8c1a9ff695
CGI::start_form. The escape code is taken from CGI.pm v.3.00. PR: 57391 Reported by: IIJIMA Hiromitsu <delmonta@ht.sakura.ne.jp>
16 lines
634 B
Perl
16 lines
634 B
Perl
--- lib/CGI.pm.orig Tue Sep 30 10:16:33 2003
|
|
+++ lib/CGI.pm Tue Sep 30 10:20:35 2003
|
|
@@ -1497,8 +1497,10 @@ sub startform {
|
|
$method = lc($method) || 'post';
|
|
$enctype = $enctype || &URL_ENCODED;
|
|
unless (defined $action) {
|
|
- $action = $self->url(-absolute=>1,-path=>1);
|
|
- $action .= "?$ENV{QUERY_STRING}" if $ENV{QUERY_STRING};
|
|
+ $action = $self->escapeHTML($self->url(-absolute=>1,-path=>1));
|
|
+ if (length($ENV{QUERY_STRING})>0) {
|
|
+ $action .= "?".$self->escapeHTML($ENV{QUERY_STRING},1);
|
|
+ }
|
|
}
|
|
$action = qq(action="$action");
|
|
my($other) = @other ? " @other" : '';
|