escape HTML entities when showing in printable format

[staff.git] / shift.cgi

diff --git a/shift.cgi b/shift.cgi
index 6738b82..303cce7 100755 (executable)
--- a/shift.cgi
+++ b/shift.cgi
@@ -2,7 +2,7 @@
 #!/usr/bin/perl -Tw
 # (Text::Template can't do -T, but no user input is used dangerously)
 #
-# $Id: shift.cgi,v 1.5 2002-07-10 01:08:49 ivan Exp $
+# $Id: shift.cgi,v 1.6 2003-07-30 22:16:36 ivan Exp $
 #
 # Copyright (C) 2000 Adam Gould
 # Copyright (C) 2000 Michal Migurski
@@ -49,6 +49,7 @@ use Text::Template;
 use Mail::Internet;
 use Mail::Header;
 use Date::Format;
+use HTML::Entities;
 
 $cgi = new CGI;
 
@@ -209,7 +210,7 @@ sub form {
 
 sub inputbox {
   my $field = shift;
-  return $shifthash{$field} || " "
+  return encode_entities($shifthash{$field}) || " "
     if $magic eq 'print';
   $shifthash{$field}='' unless defined $shifthash{$field};
   $warning{$field}='' unless defined $warning{$field};