From d60a2e3749b3bcaf6cbd4fa6bd63c61615287a34 Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Wed, 22 Jul 2015 16:07:22 +0200
Subject: Util::BrowseHTML: Fix XSS in "order by" link URLs

Reported by dim0k at https://www.xssposed.org/incidents/74523/
---
 lib/VNDB/Util/BrowseHTML.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/VNDB/Util')

diff --git a/lib/VNDB/Util/BrowseHTML.pm b/lib/VNDB/Util/BrowseHTML.pm
index aca7b8e6..b54ad5d9 100644
--- a/lib/VNDB/Util/BrowseHTML.pm
+++ b/lib/VNDB/Util/BrowseHTML.pm
@@ -54,8 +54,8 @@ sub htmlBrowse {
              lit $opt{header}[$_][0];
              if($opt{header}[$_][1]) {
                lit ' ';
-               lit $opt{options}{s} eq $opt{header}[$_][1] && $opt{options}{o} eq 'a' ? "\x{25B4}" : qq|<a href="$opt{sorturl}o=a;s=$opt{header}[$_][1]">\x{25B4}</a>|;
-               lit $opt{options}{s} eq $opt{header}[$_][1] && $opt{options}{o} eq 'd' ? "\x{25BE}" : qq|<a href="$opt{sorturl}o=d;s=$opt{header}[$_][1]">\x{25BE}</a>|;
+               $opt{options}{s} eq $opt{header}[$_][1] && $opt{options}{o} eq 'a' ? lit "\x{25B4}" : a href => "$opt{sorturl}o=a;s=$opt{header}[$_][1]", "\x{25B4}";
+               $opt{options}{s} eq $opt{header}[$_][1] && $opt{options}{o} eq 'd' ? lit "\x{25BE}" : a href => "$opt{sorturl}o=d;s=$opt{header}[$_][1]", "\x{25BE}";
              }
             end;
           }
-- 
cgit v1.2.3