324f433e00cd05daeba5403195601ba0a03cdbeb galt Wed Sep 21 16:56:46 2016 -0700 Fixes oops and adds comment about unfinished XSS issues for javascript parameters. refs #17782. diff --git src/lib/cheapcgi.c src/lib/cheapcgi.c index f90dc11..2c93e40 100644 --- src/lib/cheapcgi.c +++ src/lib/cheapcgi.c @@ -1568,63 +1568,63 @@ void cgiMakeOnKeypressTextVar(char *varName, char *initialVal, int charSize, char *script) /* Make a text control filled with initial value, with a (java)script * to execute every time a key is pressed. If charSize is zero it's * calculated from initialVal size. */ { if (initialVal == NULL) initialVal = ""; if (charSize == 0) charSize = strlen(initialVal); if (charSize == 0) charSize = 8; htmlPrintf("\n"); } void cgiMakeTextVar(char *varName, char *initialVal, int charSize) /* Make a text control filled with initial value. If charSize * is zero it's calculated from initialVal size. */ { cgiMakeOnKeypressTextVar(varName, initialVal, charSize, NULL); } void cgiMakeTextVarWithExtraHtml(char *varName, char *initialVal, int width, char *extra) /* Make a text control filled with initial value. */ { if (initialVal == NULL) initialVal = ""; if (width==0) width=strlen(initialVal)*10; if (width==0) width = 100; htmlPrintf("\n"); } void cgiMakeIntVarWithExtra(char *varName, int initialVal, int maxDigits, char *extra) /* Make a text control filled with initial value and optional extra HTML. */ { if (maxDigits == 0) maxDigits = 4; -htmlPrintf("", +htmlPrintf("", // TODO XSS extra varName, maxDigits, initialVal, extra ? extra : ""); } void cgiMakeIntVar(char *varName, int initialVal, int maxDigits) /* Make a text control filled with initial value. */ { cgiMakeIntVarWithExtra(varName, initialVal, maxDigits, NULL); } void cgiMakeIntVarInRange(char *varName, int initialVal, char *title, int width, char *min, char *max) /* Make a integer control filled with initial value. If min and/or max are non-NULL will enforce range Requires utils.js jQuery.js and inputBox class */ {