print $q->start_html('Helical Wheel Projections');
    if (defined $q->param('submit') and $q->param('submit')=~/Submit/) {
-    print $q->h1('Wheel:'.$q->param('sequence'));
+    print $q->h1('Wheel:'.encode_entities($q->param('sequence')));
      print $q->img({-src=>$q->self_url.'&draw=yes'});
  
      print <<OUT
      print $q->img({-src=>$q->self_url.'&draw=yes'});
  
      print <<OUT
author	Don Armstrong <don@donarmstrong.com>
	Tue, 20 Oct 2009 21:23:36 +0000 (21:23 +0000)
committer	Don Armstrong <don@donarmstrong.com>
	Tue, 30 Dec 2014 02:36:08 +0000 (18:36 -0800)