diff options
| -rw-r--r-- | CGI.pl | 12 | ||||
| -rw-r--r-- | globals.pl | 2 |
2 files changed, 10 insertions, 4 deletions
@@ -854,8 +854,10 @@ sub ThrowCodeError { SendSQL("UNLOCK TABLES") if $unlock_tables; # Copy the extra_vars into the vars hash - @::vars{keys %$extra_vars} = values %$extra_vars; - + foreach my $var (keys %$extra_vars) { + $vars->{$var} = $extra_vars->{$var}; + } + # We may one day log something to file here also. $vars->{'variables'} = $extra_vars; @@ -873,8 +875,10 @@ sub ThrowUserError { SendSQL("UNLOCK TABLES") if $unlock_tables; # Copy the extra_vars into the vars hash - @::vars{keys %$extra_vars} = values %$extra_vars; - + foreach my $var (keys %$extra_vars) { + $vars->{$var} = $extra_vars->{$var}; + } + print "Content-type: text/html\n\n" if !$vars->{'header_done'}; $template->process("global/user-error.html.tmpl", $vars) || ThrowTemplateError($template->error()); diff --git a/globals.pl b/globals.pl index 64031bc85..a6a751562 100644 --- a/globals.pl +++ b/globals.pl @@ -1637,6 +1637,8 @@ sub GetFormat { # Security - allow letters and a hyphen only $ctype =~ s/[^a-zA-Z\-]//g; $format =~ s/[^a-zA-Z\-]//g; + trick_taint($ctype); + trick_taint($format); $template .= ($format ? "-$format" : ""); $template .= ".$ctype.tmpl"; |