X-Git-Url: http://git.shiar.net/perl/plp/.git/blobdiff_plain/df5933195f9dbe0fc69a1bd9752b84f267e4ec06..a3a4d694959ff6549ab0a37632440f529229c576:/PLP/Functions.pm
diff --git a/PLP/Functions.pm b/PLP/Functions.pm
index b4891ee..28815cd 100644
--- a/PLP/Functions.pm
+++ b/PLP/Functions.pm
@@ -4,8 +4,8 @@ use base 'Exporter';
use Fcntl qw(:flock);
use strict;
-our @EXPORT = qw/Entity DecodeURI EncodeURI include PLP_END
- AddCookie ReadFile WriteFile AutoURL Counter Include exit/;
+our @EXPORT = qw/Entity DecodeURI EncodeURI Include include PLP_END
+ AddCookie ReadFile WriteFile AutoURL Counter exit/;
sub Include ($) {
no strict;
@@ -37,7 +37,7 @@ sub Entity (@) {
for (@$ref) {
eval {
s/&/&/g;
- s/\"/"/g;
+ s/"/"/g;
s/</g;
s/>/>/g;
s/\n/
\n/g;
@@ -52,8 +52,8 @@ sub DecodeURI (@) {
my $ref = defined wantarray ? [@_] : \@_;
for (@$ref) {
eval {
- s/\+/%20/g; # Browsers do y/ /+/ - I don't care about RFC's, but
- # I do care about real-life situations.
+ tr/+/ /; # Browsers do tr/ /+/ - I don't care about RFCs, but
+ # I do care about real-life situations.
s/%([0-9A-Fa-f][0-9A-Fa-f])/chr hex $1/ge;
};
}
@@ -144,7 +144,7 @@ sub AutoURL ($) {
$$ref =~ s/>\cC>/>/g;
$$ref =~ s/<\cC</g;
};
- if ($@){ return defined wantarray ? @_ : undef }
+ if ($@){ return defined wantarray ? @_ : undef } # return original on error
return defined wantarray ? $$ref : undef;
}
@@ -206,14 +206,15 @@ You should use this function instead of Perl's built-in C blocks, because t
=item Entity LIST
-Replaces HTML syntax characters by HTML entities, so they can be displayed literally. You should always use this on user input (or database output), to avoid cross-site-scripting vurnerabilities. This function does not do everything the L does.
+Replaces HTML syntax characters by HTML entities, so they can be displayed literally. You should always use this when displaying user input (or database output), to avoid cross-site-scripting vurnerabilities.
In void context, B the values of the given variables. In other contexts, returns the changed versions.
<: print Entity($user_input); :>
Be warned that this function also HTMLizes consecutive whitespace and newlines (using and
respectively).
-For simple escaping, use L. To escape high-bit characters as well, use L.
+For simple escaping, use L.
+To escape high-bit characters as well, use L.
=item EncodeURI LIST
@@ -227,11 +228,13 @@ Note that the following reserved characters are I percent-encoded, even tho
/ ? : @ $
-This should be safe for escaping query values (as in the example above), but it may be a better idea to use L instead.
+This should be safe for escaping query values (as in the example above),
+but it may be a better idea to use L instead.
=item DecodeURI LIST
-Decodes %-encoded strings. Unlike L, it also translates + characters to spaces (as browsers use those).
+Decodes %-encoded strings. Unlike L,
+it also translates + characters to spaces (as browsers use those).
In void context, B the values of the given variables. In other contexts, returns the changed versions.