summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2015-07-22 16:07:22 +0200
committerYorhel <git@yorhel.nl>2015-07-22 16:07:22 +0200
commitd60a2e3749b3bcaf6cbd4fa6bd63c61615287a34 (patch)
treeb7fe652fbc28866c16bf7d35ca924879539190ff
parent206e791b87e58f44d379a09544ec86069646d0d5 (diff)
Util::BrowseHTML: Fix XSS in "order by" link URLs
Reported by dim0k at https://www.xssposed.org/incidents/74523/
-rw-r--r--lib/VNDB/Util/BrowseHTML.pm4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/VNDB/Util/BrowseHTML.pm b/lib/VNDB/Util/BrowseHTML.pm
index aca7b8e6..b54ad5d9 100644
--- a/lib/VNDB/Util/BrowseHTML.pm
+++ b/lib/VNDB/Util/BrowseHTML.pm
@@ -54,8 +54,8 @@ sub htmlBrowse {
lit $opt{header}[$_][0];
if($opt{header}[$_][1]) {
lit ' ';
- lit $opt{options}{s} eq $opt{header}[$_][1] && $opt{options}{o} eq 'a' ? "\x{25B4}" : qq|<a href="$opt{sorturl}o=a;s=$opt{header}[$_][1]">\x{25B4}</a>|;
- lit $opt{options}{s} eq $opt{header}[$_][1] && $opt{options}{o} eq 'd' ? "\x{25BE}" : qq|<a href="$opt{sorturl}o=d;s=$opt{header}[$_][1]">\x{25BE}</a>|;
+ $opt{options}{s} eq $opt{header}[$_][1] && $opt{options}{o} eq 'a' ? lit "\x{25B4}" : a href => "$opt{sorturl}o=a;s=$opt{header}[$_][1]", "\x{25B4}";
+ $opt{options}{s} eq $opt{header}[$_][1] && $opt{options}{o} eq 'd' ? lit "\x{25BE}" : a href => "$opt{sorturl}o=d;s=$opt{header}[$_][1]", "\x{25BE}";
}
end;
}