diff options
author | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2019-01-07 22:03:42 +0100 |
---|---|---|
committer | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2019-01-07 22:03:42 +0100 |
commit | 89afd0a64110710c135b558614cdd755a181349b (patch) | |
tree | fa7a3be955e2abea55cf77161189080258db90ee | |
parent | 4429d6269252a329fa579e19ff1a32ce694a5a4d (diff) |
code refactoring: better output encoding
-rw-r--r-- | config_sample.rb | 2 | ||||
-rwxr-xr-x | error.cgi | 7 | ||||
-rwxr-xr-x | maintenance.cgi | 5 | ||||
-rw-r--r-- | timepollhead.rb | 4 | ||||
-rw-r--r-- | timestring.rb | 2 |
5 files changed, 5 insertions, 15 deletions
diff --git a/config_sample.rb b/config_sample.rb index 0000e15..833bcab 100644 --- a/config_sample.rb +++ b/config_sample.rb @@ -76,7 +76,7 @@ #}.reverse.collect{|f| f.gsub(/\/data\.yaml$/,'') }.each{|site| # $conf.indexnotice += <<INDEXNOTICE #<tr class='participantrow'> -# <td class='polls'><a href='./#{CGI.escapeHTML(site).gsub("'","%27")}/'>#{CGI.escapeHTML(site)}</a></td> +# <td class='polls'><a href='./#{CGI.escape(site)}/'>#{CGI.escapeHTML(site)}</a></td> # <td class='mtime'>#{File.new(site + "/data.yaml").mtime.strftime('%d.%m, %H:%M')}</td> #</tr> #INDEXNOTICE @@ -27,11 +27,6 @@ else $d = Dudle.new(:title => _("Error"), :hide_lang_chooser => true, :load_extensions => false) end -def urlescape(str) - CGI.escapeHTML(CGI.escape(str).gsub("+","%20")) -end - - if File.exists?($conf.errorlog) begin a = File.open($conf.errorlog,"r").to_a @@ -50,7 +45,7 @@ end errormessagebody = _("Hi!\n\nI found a bug in your application at %{urlofsite}.\nI did the following:\n\n<please describe what you did>\n<e.g., I wanted to post a comment to the poll.>\n\nI am using <please state your browser and operating system>\n%{errormessage}\nSincerely,\n") % {:errormessage => errormessage, :urlofsite => $conf.siteurl} subject = _("Bug in Dudle") - $d << _("An error occurred while executing Dudle.<br/>Please send an error report, including your browser, operating system, and what you did to %{admin}.") % {:admin => "<a href='mailto:#{$conf.bugreportmail}?subject=#{urlescape(subject)}&body=#{urlescape(errormessagebody)}'>#{$conf.bugreportmail}</a>"} + $d << _("An error occurred while executing Dudle.<br/>Please send an error report, including your browser, operating system, and what you did to %{admin}.") % {:admin => "<a href='mailto:#{$conf.bugreportmail}?subject=#{CGI.escape(subject)}&body=#{CGI.escape(errormessagebody)}'>#{$conf.bugreportmail}</a>"} if (errorstr) errorheadstr = _("Please include the following as well:") diff --git a/maintenance.cgi b/maintenance.cgi index 3c5d233..a4c4e31 100755 --- a/maintenance.cgi +++ b/maintenance.cgi @@ -27,11 +27,6 @@ else $d = Dudle.new(:title => _("Maintenance"), :hide_lang_chooser => true) end -def urlescape(str) - CGI.escapeHTML(CGI.escape(str).gsub("+","%20")) -end - - if File.exists?("maintenance.html") $d << _("This site is currently undergoing maintenance!") $d << File.open("maintenance.html","r").read diff --git a/timepollhead.rb b/timepollhead.rb index 524dcab..c1c755e 100644 --- a/timepollhead.rb +++ b/timepollhead.rb @@ -403,7 +403,7 @@ END hiddenvars += "<input type='hidden' name='columnid' value=\"#{TimeString.new(day,nil)}\" />" end end - ret += "<td>" + add_remove_button(klasse, chosenstr[klasse], "columntime", CGI.escapeHTML(timestamp.time_to_s.to_s), revision, hiddenvars) + "</td>" + ret += "<td>" + add_remove_button(klasse, chosenstr[klasse], "columntime", CGI.escapeHTML(timestamp.time_to_s), revision, hiddenvars) + "</td>" } ret += "</tr>\n" @@ -423,7 +423,7 @@ END <input type='hidden' name='undo_revision' value='#{revision}' /> END if @data.include?(TimeString.new(d,nil)) - ret += "<input type='hidden' name='columnid' value='#{TimeString.new(d,nil).to_s}' />" + ret += "<input type='hidden' name='columnid' value='#{TimeString.new(d,nil)}' />" end addstr = _("Add") hintstr = _("e. g., 09:30, morning, afternoon") diff --git a/timestring.rb b/timestring.rb index 3fd0eb1..d93eb81 100644 --- a/timestring.rb +++ b/timestring.rb @@ -72,7 +72,7 @@ class TimeString end def to_s if @time - "#{@date} #{time_to_s}" + "#{CGI.escapeHTML(@date.to_s)} #{time_to_s}" else CGI.escapeHTML(@date.to_s) end |