diff options
Diffstat (limited to '')
-rwxr-xr-x | config_poll.rb | 2 | ||||
-rw-r--r-- | poll.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/config_poll.rb b/config_poll.rb index 93778e8..cf50a79 100755 --- a/config_poll.rb +++ b/config_poll.rb @@ -79,7 +79,7 @@ $htmlout += <<INVITEDELETE <legend>invite/delete participant</legend> <form method='post' action='config.cgi'> <div> - <input size='16' value='#{$cgi["invite_delete"]}' type='text' name='invite_delete' /> + <input size='16' value="#{CGI.escapeHTML($cgi["invite_delete"])}" type='text' name='invite_delete' /> <input type='submit' value='invite/delete' /> </div> </form> @@ -254,7 +254,7 @@ END name = "Anonymous ##{maximum + 1}" end htmlname = CGI.escapeHTML(name) - @data.delete(CGI.escapeHTML($edituser)) + @data.delete(CGI.escapeHTML($edituser)) if $edituser $edituser = htmlname @data[htmlname] = {"timestamp" => Time.now } @head.each_key{|columntitle| |