86516ebc28dc4b6c7c96067e66469308880d7502
galt
Wed Sep 21 12:55:16 2016 -0700
Fixes XSS problem found in hgVisiGene. refs #17782.
diff --git src/lib/cheapcgi.c src/lib/cheapcgi.c
index 0a7954d..f90dc11 100644
--- src/lib/cheapcgi.c
+++ src/lib/cheapcgi.c
@@ -1565,66 +1565,66 @@
rowCount, columnCount, disabled ? "DISABLED" : "",
(initialVal != NULL ? initialVal : ""));
}
void cgiMakeOnKeypressTextVar(char *varName, char *initialVal, int charSize,
char *script)
/* Make a text control filled with initial value, with a (java)script
* to execute every time a key is pressed. If charSize is zero it's
* calculated from initialVal size. */
{
if (initialVal == NULL)
initialVal = "";
if (charSize == 0) charSize = strlen(initialVal);
if (charSize == 0) charSize = 8;
-printf("\n");
}
void cgiMakeTextVar(char *varName, char *initialVal, int charSize)
/* Make a text control filled with initial value. If charSize
* is zero it's calculated from initialVal size. */
{
cgiMakeOnKeypressTextVar(varName, initialVal, charSize, NULL);
}
void cgiMakeTextVarWithExtraHtml(char *varName, char *initialVal, int width, char *extra)
/* Make a text control filled with initial value. */
{
if (initialVal == NULL)
initialVal = "";
if (width==0)
width=strlen(initialVal)*10;
if (width==0)
width = 100;
-printf("\n");
}
void cgiMakeIntVarWithExtra(char *varName, int initialVal, int maxDigits, char *extra)
/* Make a text control filled with initial value and optional extra HTML. */
{
if (maxDigits == 0) maxDigits = 4;
-printf("",
+htmlPrintf("",
varName, maxDigits, initialVal, extra ? extra : "");
}
void cgiMakeIntVar(char *varName, int initialVal, int maxDigits)
/* Make a text control filled with initial value. */
{
cgiMakeIntVarWithExtra(varName, initialVal, maxDigits, NULL);
}
void cgiMakeIntVarInRange(char *varName, int initialVal, char *title, int width,
char *min, char *max)
/* Make a integer control filled with initial value.
If min and/or max are non-NULL will enforce range
Requires utils.js jQuery.js and inputBox class */
{