From: <de...@de...> - 2012-10-09 10:40:27
|
Author: YaojunFei Date: 2012-10-09 05:40:21 -0500 (Tue, 09 Oct 2012) New Revision: 23586 Trac url: http://develop.twiki.org/trac/changeset/23586 Modified: twiki/trunk/RatingContrib/lib/TWiki/Contrib/RatingContrib.pm Log: Item6970: Escape single quote in an option name. Modified: twiki/trunk/RatingContrib/lib/TWiki/Contrib/RatingContrib.pm =================================================================== --- twiki/trunk/RatingContrib/lib/TWiki/Contrib/RatingContrib.pm 2012-10-09 08:59:42 UTC (rev 23585) +++ twiki/trunk/RatingContrib/lib/TWiki/Contrib/RatingContrib.pm 2012-10-09 10:40:21 UTC (rev 23586) @@ -26,7 +26,7 @@ use vars qw( $VERSION $RELEASE $SHORTDESCRIPTION ); $VERSION = '$Rev$'; -$RELEASE = '2010-12-03'; +$RELEASE = '2012-10-09'; $SHORTDESCRIPTION = 'Rating widget for TWiki forms using "line of stars" style input field'; require CGI; @@ -62,12 +62,14 @@ }, $hidden); if ($input_attrs) { + my $nameEsc = $name; + $nameEsc =~ s/\'/\\'/g; foreach my $i (1..$size) { my $attrs = { style => 'width:'.($i * $blockWidth). 'px;z-index:'.($size - $i + 2) }; - $attrs->{href} = "javascript:RatingClicked('rate_value_$name',". - "'rate_display_$name', $i, $blockWidth)"; + $attrs->{href} = "javascript:RatingClicked('rate_value_$nameEsc',". + "'rate_display_$nameEsc', $i, $blockWidth)"; $result .= CGI::a($attrs, $i); } } |