diff options
-rwxr-xr-x | buglist.cgi | 14 | ||||
-rwxr-xr-x | process_bug.cgi | 3 |
2 files changed, 11 insertions, 6 deletions
diff --git a/buglist.cgi b/buglist.cgi index 0f6dbed41..2b2a394bf 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -85,7 +85,7 @@ sub SqlifyDate { } my $date = str2time($str); if (!defined $date) { - PuntTryAgain("The string '<tt>$str</tt>' is not a legal date."); + PuntTryAgain("The string '<tt>".html_quote($str)."</tt>' is not a legal date."); } return time2str("%Y/%m/%d %H:%M:%S", $date); } @@ -172,7 +172,8 @@ sub GenerateSQL { if ($c ne "") { if ($c !~ /^[0-9]*$/) { return Error("The 'At least ___ votes' field must be a\n" . - "simple number. You entered \"$c\", which\n" . + "simple number. You entered \"" . + html_quote($c) . "\", which\n" . "doesn't cut it."); } push(@specialchart, ["votes", "greaterthan", $c - 1]); @@ -250,7 +251,8 @@ sub GenerateSQL { push(@specialchart, \@clist); } else { return Error("You must specify one or more fields in which to\n" . - "search for <tt>$email</tt>.\n"); + "search for <tt>" . + html_quote($email) . "</tt>.\n"); } } @@ -260,7 +262,8 @@ sub GenerateSQL { if ($c ne "") { if ($c !~ /^[0-9]*$/) { return Error("The 'changed in last ___ days' field must be\n" . - "a simple number. You entered \"$c\", which\n" . + "a simple number. You entered \"" . + html_quote($c) . "\", which\n" . "doesn't cut it."); } push(@specialchart, ["changedin", @@ -428,7 +431,8 @@ sub GenerateSQL { if ($id) { push(@list, "$table.keywordid = $id"); } else { - return Error("Unknown keyword named <code>$v</code>.\n" . + return Error("Unknown keyword named <code>" . + html_quote($v) . "</code>.\n" . "<P>The legal keyword names are\n" . "<A HREF=describekeywords.cgi>" . "listed here</A>.\n"); diff --git a/process_bug.cgi b/process_bug.cgi index 82e9cb988..53ec8d9da 100755 --- a/process_bug.cgi +++ b/process_bug.cgi @@ -749,7 +749,8 @@ if ($::FORM{'keywords'}) { } my $i = GetKeywordIdFromName($keyword); if (!$i) { - PuntTryAgain("Unknown keyword named <code>$keyword</code>. " . + PuntTryAgain("Unknown keyword named <code>" . + html_quote($keyword) . "</code>. " . "<P>The legal keyword names are " . "<A HREF=describekeywords.cgi>" . "listed here</A>."); |