Update of /cvsroot/lxr/lxr/lib/LXR
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv13367/lib/LXR
Modified Files:
Template.pm
Log Message:
Template.pm: looked-for identifier not showing up in ident page title
Fix for bug #238: when generating <TITLE> element, sub titleexpand uses parameter $HTTP->{'param'}{'_i'} which comes from QUERY_STRING. But this parameter has been deleted during httpinit to prevent XSS attacks. A sanitized version of this variable is available through global variable $identifier. Replaced $HTTP->... by $identifier.
Index: Template.pm
===================================================================
RCS file: /cvsroot/lxr/lxr/lib/LXR/Template.pm,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- Template.pm 12 Apr 2013 14:51:57 -0000 1.23
+++ Template.pm 3 Jun 2013 11:19:01 -0000 1.24
@@ -527,16 +527,16 @@
my $ret;
if ($who eq 'source' || $who eq 'diff' || $who eq 'sourcedir') {
- $ret = $config->sourcerootname . $pathname;
+ $ret = $config->{'sourcerootname'} . $pathname;
} elsif ($who eq 'ident') {
- my $i = $HTTP->{'param'}{'_i'};
- $ret = $config->sourcerootname . ' identifier search'
- . ($i ? ": $i" : '');
+ $ret = $config->{'sourcerootname'} . ' identifier search'
+ . ($identifier ? ": $identifier" : '');
} elsif ($who eq 'search') {
my $s = $HTTP->{'param'}{'_string'};
- $ret = $config->sourcerootname . ' general search'
+ $ret = $config->{'sourcerootname'} . ' general search'
. ($s ? ": $s" : '');
}
+ $ret =~ s/&/&/g;
$ret =~ s/</</g;
$ret =~ s/>/>/g;
return $ret;
|
