diff options
author | Yorhel <git@yorhel.nl> | 2015-07-22 16:07:22 +0200 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2015-07-22 16:07:22 +0200 |
commit | d60a2e3749b3bcaf6cbd4fa6bd63c61615287a34 (patch) | |
tree | b7fe652fbc28866c16bf7d35ca924879539190ff | |
parent | 206e791b87e58f44d379a09544ec86069646d0d5 (diff) |
Util::BrowseHTML: Fix XSS in "order by" link URLs
Reported by dim0k at https://www.xssposed.org/incidents/74523/
-rw-r--r-- | lib/VNDB/Util/BrowseHTML.pm | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/VNDB/Util/BrowseHTML.pm b/lib/VNDB/Util/BrowseHTML.pm index aca7b8e6..b54ad5d9 100644 --- a/lib/VNDB/Util/BrowseHTML.pm +++ b/lib/VNDB/Util/BrowseHTML.pm @@ -54,8 +54,8 @@ sub htmlBrowse { lit $opt{header}[$_][0]; if($opt{header}[$_][1]) { lit ' '; - lit $opt{options}{s} eq $opt{header}[$_][1] && $opt{options}{o} eq 'a' ? "\x{25B4}" : qq|<a href="$opt{sorturl}o=a;s=$opt{header}[$_][1]">\x{25B4}</a>|; - lit $opt{options}{s} eq $opt{header}[$_][1] && $opt{options}{o} eq 'd' ? "\x{25BE}" : qq|<a href="$opt{sorturl}o=d;s=$opt{header}[$_][1]">\x{25BE}</a>|; + $opt{options}{s} eq $opt{header}[$_][1] && $opt{options}{o} eq 'a' ? lit "\x{25B4}" : a href => "$opt{sorturl}o=a;s=$opt{header}[$_][1]", "\x{25B4}"; + $opt{options}{s} eq $opt{header}[$_][1] && $opt{options}{o} eq 'd' ? lit "\x{25BE}" : a href => "$opt{sorturl}o=d;s=$opt{header}[$_][1]", "\x{25BE}"; } end; } |