XSS bug in db.debian.org

[mirror/userdir-ldap-cgi.git] / search.cgi

diff --git a/search.cgi b/search.cgi
index 2757d2f..9a38e3e 100755 (executable)
--- a/search.cgi
+++ b/search.cgi
@@ -236,7 +236,7 @@ if (!$dosearch) {
     
     # If this is ourselves, present a link to do mods
     if ($auth && ($id eq $data->{uid}->[0])) { #TODO: extract this string into a url for translation...
-      $outsub{searchresults} .= "<a href=\"$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=$id&authtoken=$authtoken&editdn=".uri_escape($dn, "\x00-\x40\x7f-\xff")."\">Edit my settings</a>\n";
+      $outsub{searchresults} .= "<a href=\"$proto://$ENV{SERVER_NAME}/$config{webupdateurl}?id=".uri_escape($id)."&authtoken=".uri_escape($authtoken)."&editdn=".uri_escape($dn, "\x00-\x40\x7f-\xff")."\">Edit my settings</a>\n";
     }
     
     $outsub{searchresults} .= "<br><br><br>\n";