--- trunk/html/swish.cgi 2003/03/21 22:23:06 28
+++ trunk/html/swish.cgi 2003/03/24 09:04:57 29
@@ -19,8 +19,17 @@
return $from_utf8->convert($_[0]);
}
-use Data::Dumper;
-#print Dumper($config);
+# Escape <, >, & and ", and to produce valid XML
+my %escape = ('<'=>'<', '>'=>'>', '&'=>'&', '"'=>'"');
+my $escape_re = join '|' => keys %escape;
+sub e {
+ my $out;
+ foreach my $v (@_) {
+ $v =~ s/($escape_re)/$escape{$1}/g;
+ $out .= $v;
+ }
+ return $out;
+}
my $spelling_alt;
# FIX: doesn't work very well
@@ -125,9 +134,9 @@
"%s [%s]
\n";
if ($config->{url}) {
- printf ($hit_fmt ,"http://".virtual_host().x($config->{url}).$hit->swishdocpath,$hit->swishtitle || 'untitled',$hit->swishrank);
+ printf ($hit_fmt ,"http://".virtual_host().x($config->{url}).$hit->swishdocpath,e($hit->swishtitle) || 'untitled',$hit->swishrank);
} else {
- printf ($hit_fmt ,$hit->swishdocpath,$hit->swishtitle || 'untitled',$hit->swishrank, map($hit->$_, @properties) );
+ printf ($hit_fmt ,$hit->swishdocpath,e($hit->swishtitle) || 'untitled',$hit->swishrank, map($hit->$_, @properties) );
}