[Lxr-commits] CVS: lxr/lib/LXR Template.pm,1.23,1.24

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/lxr/lxr/lib/LXR
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv13367/lib/LXR

Modified Files:
	Template.pm 
Log Message:
Template.pm: looked-for identifier not showing up in ident page title

Fix for bug #238: when generating <TITLE> element, sub titleexpand uses parameter $HTTP->{'param'}{'_i'} which comes from QUERY_STRING. But this parameter has been deleted during httpinit to prevent XSS attacks. A sanitized version of this variable is available through global variable $identifier. Replaced $HTTP->... by $identifier.

Index: Template.pm
===================================================================
RCS file: /cvsroot/lxr/lxr/lib/LXR/Template.pm,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24

--- Template.pm	12 Apr 2013 14:51:57 -0000	1.23
+++ Template.pm	3 Jun 2013 11:19:01 -0000	1.24
@@ -527,16 +527,16 @@
 	my $ret;
 
 	if ($who eq 'source' || $who eq 'diff' || $who eq 'sourcedir') {
-		$ret = $config->sourcerootname . $pathname;
+		$ret = $config->{'sourcerootname'} . $pathname;
 	} elsif ($who eq 'ident') {
-		my $i = $HTTP->{'param'}{'_i'};
-		$ret = $config->sourcerootname . ' identifier search'
-				. ($i ? ": $i" : '');
+		$ret = $config->{'sourcerootname'} . ' identifier search'
+				. ($identifier ? ": $identifier" : '');
 	} elsif ($who eq 'search') {
 		my $s = $HTTP->{'param'}{'_string'};
-		$ret = $config->sourcerootname . ' general search'
+		$ret = $config->{'sourcerootname'} . ' general search'
 				. ($s ? ": $s" : '');
 	}
+	$ret =~ s/&/&amp;/g;
 	$ret =~ s/</&lt;/g;
 	$ret =~ s/>/&gt;/g;
 	return $ret;



