IE6、7で不正なバイトが挿入された場合にXSSが発生しうる問題を修正するため、いったんUTF-8に変換するようにした。

diff --git a/lib/Util.pm b/lib/Util.pm
index 870b293..4464446 100644 (file)
--- a/lib/Util.pm
+++ b/lib/Util.pm
@@ -35,6 +35,8 @@ BEGIN {
 #===============================================================================
 sub url_encode {
        my $retstr = shift;
+       $retstr = Jcode->new($retstr)->euc;
+       
        $retstr =~ s/([^ 0-9A-Za-z])/sprintf("%%%.2X", ord($1))/eg;
        $retstr =~ tr/ /+/;
        return $retstr;
@@ -98,10 +100,8 @@ sub make_filename {
 #===============================================================================
 sub escapeHTML {
        my($retstr) = shift;
-       
-       &Jcode::convert(\$retstr,"utf8");
-       &Jcode::convert(\$retstr,"euc");
-       
+       $retstr = Jcode->new($retstr)->euc;
+
        my %table = (
                '&' => '&',
                '"' => '"',