X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/2e07a0cdb14d031d325b20f05e916105f385ac19..2ef21b8f2aaae439a9408977458bdeb9b0fd9e25:/bin/mozilla/common.pl

diff --git a/bin/mozilla/common.pl b/bin/mozilla/common.pl
index d006c5436..dfecb2878 100644
--- a/bin/mozilla/common.pl
+++ b/bin/mozilla/common.pl
@@ -14,7 +14,7 @@ use SL::Common;
 use SL::MoreCommon;
 
 sub build_std_url {
-  $lxdebug->enter_sub();
+  $lxdebug->enter_sub(2);
 
   my $script = $form->{script};
 
@@ -37,7 +37,7 @@ sub build_std_url {
 
   my $url = "${script}?" . join('&', @parts);
 
-  $lxdebug->leave_sub();
+  $lxdebug->leave_sub(2);
 
   return $url;
 }
@@ -578,8 +578,11 @@ sub mark_as_paid_common {
     $form->redirect($locale->text("Marked as paid"));
 }
   else {
-    my $referer = $ENV{HTTP_REFERER};
-    $referer =~ s/^(.*)action\=.*\&(.*)$/$1action\=mark_as_paid\&mark_as_paid\=1\&login\=$form->{login}\&password\=$form->{password}\&id\=$form->{id}\&$2/;
+    my $referer  =  $ENV{HTTP_REFERER};
+    my $login    =  $form->escape($form->{login});
+    my $password =  $form->escape($form->{password});
+    my $id       =  $form->escape($form->{id});
+    $referer     =~ s/^(.*)action\=.*\&(.*)$/$1action\=mark_as_paid\&mark_as_paid\=1\&login\=$login\&password\=$password\&id\=$id\&$2/;
     $form->header();
     print qq|<body>|;
     print qq|<p><b>|.$locale->text('Mark as paid?').qq|</b></p>|;