diff options
Diffstat (limited to '')
| -rwxr-xr-x | delete_poll.rb | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/delete_poll.rb b/delete_poll.rb index 93458cc..6f2e506 100755 --- a/delete_poll.rb +++ b/delete_poll.rb @@ -31,7 +31,7 @@ QUESTIONS = [ "phahqu3Uib4neiRi", _("I am aware of the consequences."), _("Please delete this poll.")] -USERCONFIRM = $cgi["confirm"].strip +USERCONFIRM = CGI.escapeHTML($cgi["confirm"].strip) if $cgi.include?("confirmnumber") CONFIRM = $cgi["confirmnumber"].to_i if USERCONFIRM == QUESTIONS[CONFIRM] @@ -107,9 +107,9 @@ $d.html << %{ #{hint} <form method='post' action='' accept-charset='utf-8'> <div> - <input type='hidden' name='confirmnumber' value='#{CONFIRM}' /> - <input size='30' type='text' name='confirm' value='#{USERCONFIRM}' /> - <input type='submit' value='#{deletestr}' /> + <input type='hidden' name='confirmnumber' value="#{CONFIRM}" /> + <input size='30' type='text' name='confirm' value="#{USERCONFIRM}" /> + <input type='submit' value="#{deletestr}" /> </div> </form> } |