Add a patch to properly escape generated action attribute in

CGI::start_form. The escape code is taken from CGI.pm v.3.00. PR: 57391 Reported by: IIJIMA Hiromitsu <delmonta@ht.sakura.ne.jp>
svn path=/head/; revision=89884
2003-09-30 08:33:57 +00:00 · 2003-09-30 08:33:57 +00:00 · 8c1a9ff695 · 2021-03-31 03:12:20 +00:00
commit 8c1a9ff695
parent 1a52184ea3
14 changed files with 112 additions and 7 deletions
--- a/lang/perl5.10/Makefile
+++ b/lang/perl5.10/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	perl
 PORTVERSION=	${PERL_VER}
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	lang devel perl5
 MASTER_SITES=	${MASTER_SITE_PERL_CPAN} \
 		${MASTER_SITE_LOCAL:S/$/:local/} \
--- a/lang/perl5.10/files/patch-CGI.pm
+++ b/lang/perl5.10/files/patch-CGI.pm
@ -0,0 +1,15 @@
+--- lib/CGI.pm.orig	Tue Sep 30 10:17:22 2003
+++ lib/CGI.pm	Tue Sep 30 10:20:20 2003
+@@ -1532,8 +1532,10 @@ sub startform {
+     $method = lc($method) || 'post';
+     $enctype = $enctype || &URL_ENCODED;
+     unless (defined $action) {
+-       $action = $self->url(-absolute=>1,-path=>1);
+-       $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
+       $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
+       if (length($ENV{QUERY_STRING})>0) {
+           $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
+       }
+     }
+     $action = qq(action="$action");
+     my($other) = @other ? " @other" : '';
--- a/lang/perl5.12/Makefile
+++ b/lang/perl5.12/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	perl
 PORTVERSION=	${PERL_VER}
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	lang devel perl5
 MASTER_SITES=	${MASTER_SITE_PERL_CPAN} \
 		${MASTER_SITE_LOCAL:S/$/:local/} \
--- a/lang/perl5.12/files/patch-CGI.pm
+++ b/lang/perl5.12/files/patch-CGI.pm
@ -0,0 +1,15 @@
+--- lib/CGI.pm.orig	Tue Sep 30 10:17:22 2003
+++ lib/CGI.pm	Tue Sep 30 10:20:20 2003
+@@ -1532,8 +1532,10 @@ sub startform {
+     $method = lc($method) || 'post';
+     $enctype = $enctype || &URL_ENCODED;
+     unless (defined $action) {
+-       $action = $self->url(-absolute=>1,-path=>1);
+-       $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
+       $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
+       if (length($ENV{QUERY_STRING})>0) {
+           $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
+       }
+     }
+     $action = qq(action="$action");
+     my($other) = @other ? " @other" : '';
--- a/lang/perl5.14/Makefile
+++ b/lang/perl5.14/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	perl
 PORTVERSION=	${PERL_VER}
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	lang devel perl5
 MASTER_SITES=	${MASTER_SITE_PERL_CPAN} \
 		${MASTER_SITE_LOCAL:S/$/:local/} \
--- a/lang/perl5.14/files/patch-CGI.pm
+++ b/lang/perl5.14/files/patch-CGI.pm
@ -0,0 +1,15 @@
+--- lib/CGI.pm.orig	Tue Sep 30 10:17:22 2003
+++ lib/CGI.pm	Tue Sep 30 10:20:20 2003
+@@ -1532,8 +1532,10 @@ sub startform {
+     $method = lc($method) || 'post';
+     $enctype = $enctype || &URL_ENCODED;
+     unless (defined $action) {
+-       $action = $self->url(-absolute=>1,-path=>1);
+-       $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
+       $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
+       if (length($ENV{QUERY_STRING})>0) {
+           $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
+       }
+     }
+     $action = qq(action="$action");
+     my($other) = @other ? " @other" : '';
--- a/lang/perl5.16/Makefile
+++ b/lang/perl5.16/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	perl
 PORTVERSION=	${PERL_VER}
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	lang devel perl5
 MASTER_SITES=	${MASTER_SITE_PERL_CPAN} \
 		${MASTER_SITE_LOCAL:S/$/:local/} \
--- a/lang/perl5.16/files/patch-CGI.pm
+++ b/lang/perl5.16/files/patch-CGI.pm
@ -0,0 +1,15 @@
+--- lib/CGI.pm.orig	Tue Sep 30 10:17:22 2003
+++ lib/CGI.pm	Tue Sep 30 10:20:20 2003
+@@ -1532,8 +1532,10 @@ sub startform {
+     $method = lc($method) || 'post';
+     $enctype = $enctype || &URL_ENCODED;
+     unless (defined $action) {
+-       $action = $self->url(-absolute=>1,-path=>1);
+-       $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
+       $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
+       if (length($ENV{QUERY_STRING})>0) {
+           $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
+       }
+     }
+     $action = qq(action="$action");
+     my($other) = @other ? " @other" : '';
--- a/lang/perl5.6/Makefile
+++ b/lang/perl5.6/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	perl
 PORTVERSION=	${PERL_VER}
-PORTREVISION=	13
+PORTREVISION=	14
 CATEGORIES=	lang devel perl5
 MASTER_SITES=	${MASTER_SITE_PERL_CPAN} \
 		${MASTER_SITE_LOCAL:S/$/:local/}
--- a/lang/perl5.6/files/patch-CGI.pm
+++ b/lang/perl5.6/files/patch-CGI.pm
@ -0,0 +1,15 @@
+--- lib/CGI.pm.orig	Tue Sep 30 10:16:33 2003
+++ lib/CGI.pm	Tue Sep 30 10:20:35 2003
+@@ -1497,8 +1497,10 @@ sub startform {
+     $method = lc($method) || 'post';
+     $enctype = $enctype || &URL_ENCODED;
+     unless (defined $action) {
+-       $action = $self->url(-absolute=>1,-path=>1);
+-       $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
+       $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
+       if (length($ENV{QUERY_STRING})>0) {
+           $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
+       }
+     }
+     $action = qq(action="$action");
+     my($other) = @other ? " @other" : '';
--- a/lang/perl5.8/Makefile
+++ b/lang/perl5.8/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	perl
 PORTVERSION=	${PERL_VER}
-PORTREVISION=	7
+PORTREVISION=	8
 CATEGORIES=	lang devel perl5
 MASTER_SITES=	${MASTER_SITE_PERL_CPAN} \
 		${MASTER_SITE_LOCAL:S/$/:local/} \
--- a/lang/perl5.8/files/patch-CGI.pm
+++ b/lang/perl5.8/files/patch-CGI.pm
@ -0,0 +1,15 @@
+--- lib/CGI.pm.orig	Tue Sep 30 10:17:22 2003
+++ lib/CGI.pm	Tue Sep 30 10:20:20 2003
+@@ -1532,8 +1532,10 @@ sub startform {
+     $method = lc($method) || 'post';
+     $enctype = $enctype || &URL_ENCODED;
+     unless (defined $action) {
+-       $action = $self->url(-absolute=>1,-path=>1);
+-       $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
+       $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
+       if (length($ENV{QUERY_STRING})>0) {
+           $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
+       }
+     }
+     $action = qq(action="$action");
+     my($other) = @other ? " @other" : '';
--- a/lang/perl5/Makefile
+++ b/lang/perl5/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	perl
 PORTVERSION=	${PERL_VER}
-PORTREVISION=	13
+PORTREVISION=	14
 CATEGORIES=	lang devel perl5
 MASTER_SITES=	${MASTER_SITE_PERL_CPAN} \
 		${MASTER_SITE_LOCAL:S/$/:local/}
--- a/lang/perl5/files/patch-CGI.pm
+++ b/lang/perl5/files/patch-CGI.pm
@ -0,0 +1,15 @@
+--- lib/CGI.pm.orig	Tue Sep 30 10:16:33 2003
+++ lib/CGI.pm	Tue Sep 30 10:20:35 2003
+@@ -1497,8 +1497,10 @@ sub startform {
+     $method = lc($method) || 'post';
+     $enctype = $enctype || &URL_ENCODED;
+     unless (defined $action) {
+-       $action = $self->url(-absolute=>1,-path=>1);
+-       $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
+       $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
+       if (length($ENV{QUERY_STRING})>0) {
+           $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
+       }
+     }
+     $action = qq(action="$action");
+     my($other) = @other ? " @other" : '';