From 7dcdd7e02acf397d9cae7f9c435ace1f7b837d67 Mon Sep 17 00:00:00 2001 From: Michael Andreen Date: Tue, 30 Jan 2007 14:54:20 +0000 Subject: [PATCH] strip all illegal characters --- ND/Web/Forum.pm | 6 +++++- ND/Web/XMLPage.pm | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ND/Web/Forum.pm b/ND/Web/Forum.pm index a780474..6b122c6 100644 --- a/ND/Web/Forum.pm +++ b/ND/Web/Forum.pm @@ -58,7 +58,11 @@ ORDER BY fp.time ASC my $text = parseMarkup(escapeHTML(param('message'))); $text .= p b $@ if $@; push @posts,{message => $text, unread => 1, username => 'PREVIEW', Time => 'Not submitted yet', NewPosts => $old ? 1 : 0}; - $template->param(Message => escapeHTML param('message')); + + $text = escapeHTML param('message'); + $text =~ s/\x{3}\d\d?//g; #mirc color TODO: possibly match until \x{0F} and change to [color] block + $text =~ s/[^\x{9}\x{A}\x{D}\x{20}-\x{D7FF}\x{E000}-\x{FFFD}\x{10000}-\x{10FFFF}]//g; + $template->param(Message => $text); } $template->param(Posts => \@posts); diff --git a/ND/Web/XMLPage.pm b/ND/Web/XMLPage.pm index b7e7015..853ef42 100644 --- a/ND/Web/XMLPage.pm +++ b/ND/Web/XMLPage.pm @@ -129,6 +129,7 @@ sub render : method { $template->param(Error => $ND::ERROR); $template->param(BODY => $body->output); my $output = $template->output; + $output =~ s/[^\x{9}\x{A}\x{D}\x{20}-\x{D7FF}\x{E000}-\x{FFFD}\x{10000}-\x{10FFFF}]//g; print header(-type=> $type, -charset => 'utf-8', -Content_Length => length $output); print $output; }; -- 2.39.2