use Fcntl qw(:flock);
use strict;
-our @EXPORT = qw/Entity DecodeURI EncodeURI include PLP_END
- AddCookie ReadFile WriteFile AutoURL Counter Include exit/;
+our @EXPORT = qw/Entity DecodeURI EncodeURI Include include PLP_END
+ AddCookie ReadFile WriteFile AutoURL Counter exit/;
sub Include ($) {
no strict;
for (@$ref) {
eval {
s/&/&/g;
- s/\"/"/g;
+ s/"/"/g;
s/</</g;
s/>/>/g;
s/\n/<br>\n/g;
my $ref = defined wantarray ? [@_] : \@_;
for (@$ref) {
eval {
- s/\+/%20/g; # Browsers do y/ /+/ - I don't care about RFC's, but
- # I do care about real-life situations.
+ tr/+/ /; # Browsers do tr/ /+/ - I don't care about RFCs, but
+ # I do care about real-life situations.
s/%([0-9A-Fa-f][0-9A-Fa-f])/chr hex $1/ge;
};
}
$$ref =~ s/>\cC>/>/g;
$$ref =~ s/<\cC</</g;
};
- if ($@){ return defined wantarray ? @_ : undef }
+ if ($@){ return defined wantarray ? @_ : undef } # return original on error
return defined wantarray ? $$ref : undef;
}
=item Entity LIST
-Replaces HTML syntax characters by HTML entities, so they can be displayed literally. You should always use this on user input (or database output), to avoid cross-site-scripting vurnerabilities. This function does not do everything the L<HTML::Entity> does.
+Replaces HTML syntax characters by HTML entities, so they can be displayed literally. You should always use this when displaying user input (or database output), to avoid cross-site-scripting vurnerabilities.
In void context, B<changes> the values of the given variables. In other contexts, returns the changed versions.
<: print Entity($user_input); :>
Be warned that this function also HTMLizes consecutive whitespace and newlines (using and <br> respectively).
-For simple escaping, use L<XML::Quote>. To escape high-bit characters as well, use L<HTML::Entities>.
+For simple escaping, use L<XML::Quote|XML::Quote>.
+To escape high-bit characters as well, use L<HTML::Entities|HTML::Entities>.
=item EncodeURI LIST
/ ? : @ $
-This should be safe for escaping query values (as in the example above), but it may be a better idea to use L<URI::Escape> instead.
+This should be safe for escaping query values (as in the example above),
+but it may be a better idea to use L<URI::Escape|URI::Escape> instead.
=item DecodeURI LIST
-Decodes %-encoded strings. Unlike L<URI::Escape>, it also translates + characters to spaces (as browsers use those).
+Decodes %-encoded strings. Unlike L<URI::Escape|URI::Escape>,
+it also translates + characters to spaces (as browsers use those).
In void context, B<changes> the values of the given variables. In other contexts, returns the changed versions.