package Header;
use CGI();
+use HTML::Entities();
use Socket;
use Time::Local;
return (($ip >= $start) && ($ip <= $end));
}
-sub cleanhtml
-{
+sub escape($) {
+ my $s = shift;
+ return HTML::Entities::encode_entities($s);
+}
+
+sub cleanhtml {
my $outstring =$_[0];
$outstring =~ tr/,/ / if not defined $_[1] or $_[1] ne 'y';
- $outstring =~ s/&/&/g;
- $outstring =~ s/\'/'/g;
- $outstring =~ s/\"/"/g; #" This is just a workaround for the syntax highlighter
- $outstring =~ s/</</g;
- $outstring =~ s/>/>/g;
- return $outstring;
+
+ return escape($outstring);
}
sub connectionstatus
$cgiparams{'MONTH'} = $temp[1];
$cgiparams{'DAY'} = $temp[2];
$cgiparams{'SOURCE_IP'} = $temp[3];
- $cgiparams{'USERNAME'} = $temp[4];
+ $cgiparams{'USERNAME'} = &Header::escape($temp[4]);
}
if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
END
;
foreach my $so (sort keys %users) {
+ $so = &Header::escape($so);
print "<option value='$so' $selected{'USERNAME'}{$so}>$so</option>\n"; }
print <<END
</select>