escape HTML entities when showing in printable format

author ivan <ivan>

Wed, 30 Jul 2003 22:16:36 +0000 (22:16 +0000)

committer ivan <ivan>

Wed, 30 Jul 2003 22:16:36 +0000 (22:16 +0000)
author ivan <ivan>
Wed, 30 Jul 2003 22:16:36 +0000 (22:16 +0000)
committer ivan <ivan>
Wed, 30 Jul 2003 22:16:36 +0000 (22:16 +0000)
diff --git a/shift.cgi b/shift.cgi

index 6738b82..303cce7 100755 (executable)
--- a/shift.cgi
+++ b/shift.cgi
@@ -2,7 +2,7 @@
  #!/usr/bin/perl -Tw
  # (Text::Template can't do -T, but no user input is used dangerously)
  #
-# $Id: shift.cgi,v 1.5 2002-07-10 01:08:49 ivan Exp $
+# $Id: shift.cgi,v 1.6 2003-07-30 22:16:36 ivan Exp $
  #
  # Copyright (C) 2000 Adam Gould
  # Copyright (C) 2000 Michal Migurski
@@ -49,6 +49,7 @@ use Text::Template;
  use Mail::Internet;
  use Mail::Header;
  use Date::Format;
+use HTML::Entities;
  
  $cgi = new CGI;
  
@@ -209,7 +210,7 @@ sub form {
  
  sub inputbox {
    my $field = shift;
-  return $shifthash{$field} || "&nbsp;"
+  return encode_entities($shifthash{$field}) || "&nbsp;"
      if $magic eq 'print';
    $shifthash{$field}='' unless defined $shifthash{$field};
    $warning{$field}='' unless defined $warning{$field};