]> git.llucax.com Git - software/blitiri.git/commitdiff
projects / software / blitiri.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 74a7143)
sanitize() must only be called on strings
authorAlberto Bertogli <albertito@blitiri.com.ar>
Sat, 6 Sep 2008 14:33:47 +0000 (11:33 -0300)
committerAlberto Bertogli <albertito@blitiri.com.ar>
Sat, 6 Sep 2008 14:51:39 +0000 (11:51 -0300)
Otherwise, we may call sanitize() and think it's safe when it's not.

Signed-off-by: Alberto Bertogli <albertito@blitiri.com.ar>
blitiri.cgi patch | blob | history

diff --git a/blitiri.cgi b/blitiri.cgi
index 6ada91bfb9d82ffa650188d8d5337aa37788058e..8ce429868956d2b0b5cd5be87c958816bd6022ca 100755 (executable)
--- a/blitiri.cgi
+++ b/blitiri.cgi
@@ -549,9 +549,7 @@ def valid_link(link):
        return None
 
 def sanitize(obj):
-       if isinstance(obj, basestring):
-               return cgi.escape(obj, True)
-       return obj
+       return cgi.escape(obj, quote = True)
 
 
 # find out our URL, needed for syndication
Single-file blog engine