]> wagnertech.de Git - mfinanz.git/blobdiff - bin/mozilla/common.pl
projects / mfinanz.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
...und das gemoddete Templating
[mfinanz.git] / bin / mozilla / common.pl
diff --git a/bin/mozilla/common.pl b/bin/mozilla/common.pl
index d006c5436e12ef8e36540b56744cebeb9c709315..dfecb2878e93773c32dd9610c7f8919cc37c5b5b 100644 (file)
--- a/bin/mozilla/common.pl
+++ b/bin/mozilla/common.pl
@@ -14,7 +14,7 @@ use SL::Common;
 use SL::MoreCommon;
 
 sub build_std_url {
-  $lxdebug->enter_sub();
+  $lxdebug->enter_sub(2);
 
   my $script = $form->{script};
 
@@ -37,7 +37,7 @@ sub build_std_url {
 
   my $url = "${script}?" . join('&', @parts);
 
-  $lxdebug->leave_sub();
+  $lxdebug->leave_sub(2);
 
   return $url;
 }
@@ -578,8 +578,11 @@ sub mark_as_paid_common {
     $form->redirect($locale->text("Marked as paid"));
 }
   else {
-    my $referer = $ENV{HTTP_REFERER};
-    $referer =~ s/^(.*)action\=.*\&(.*)$/$1action\=mark_as_paid\&mark_as_paid\=1\&login\=$form->{login}\&password\=$form->{password}\&id\=$form->{id}\&$2/;
+    my $referer  =  $ENV{HTTP_REFERER};
+    my $login    =  $form->escape($form->{login});
+    my $password =  $form->escape($form->{password});
+    my $id       =  $form->escape($form->{id});
+    $referer     =~ s/^(.*)action\=.*\&(.*)$/$1action\=mark_as_paid\&mark_as_paid\=1\&login\=$login\&password\=$password\&id\=$id\&$2/;
     $form->header();
     print qq|<body>|;
     print qq|<p><b>|.$locale->text('Mark as paid?').qq|</b></p>|;
Unnamed repository; edit this file 'description' to name the repository.