uri_escape input

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>

diff --git a/search.cgi b/search.cgi
index 9a38e3e..42ad3d6 100755 (executable)
--- a/search.cgi
+++ b/search.cgi
@@ -17,11 +17,11 @@ use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR);
 my %config = &Util::ReadConfigFile;
 
 my $query = new CGI;
-my $id = $query->param('id');
-my $authtoken = $query->param('authtoken');
+my $id = uri_escape($query->param('id'));
+my $authtoken = uri_escape($query->param('authtoken'));
 my $password = &Util::CheckAuthToken($authtoken);
-my $dosearch = $query->param('dosearch');
-my $searchdn = $query->param('searchdn');
+my $dosearch = uri_escape($query->param('dosearch'));
+my $searchdn = uri_escape($query->param('searchdn'));
 my $ldap = undef;
 
 my $proto = ($ENV{HTTPS} ? "https" : "http");