Encode metadata values with encode_entities() from HTML::Entities module.

This forces all metadata values to be plain text values for now.

Encode metadata values with encode_entities() from HTML::Entities module.
This forces all metadata values to be plain text values for now.
6a723f18 · Leigh B. Stoller · 181608c7 · 6a723f18
Commit 6a723f18 authored Nov 06, 2006 by Leigh B. Stoller
--- a/tbsetup/Template.pm.in
+++ b/tbsetup/Template.pm.in
@@ -22,6 +22,7 @@ use libtestbed;
 use libtblog;
 use Experiment;
 use English;
+use HTML::Entities;
 use overload ('""' => 'Stringify');

 # Configure variables
@@ -682,7 +683,8 @@ sub NewMetadata($$$$;$)
    }

    my $safename  = DBQuoteSpecial($name);
-    my $safevalue = DBQuoteSpecial($value);
+    # HTML entity encode; yep, plain text only.
+    my $safevalue = DBQuoteSpecial(encode_entities($value));

    my $query_result =
 	DBQueryWarn("insert into experiment_template_metadata_items set ".
@@ -786,7 +788,7 @@ sub ModifyMetadata($$$$)
 	if ($already_exists <= 0);

    $name  = DBQuoteSpecial($name);
-    $value = DBQuoteSpecial($value);
+    $value = DBQuoteSpecial(encode_entities($value));

    DBQueryWarn("lock tables experiment_template_metadata_items write")
 	or return -1;