Changeset 3026

Show
Ignore:
Timestamp:
12/11/07 01:16:23 (6 years ago)
Author:
tokuhirom
Message:

lang/perl/Moxy: fix XSS.

Location:
lang/perl/Moxy/trunk
Files:
1 added
1 modified

Legend:

Unmodified
Added
Removed
  • lang/perl/Moxy/trunk/lib/Moxy/Plugin/Application.pm

    r3025 r3026  
    5858sub _render_control_panel { 
    5959    my ($class, $base, $current_url) = @_; 
    60     return <<"..."; 
     60 
     61    return sprintf(<<"...", encode_entities($current_url)); 
    6162    <form method="get" action="$base"> 
    62         <input type="text" name="q" value="$current_url" size="40" /> 
     63        <input type="text" name="q" value="\%s" size="40" /> 
    6364        <input type="submit" value="go" /> 
    6465    </form>