Add a patch to properly escape generated action attribute in
CGI::start_form. The escape code is taken from CGI.pm v.3.00. PR: 57391 Reported by: IIJIMA Hiromitsu <delmonta@ht.sakura.ne.jp>
This commit is contained in:
parent
1a52184ea3
commit
8c1a9ff695
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=89884
@ -7,7 +7,7 @@
|
||||
|
||||
PORTNAME= perl
|
||||
PORTVERSION= ${PERL_VER}
|
||||
PORTREVISION= 7
|
||||
PORTREVISION= 8
|
||||
CATEGORIES= lang devel perl5
|
||||
MASTER_SITES= ${MASTER_SITE_PERL_CPAN} \
|
||||
${MASTER_SITE_LOCAL:S/$/:local/} \
|
||||
|
15
lang/perl5.10/files/patch-CGI.pm
Normal file
15
lang/perl5.10/files/patch-CGI.pm
Normal file
@ -0,0 +1,15 @@
|
||||
--- lib/CGI.pm.orig Tue Sep 30 10:17:22 2003
|
||||
+++ lib/CGI.pm Tue Sep 30 10:20:20 2003
|
||||
@@ -1532,8 +1532,10 @@ sub startform {
|
||||
$method = lc($method) || 'post';
|
||||
$enctype = $enctype || &URL_ENCODED;
|
||||
unless (defined $action) {
|
||||
- $action = $self->url(-absolute=>1,-path=>1);
|
||||
- $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
|
||||
+ $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
|
||||
+ if (length($ENV{QUERY_STRING})>0) {
|
||||
+ $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
|
||||
+ }
|
||||
}
|
||||
$action = qq(action="$action");
|
||||
my($other) = @other ? " @other" : '';
|
@ -7,7 +7,7 @@
|
||||
|
||||
PORTNAME= perl
|
||||
PORTVERSION= ${PERL_VER}
|
||||
PORTREVISION= 7
|
||||
PORTREVISION= 8
|
||||
CATEGORIES= lang devel perl5
|
||||
MASTER_SITES= ${MASTER_SITE_PERL_CPAN} \
|
||||
${MASTER_SITE_LOCAL:S/$/:local/} \
|
||||
|
15
lang/perl5.12/files/patch-CGI.pm
Normal file
15
lang/perl5.12/files/patch-CGI.pm
Normal file
@ -0,0 +1,15 @@
|
||||
--- lib/CGI.pm.orig Tue Sep 30 10:17:22 2003
|
||||
+++ lib/CGI.pm Tue Sep 30 10:20:20 2003
|
||||
@@ -1532,8 +1532,10 @@ sub startform {
|
||||
$method = lc($method) || 'post';
|
||||
$enctype = $enctype || &URL_ENCODED;
|
||||
unless (defined $action) {
|
||||
- $action = $self->url(-absolute=>1,-path=>1);
|
||||
- $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
|
||||
+ $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
|
||||
+ if (length($ENV{QUERY_STRING})>0) {
|
||||
+ $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
|
||||
+ }
|
||||
}
|
||||
$action = qq(action="$action");
|
||||
my($other) = @other ? " @other" : '';
|
@ -7,7 +7,7 @@
|
||||
|
||||
PORTNAME= perl
|
||||
PORTVERSION= ${PERL_VER}
|
||||
PORTREVISION= 7
|
||||
PORTREVISION= 8
|
||||
CATEGORIES= lang devel perl5
|
||||
MASTER_SITES= ${MASTER_SITE_PERL_CPAN} \
|
||||
${MASTER_SITE_LOCAL:S/$/:local/} \
|
||||
|
15
lang/perl5.14/files/patch-CGI.pm
Normal file
15
lang/perl5.14/files/patch-CGI.pm
Normal file
@ -0,0 +1,15 @@
|
||||
--- lib/CGI.pm.orig Tue Sep 30 10:17:22 2003
|
||||
+++ lib/CGI.pm Tue Sep 30 10:20:20 2003
|
||||
@@ -1532,8 +1532,10 @@ sub startform {
|
||||
$method = lc($method) || 'post';
|
||||
$enctype = $enctype || &URL_ENCODED;
|
||||
unless (defined $action) {
|
||||
- $action = $self->url(-absolute=>1,-path=>1);
|
||||
- $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
|
||||
+ $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
|
||||
+ if (length($ENV{QUERY_STRING})>0) {
|
||||
+ $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
|
||||
+ }
|
||||
}
|
||||
$action = qq(action="$action");
|
||||
my($other) = @other ? " @other" : '';
|
@ -7,7 +7,7 @@
|
||||
|
||||
PORTNAME= perl
|
||||
PORTVERSION= ${PERL_VER}
|
||||
PORTREVISION= 7
|
||||
PORTREVISION= 8
|
||||
CATEGORIES= lang devel perl5
|
||||
MASTER_SITES= ${MASTER_SITE_PERL_CPAN} \
|
||||
${MASTER_SITE_LOCAL:S/$/:local/} \
|
||||
|
15
lang/perl5.16/files/patch-CGI.pm
Normal file
15
lang/perl5.16/files/patch-CGI.pm
Normal file
@ -0,0 +1,15 @@
|
||||
--- lib/CGI.pm.orig Tue Sep 30 10:17:22 2003
|
||||
+++ lib/CGI.pm Tue Sep 30 10:20:20 2003
|
||||
@@ -1532,8 +1532,10 @@ sub startform {
|
||||
$method = lc($method) || 'post';
|
||||
$enctype = $enctype || &URL_ENCODED;
|
||||
unless (defined $action) {
|
||||
- $action = $self->url(-absolute=>1,-path=>1);
|
||||
- $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
|
||||
+ $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
|
||||
+ if (length($ENV{QUERY_STRING})>0) {
|
||||
+ $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
|
||||
+ }
|
||||
}
|
||||
$action = qq(action="$action");
|
||||
my($other) = @other ? " @other" : '';
|
@ -7,7 +7,7 @@
|
||||
|
||||
PORTNAME= perl
|
||||
PORTVERSION= ${PERL_VER}
|
||||
PORTREVISION= 13
|
||||
PORTREVISION= 14
|
||||
CATEGORIES= lang devel perl5
|
||||
MASTER_SITES= ${MASTER_SITE_PERL_CPAN} \
|
||||
${MASTER_SITE_LOCAL:S/$/:local/}
|
||||
|
15
lang/perl5.6/files/patch-CGI.pm
Normal file
15
lang/perl5.6/files/patch-CGI.pm
Normal file
@ -0,0 +1,15 @@
|
||||
--- lib/CGI.pm.orig Tue Sep 30 10:16:33 2003
|
||||
+++ lib/CGI.pm Tue Sep 30 10:20:35 2003
|
||||
@@ -1497,8 +1497,10 @@ sub startform {
|
||||
$method = lc($method) || 'post';
|
||||
$enctype = $enctype || &URL_ENCODED;
|
||||
unless (defined $action) {
|
||||
- $action = $self->url(-absolute=>1,-path=>1);
|
||||
- $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
|
||||
+ $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
|
||||
+ if (length($ENV{QUERY_STRING})>0) {
|
||||
+ $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
|
||||
+ }
|
||||
}
|
||||
$action = qq(action="$action");
|
||||
my($other) = @other ? " @other" : '';
|
@ -7,7 +7,7 @@
|
||||
|
||||
PORTNAME= perl
|
||||
PORTVERSION= ${PERL_VER}
|
||||
PORTREVISION= 7
|
||||
PORTREVISION= 8
|
||||
CATEGORIES= lang devel perl5
|
||||
MASTER_SITES= ${MASTER_SITE_PERL_CPAN} \
|
||||
${MASTER_SITE_LOCAL:S/$/:local/} \
|
||||
|
15
lang/perl5.8/files/patch-CGI.pm
Normal file
15
lang/perl5.8/files/patch-CGI.pm
Normal file
@ -0,0 +1,15 @@
|
||||
--- lib/CGI.pm.orig Tue Sep 30 10:17:22 2003
|
||||
+++ lib/CGI.pm Tue Sep 30 10:20:20 2003
|
||||
@@ -1532,8 +1532,10 @@ sub startform {
|
||||
$method = lc($method) || 'post';
|
||||
$enctype = $enctype || &URL_ENCODED;
|
||||
unless (defined $action) {
|
||||
- $action = $self->url(-absolute=>1,-path=>1);
|
||||
- $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
|
||||
+ $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
|
||||
+ if (length($ENV{QUERY_STRING})>0) {
|
||||
+ $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
|
||||
+ }
|
||||
}
|
||||
$action = qq(action="$action");
|
||||
my($other) = @other ? " @other" : '';
|
@ -7,7 +7,7 @@
|
||||
|
||||
PORTNAME= perl
|
||||
PORTVERSION= ${PERL_VER}
|
||||
PORTREVISION= 13
|
||||
PORTREVISION= 14
|
||||
CATEGORIES= lang devel perl5
|
||||
MASTER_SITES= ${MASTER_SITE_PERL_CPAN} \
|
||||
${MASTER_SITE_LOCAL:S/$/:local/}
|
||||
|
15
lang/perl5/files/patch-CGI.pm
Normal file
15
lang/perl5/files/patch-CGI.pm
Normal file
@ -0,0 +1,15 @@
|
||||
--- lib/CGI.pm.orig Tue Sep 30 10:16:33 2003
|
||||
+++ lib/CGI.pm Tue Sep 30 10:20:35 2003
|
||||
@@ -1497,8 +1497,10 @@ sub startform {
|
||||
$method = lc($method) || 'post';
|
||||
$enctype = $enctype || &URL_ENCODED;
|
||||
unless (defined $action) {
|
||||
- $action = $self->url(-absolute=>1,-path=>1);
|
||||
- $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
|
||||
+ $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
|
||||
+ if (length($ENV{QUERY_STRING})>0) {
|
||||
+ $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
|
||||
+ }
|
||||
}
|
||||
$action = qq(action="$action");
|
||||
my($other) = @other ? " @other" : '';
|
Loading…
Reference in New Issue
Block a user