IE6、7で不正なバイトが挿入された場合にXSSが発生しうる問題を修正するため、いったんUTF-8に変換するようにした。

author takezoe <takezoe@users.osdn.me>

Sat, 13 Aug 2011 04:14:54 +0000 (04:14 +0000)

committer takezoe <takezoe@users.osdn.me>

Sat, 13 Aug 2011 04:14:54 +0000 (04:14 +0000)
author takezoe <takezoe@users.osdn.me>
Sat, 13 Aug 2011 04:14:54 +0000 (04:14 +0000)
committer takezoe <takezoe@users.osdn.me>
Sat, 13 Aug 2011 04:14:54 +0000 (04:14 +0000)
diff --git a/lib/Util.pm b/lib/Util.pm

index 32b1b1b..870b293 100644 (file)
--- a/lib/Util.pm
+++ b/lib/Util.pm
@@ -98,6 +98,10 @@ sub make_filename {
  #===============================================================================
  sub escapeHTML {
         my($retstr) = shift;
+       
+       &Jcode::convert(\$retstr,"utf8");
+       &Jcode::convert(\$retstr,"euc");
+       
         my %table = (
                 '&' => '&amp;',
                 '"' => '&quot;',
author	takezoe <takezoe@users.osdn.me>
	Sat, 13 Aug 2011 04:14:54 +0000 (04:14 +0000)
committer	takezoe <takezoe@users.osdn.me>
	Sat, 13 Aug 2011 04:14:54 +0000 (04:14 +0000)