UCW::CGI: html_escape() should escape single quotes, too

author Martin Mares <mj@ucw.cz>

Mon, 19 Jul 2010 18:48:11 +0000 (20:48 +0200)

committer Martin Mares <mj@ucw.cz>

Wed, 18 Aug 2010 16:12:39 +0000 (18:12 +0200)
author Martin Mares <mj@ucw.cz>
Mon, 19 Jul 2010 18:48:11 +0000 (20:48 +0200)
committer Martin Mares <mj@ucw.cz>
Wed, 18 Aug 2010 16:12:39 +0000 (18:12 +0200)
diff --git a/ucw/perl/UCW/CGI.pm b/ucw/perl/UCW/CGI.pm

index af5e2c5c6a33d7b824bc2d8b1e9952615d1875b5..10650729ede9911c81b5d0e88ff3ded2ccdd0867 100644 (file)
--- a/ucw/perl/UCW/CGI.pm
+++ b/ucw/perl/UCW/CGI.pm
@@ -1,6 +1,6 @@
  #      Poor Man's CGI Module for Perl
  #
-#      (c) 2002--2009 Martin Mares <mj@ucw.cz>
+#      (c) 2002--2010 Martin Mares <mj@ucw.cz>
  #      Slightly modified by Tomas Valla <tom@ucw.cz>
  #
  #      This software may be freely distributed and used according to the terms
@@ -93,6 +93,7 @@ sub html_escape($) {
         $x =~ s/</&lt;/g;
         $x =~ s/>/&gt;/g;
         $x =~ s/"/&quot;/g;
+       $x =~ s/'/&#39;/g;
         return $x;
  }
author	Martin Mares <mj@ucw.cz>
	Mon, 19 Jul 2010 18:48:11 +0000 (20:48 +0200)
committer	Martin Mares <mj@ucw.cz>
	Wed, 18 Aug 2010 16:12:39 +0000 (18:12 +0200)