header.pl: Create new escape function that uses HTML::Entities.

This partly replaces cleanhtml(), which is kept for backwards-compatibility and for a special case.
2026-04-10 02:55:55 +02:00 · 2013-08-20 11:05:28 +02:00
parent 9e78ce6142
commit 8b33e596c4
1 changed files with 9 additions and 8 deletions
--- a/config/cfgroot/header.pl
+++ b/config/cfgroot/header.pl
@@ -12,6 +12,7 @@
 package Header;

 use CGI();
+use HTML::Entities();
 use Socket;
 use Time::Local;

@@ -305,16 +306,16 @@ sub IpInSubnet
    return (($ip >= $start) && ($ip <= $end));
 }

-sub cleanhtml
-{
+sub escape($) {
+	my $s = shift;
+	return HTML::Entities::encode_entities($s);
+}
+
+sub cleanhtml {
 	my $outstring =$_[0];
 	$outstring =~ tr/,/ / if not defined $_[1] or $_[1] ne 'y';
-	$outstring =~ s/&/&amp;/g;
-	$outstring =~ s/\'/&#039;/g;
-	$outstring =~ s/\"/&quot;/g; #" This is just a workaround for the syntax highlighter
-	$outstring =~ s/</&lt;/g;
-	$outstring =~ s/>/&gt;/g;
-	return $outstring;
+
+	return escape($outstring);
 }

 sub connectionstatus