sub send_password ($) {
$password= make_password($id);
- process_file('notice.txt');
+ process_file('notice.txt', 0);
open SM, "| /usr/sbin/sendmail -odb -oi -oee -f $nullemail -t" or die $!;
print SM $out or die $!;
close SM; $? and die $?;
open RAND,"/dev/urandom" or die $!;
-sub process_file ($) {
- local ($filename) = @_;
+sub process_file ($$) {
+ local ($filename, $quote_html) = @_;
open X, "$filename" or die "$filename: $!";
@x= <X>;
$cl= 0;
$out= '';
$level= -1;
- process(1);
+ process(1, $quote_html);
}
sub randnybs ($) {
$out.= $_[0]."\n";
}
-sub process ($) {
- my ($doing) = @_;
+sub process ($$) {
+ my ($doing, $quote_html) = @_;
my ($bcl);
$level++;
for (;;) {
$do= !$do if $q eq 'ifnot';
# out("<!-- $level $doing $do $q $v $_ -->");
}
- process($doing && $do);
+ process($doing && $do, $quote_html);
} elsif (m/^\@\@\@foreach\:(area|db)\@\@\@$/) {
if ($doing) {
$bcl= $cl;
&{"foreach_cond_$1"};
&{"foreach_incr_$1"}) {
&{"foreach_setvars_$1"};
- process($doing);
+ process($doing, $quote_html);
$cl= $bcl;
}
}
- process(0);
+ process(0, $quote_html);
} elsif (m/^\@\@\@comment\:(\s.*)?$/) {
} elsif (m/\S/) {
s/^\@\@\@$//;
if ($doing) {
- s/\@\@\@(\w+)\@\@\@/ getvar("$1") /ge;
+ s/\@\@\@(\w+)\@\@\@/ getvar_mightquote("$1", $quote_html) /ge;
out($_);
} else {
s/\@\@\@\w+\@\@\@//g;
return $$vn;
}
+sub getvar_mightquote ($$) {
+ my ($vn, $quote_html) = @_;
+ my $v = getvar($vn);
+ $v =~ s/\&/&/g;
+ $v =~ s/\</</g;
+ $v =~ s/\>/>/g;
+ return $v;
+}
+
%saniarray= ('<','lt', '>','gt', '&','amp', '"','quot');
sub html_sani {
local ($in) = @_;
~ijackson / bcp5-registry.git / commitdiff