$NetBSD: patch-aq,v 1.1 2008/07/25 02:55:27 tonnerre Exp $
--- postgresql/old/search_form.cgi.orig 2007-09-21 23:26:53.000000000 +0200
+++ postgresql/old/search_form.cgi
@@ -6,7 +6,8 @@ require './postgresql-lib.pl';
&can_edit_db($in{'db'}) || &error($text{'dbase_ecannot'});
@str = &table_structure($in{'db'}, $in{'table'});
-$desc = &text('table_header', "$in{'table'}", "$in{'db'}");
+$desc = &text('table_header', "" . &html_escape($in{'table'}) . "",
+ "" . &html_escape($in{'db'}) . "");
&ui_print_header($desc, $text{'adv_title'}, "");
print &ui_form_start("view_table.cgi", "post");
@@ -30,13 +31,13 @@ print "\n";
print &ui_form_end([ [ "advanced", $text{'adv_ok'} ] ]);
if ($access{'edonly'}) {
- &ui_print_footer("edit_dbase.cgi?db=$in{'db'}",$text{'dbase_return'},
- "", $text{'index_return'});
+ &ui_print_footer("edit_dbase.cgi?db=" . &urlize($in{'db'}),
+ $text{'dbase_return'}, "", $text{'index_return'});
}
else {
- &ui_print_footer("edit_table.cgi?db=$in{'db'}&table=$in{'table'}",
- $text{'table_return'},
- "edit_dbase.cgi?db=$in{'db'}", $text{'dbase_return'},
- "", $text{'index_return'});
+ &ui_print_footer("edit_table.cgi?db=" . &urlize($in{'db'}) .
+ "&table=" . &urlize($in{'table'}), $text{'table_return'},
+ "edit_dbase.cgi?db=" . &urlize($in{'db'}),
+ $text{'dbase_return'}, "", $text{'index_return'});
}