Need to value_quote() things that go into VALUE attributes in HTML.

d45b54f9 · terry%mozilla.org · 68dd4192 · d45b54f9 · d45b54f9 · d45b54f9
Commit d45b54f9 authored Oct 20, 1999 by terry%mozilla.org
Hide whitespace changes
Inline Side-by-side

Showing with 44 additions and 20 deletions

editcomponents.cgi editcomponents.cgi +22 -11

editproducts.cgi editproducts.cgi +12 -4

editversions.cgi editversions.cgi +10 -5

No files found.
--- a/editcomponents.cgi
+++ b/editcomponents.cgi
@@ -110,21 +110,26 @@ sub EmitFormElements ($$$$$)
    my ($product, $component, $initialowner, $initialqacontact, $description) = @_;
    print "  <TH ALIGN=\"right\">Component:</TH>\n";
-    print "  <TD><INPUT SIZE=64 MAXLENGTH=255 NAME=\"component\" VALUE=\"$component\">\n";
+    print "  <TD><INPUT SIZE=64 MAXLENGTH=255 NAME=\"component\" VALUE=\"" .
-    print "      <INPUT TYPE=HIDDEN NAME=\"product\" VALUE=\"$product\"></TD>\n";
+        value_quote($component) . "\">\n";
+    print "      <INPUT TYPE=HIDDEN NAME=\"product\" VALUE=\"" .
+        value_quote($product) . "\"></TD>\n";
    print "</TR><TR>\n";
    print "  <TH ALIGN=\"right\">Description:</TH>\n";
-    print "  <TD><TEXTAREA ROWS=4 COLS=64 WRAP=VIRTUAL NAME=\"description\">$description</TEXTAREA></TD>\n";
+    print "  <TD><TEXTAREA ROWS=4 COLS=64 WRAP=VIRTUAL NAME=\"description\">" .
+        value_quote($description) . "</TEXTAREA></TD>\n";
    print "</TR><TR>\n";
    print "  <TH ALIGN=\"right\">Initial owner:</TH>\n";
-    print "  <TD><INPUT TYPE=TEXT SIZE=64 MAXLENGTH=255 NAME=\"initialowner\" VALUE=\"$initialowner\"></TD>\n";
+    print "  <TD><INPUT TYPE=TEXT SIZE=64 MAXLENGTH=255 NAME=\"initialowner\" VALUE=\"" .
+        value_quote($initialowner) . "\"></TD>\n";
    if (Param('useqacontact')) {
        print "</TR><TR>\n";
        print "  <TH ALIGN=\"right\">Initial QA contact:</TH>\n";
-        print "  <TD><INPUT TYPE=TEXT SIZE=64 MAXLENGTH=255 NAME=\"initialqacontact\" VALUE=\"$initialqacontact\"></TD>\n";
+        print "  <TD><INPUT TYPE=TEXT SIZE=64 MAXLENGTH=255 NAME=\"initialqacontact\" VALUE=\"" .
+            value_quote($initialqacontact) . "\"></TD>\n";
    }
 }
@@ -522,8 +527,10 @@ one.";
    print "<FORM METHOD=POST ACTION=editcomponents.cgi>\n";
    print "<INPUT TYPE=SUBMIT VALUE=\"Yes, delete\">\n";
    print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"delete\">\n";
-    print "<INPUT TYPE=HIDDEN NAME=\"product\" VALUE=\"$product\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"product\" VALUE=\"" .
-    print "<INPUT TYPE=HIDDEN NAME=\"component\" VALUE=\"$component\">\n";
+        value_quote($product) . "\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"component\" VALUE=\"" .
+        value_quote($component) . "\">\n";
    print "</FORM>";
    PutTrailer($localtrailer);
@@ -632,10 +639,14 @@ if ($action eq 'edit') {
    print "</TD>\n</TR></TABLE>\n";
-    print "<INPUT TYPE=HIDDEN NAME=\"componentold\" VALUE=\"$component\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"componentold\" VALUE=\"" .
-    print "<INPUT TYPE=HIDDEN NAME=\"descriptionold\" VALUE=\"$cdesc\">\n";
+        value_quote($component) . "\">\n";
-    print "<INPUT TYPE=HIDDEN NAME=\"initialownerold\" VALUE=\"$initialowner\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"descriptionold\" VALUE=\"" .
-    print "<INPUT TYPE=HIDDEN NAME=\"initialqacontactold\" VALUE=\"$initialqacontact\">\n";
+        value_quote($cdesc) . "\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"initialownerold\" VALUE=\"" .
+        value_quote($initialowner) . "\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"initialqacontactold\" VALUE=\"" .
+        value_quote($initialqacontact) . "\">\n";
    print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"update\">\n";
    print "<INPUT TYPE=SUBMIT VALUE=\"Update\">\n";

--- a/editproducts.cgi
+++ b/editproducts.cgi
@@ -66,6 +66,9 @@ sub EmitFormElements ($$$$)
 {
    my ($product, $description, $milestoneurl, $disallownew) = @_;
+    $product = value_quote($product);
+    $description = value_quote($description);
    print "  <TH ALIGN=\"right\">Product:</TH>\n";
    print "  <TD><INPUT SIZE=64 MAXLENGTH=64 NAME=\"product\" VALUE=\"$product\"></TD>\n";
    print "</TR><TR>\n";
@@ -74,6 +77,7 @@ sub EmitFormElements ($$$$)
    print "  <TD><TEXTAREA ROWS=4 COLS=64 WRAP=VIRTUAL NAME=\"description\">$description</TEXTAREA></TD>\n";
    if (Param('usetargetmilestone')) {
+        $milestoneurl = value_quote($milestoneurl);
        print "</TR><TR>\n";
        print "  <TH ALIGN=\"right\">Milestone URL:</TH>\n";
        print "  <TD><INPUT TYPE=TEXT SIZE=64 MAXLENGTH=255 NAME=\"milestoneurl\" VALUE=\"$milestoneurl\"></TD>\n";
@@ -397,7 +401,8 @@ one.";
    print "<FORM METHOD=POST ACTION=editproducts.cgi>\n";
    print "<INPUT TYPE=SUBMIT VALUE=\"Yes, delete\">\n";
    print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"delete\">\n";
-    print "<INPUT TYPE=HIDDEN NAME=\"product\" VALUE=\"$product\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"product\" VALUE=\"" .
+        value_quote($product) . "\">\n";
    print "</FORM>";
    PutTrailer($localtrailer);
@@ -544,9 +549,12 @@ if ($action eq 'edit') {
    print "</TD>\n</TR></TABLE>\n";
-    print "<INPUT TYPE=HIDDEN NAME=\"productold\" VALUE=\"$product\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"productold\" VALUE=\"" .
-    print "<INPUT TYPE=HIDDEN NAME=\"descriptionold\" VALUE=\"$description\">\n";
+        value_quote($product) . "\">\n";
-    print "<INPUT TYPE=HIDDEN NAME=\"milestoneurlold\" VALUE=\"$milestoneurl\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"descriptionold\" VALUE=\"" .
+        value_quote($description) . "\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"milestoneurlold\" VALUE=\"" .
+        value_quote($milestoneurl) . "\">\n";
    print "<INPUT TYPE=HIDDEN NAME=\"disallownewold\" VALUE=\"$disallownew\">\n";
    print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"update\">\n";
    print "<INPUT TYPE=SUBMIT VALUE=\"Update\">\n";

--- a/editversions.cgi
+++ b/editversions.cgi
@@ -100,8 +100,10 @@ sub EmitFormElements ($$)
    my ($product, $version) = @_;
    print "  <TH ALIGN=\"right\">Version:</TH>\n";
-    print "  <TD><INPUT SIZE=64 MAXLENGTH=64 NAME=\"version\" VALUE=\"$version\">\n";
+    print "  <TD><INPUT SIZE=64 MAXLENGTH=64 NAME=\"version\" VALUE=\"" .
-    print "      <INPUT TYPE=HIDDEN NAME=\"product\" VALUE=\"$product\"></TD>\n";
+        value_quote($version) . "\">\n";
+    print "      <INPUT TYPE=HIDDEN NAME=\"product\" VALUE=\"" .
+        value_quote($product) . "\"></TD>\n";
 }
@@ -383,8 +385,10 @@ one.";
    print "<FORM METHOD=POST ACTION=editversions.cgi>\n";
    print "<INPUT TYPE=SUBMIT VALUE=\"Yes, delete\">\n";
    print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"delete\">\n";
-    print "<INPUT TYPE=HIDDEN NAME=\"product\" VALUE=\"$product\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"product\" VALUE=\"" .
-    print "<INPUT TYPE=HIDDEN NAME=\"version\" VALUE=\"$version\">\n";
+        value_quote($product) . "\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"version\" VALUE=\"" .
+        value_quote($version) . "\">\n";
    print "</FORM>";
    PutTrailer($localtrailer);
@@ -467,7 +471,8 @@ if ($action eq 'edit') {
    print "</TR></TABLE>\n";
-    print "<INPUT TYPE=HIDDEN NAME=\"versionold\" VALUE=\"$version\">\n";
+    print "<INPUT TYPE=HIDDEN NAME=\"versionold\" VALUE=\"" .
+        value_quote($version) . "\">\n";
    print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"update\">\n";
    print "<INPUT TYPE=SUBMIT VALUE=\"Update\">\n";