From: Don Armstrong <don@donarmstrong.com>
Date: Tue, 20 Oct 2009 21:23:36 +0000 (+0000)
Subject: update wheel to avoid XSS
X-Git-Url: https://git.donarmstrong.com/?p=wheel.git;a=commitdiff_plain;h=0d6f3892ec8a9ad40d00b6aa4fd9e233a6898e32

update wheel to avoid XSS
---

diff --git a/wheel/wheel.pl b/wheel/wheel.pl
index a4c05c3..3facfe9 100755
--- a/wheel/wheel.pl
+++ b/wheel/wheel.pl
@@ -20,7 +20,7 @@
 
 
 
-my $VERSION=q$Id: wheel.pl,v 1.3 2004-10-21 22:32:38 don Exp $;
+my $VERSION=q$Id: wheel.pl,v 1.4 2009-10-20 21:23:36 don Exp $;
 
 # Intial Released Version 0.10
 # p01: Fixing displayed angle
@@ -39,6 +39,8 @@ use GD;
 use GD::Text::Align;
 use POSIX;
 
+use HTML::Entities qw(encode_entities);
+
 
 sub round($) {
   my ($a) = @_;
@@ -521,7 +523,7 @@ else {
   print $q->header();
   print $q->start_html('Helical Wheel Projections');
   if (defined $q->param('submit') and $q->param('submit')=~/Submit/) {
-    print $q->h1('Wheel:'.$q->param('sequence'));
+    print $q->h1('Wheel:'.encode_entities($q->param('sequence')));
     print $q->img({-src=>$q->self_url.'&draw=yes'});
 
     print <<OUT