$NetBSD: patch-ax,v 1.1 2008/07/25 02:55:27 tonnerre Exp $ --- htaccess-htpasswd/search.cgi.orig 2007-09-21 23:28:30.000000000 +0200 +++ htaccess-htpasswd/search.cgi @@ -19,7 +19,8 @@ $in{'search'} =~ /^\// && $in{'search'} @dirs = &list_directories(); %got = map { ( "$_->[0]/$config{'htaccess'}", 1 ) } @dirs; -print "",&text('search_doing', "$in{'search'}"),"

\n"; +print "",&text('search_doing', "" . &html_escape($in{'search'}) . + ""), "

\n"; # Use the find command &switch_user(); @@ -28,24 +29,28 @@ open(FIND, "find ".quotemeta($in{'search while($f = ) { chop($f); if ($got{$f}) { - print &text('search_already', "$f"),"
\n"; + print &text('search_already', "" . &html_escape($f) . + ""),"
\n"; } elsif (!open(TEST, $f)) { - print &text('search_open', "$f", $!),"
\n"; + print &text('search_open', "" . &html_escape($f) . "", + $!),"
\n"; } else { $conf = &foreign_call($apachemod, "get_htaccess_config", $f); $currfile = &foreign_call($apachemod, "find_directive", "AuthUserFile", $conf, 1); if ($currfile) { - print &text('search_found', "$f", - "$currfile"),"
\n"; + print &text('search_found', "" . &html_escape($f) . + "", "" . &html_escape($currfile) . + ""),"
\n"; local $d = $f; $d =~ s/\/$config{'htaccess'}$//; push(@dirs, [ $d, $currfile ]); } else { - print &text('search_noprot', "$f"),"
\n"; + print &text('search_noprot', "" . + &html_escape($f) . ""),"
\n"; } } }