From 3c7fb6a60c385fece59ef0bc663cfcf1b3c6ae9c Mon Sep 17 00:00:00 2001
From: ivan <ivan>
Date: Wed, 30 Jul 2003 22:16:36 +0000
Subject: [PATCH] escape HTML entities when showing in printable format

---
 shift.cgi | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/shift.cgi b/shift.cgi
index 6738b82..303cce7 100755
--- a/shift.cgi
+++ b/shift.cgi
@@ -2,7 +2,7 @@
 #!/usr/bin/perl -Tw
 # (Text::Template can't do -T, but no user input is used dangerously)
 #
-# $Id: shift.cgi,v 1.5 2002-07-10 01:08:49 ivan Exp $
+# $Id: shift.cgi,v 1.6 2003-07-30 22:16:36 ivan Exp $
 #
 # Copyright (C) 2000 Adam Gould
 # Copyright (C) 2000 Michal Migurski
@@ -49,6 +49,7 @@ use Text::Template;
 use Mail::Internet;
 use Mail::Header;
 use Date::Format;
+use HTML::Entities;
 
 $cgi = new CGI;
 
@@ -209,7 +210,7 @@ sub form {
 
 sub inputbox {
   my $field = shift;
-  return $shifthash{$field} || "&nbsp;"
+  return encode_entities($shifthash{$field}) || "&nbsp;"
     if $magic eq 'print';
   $shifthash{$field}='' unless defined $shifthash{$field};
   $warning{$field}='' unless defined $warning{$field};
-- 
2.11.0