From 31819fde1085b66926394feb018301c594395310 Mon Sep 17 00:00:00 2001
From: Martin Zobel-Helas <zobel@debian.org>
Date: Fri, 6 Sep 2013 22:20:59 +0200
Subject: [PATCH] uri_escape input

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
---
 search.cgi | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/search.cgi b/search.cgi
index 9a38e3e..42ad3d6 100755
--- a/search.cgi
+++ b/search.cgi
@@ -17,11 +17,11 @@ use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR);
 my %config = &Util::ReadConfigFile;
 
 my $query = new CGI;
-my $id = $query->param('id');
-my $authtoken = $query->param('authtoken');
+my $id = uri_escape($query->param('id'));
+my $authtoken = uri_escape($query->param('authtoken'));
 my $password = &Util::CheckAuthToken($authtoken);
-my $dosearch = $query->param('dosearch');
-my $searchdn = $query->param('searchdn');
+my $dosearch = uri_escape($query->param('dosearch'));
+my $searchdn = uri_escape($query->param('searchdn'));
 my $ldap = undef;
 
 my $proto = ($ENV{HTTPS} ? "https" : "http");
-- 
2.20.1