Fix for bug 38859: escape invalid email addresses for HTML before displaying to the...

author justdave%syndicomm.com <>

Sat, 12 May 2001 01:02:38 +0000 (01:02 +0000)

committer justdave%syndicomm.com <>

Sat, 12 May 2001 01:02:38 +0000 (01:02 +0000)
author justdave%syndicomm.com <>
Sat, 12 May 2001 01:02:38 +0000 (01:02 +0000)
committer justdave%syndicomm.com <>
Sat, 12 May 2001 01:02:38 +0000 (01:02 +0000)
diff --git a/CGI.pl b/CGI.pl

index 587ecc07473ded42a81524dbaa801bd28fc8b57b..e82ce8911480b84be74274b0dd3a0c363f6488e5 100644 (file)
--- a/CGI.pl
+++ b/CGI.pl
@@ -593,6 +593,9 @@ sub CheckEmailSyntax {
      if ($addr !~ /$match/) {
          print "Content-type: text/html\n\n";
  
+        # For security, escape HTML special characters.
+        $addr = html_quote($addr);
+
          PutHeader("Check e-mail syntax");
          print "The e-mail address you entered\n";
          print "(<b>$addr</b>) didn't match our minimal\n";
author	justdave%syndicomm.com <>
	Sat, 12 May 2001 01:02:38 +0000 (01:02 +0000)
committer	justdave%syndicomm.com <>
	Sat, 12 May 2001 01:02:38 +0000 (01:02 +0000)