src/lib/cheapcgi.c ea3a67989847a2b731be271d112feab992a5eb9a

ea3a67989847a2b731be271d112feab992a5eb9a
galt
  Wed Sep 28 10:08:47 2016 -0700
Fixes hgNearTest robot by having htmlPage.c call attributeDecode on attribute values since we are now encoding them against XSS. refs #18077. hgNearTest was crashing right away with the error Couldn't get main form on orgPage.

diff --git src/lib/cheapcgi.c src/lib/cheapcgi.c
index 2c93e40..b4fde00 100644
--- src/lib/cheapcgi.c
+++ src/lib/cheapcgi.c
@@ -1565,55 +1565,55 @@
        rowCount, columnCount, disabled ? "DISABLED" : "",
        (initialVal != NULL ? initialVal : ""));
 }
 
 void cgiMakeOnKeypressTextVar(char *varName, char *initialVal, int charSize,
 			      char *script)
 /* Make a text control filled with initial value, with a (java)script
  * to execute every time a key is pressed.  If charSize is zero it's
  * calculated from initialVal size. */
 {
 if (initialVal == NULL)
     initialVal = "";
 if (charSize == 0) charSize = strlen(initialVal);
 if (charSize == 0) charSize = 8;
 
-htmlPrintf("<INPUT TYPE=TEXT NAME='%s|attr|' SIZE=%d VALUE='%s'", varName,
+htmlPrintf("<INPUT TYPE=TEXT NAME='%s|attr|' SIZE=%d VALUE='%s|attr|'", varName,
         charSize, initialVal);
 if (isNotEmpty(script))
     printf(" onkeypress='%s'", script); // TODO XSS
 printf(">\n");
 }
 
 void cgiMakeTextVar(char *varName, char *initialVal, int charSize)
 /* Make a text control filled with initial value.  If charSize
  * is zero it's calculated from initialVal size. */
 {
 cgiMakeOnKeypressTextVar(varName, initialVal, charSize, NULL);
 }
 
 void cgiMakeTextVarWithExtraHtml(char *varName, char *initialVal, int width, char *extra)
 /* Make a text control filled with initial value. */
 {
 if (initialVal == NULL)
     initialVal = "";
 if (width==0)
     width=strlen(initialVal)*10;
 if (width==0)
     width = 100;
 
-htmlPrintf("<INPUT TYPE=TEXT class='inputBox' NAME='%s|attr|' style='width:%dpx' VALUE='%s'",
+htmlPrintf("<INPUT TYPE=TEXT class='inputBox' NAME='%s|attr|' style='width:%dpx' VALUE='%s|attr|'",
        varName, width, initialVal);
 if (isNotEmpty(extra))
     printf(" %s",extra); // TODO XSS
 printf(">\n");
 }
 
 void cgiMakeIntVarWithExtra(char *varName, int initialVal, int maxDigits, char *extra)
 /* Make a text control filled with initial value and optional extra HTML.  */
 {
 if (maxDigits == 0) maxDigits = 4;
 htmlPrintf("<INPUT TYPE=TEXT NAME='%s|attr|' SIZE=%d VALUE=%d %s|none|>", // TODO XSS extra
                 varName, maxDigits, initialVal, extra ? extra : "");
 }
 
 void cgiMakeIntVar(char *varName, int initialVal, int maxDigits)