commit 2b64be9

sanitize() must only be called on strings

author	Alberto Bertogli <albertito@blitiri.com.ar> 2008-09-06 14:33:47 UTC
committer	Alberto Bertogli <albertito@blitiri.com.ar> 2008-09-06 14:51:39 UTC
parent	74a71431203c30c3b47ca985ec3d08e1ac38b080

sanitize() must only be called on strings

Otherwise, we may call sanitize() and think it's safe when it's not.

Signed-off-by: Alberto Bertogli <albertito@blitiri.com.ar>

blitiri.cgi

-3

diff --git a/blitiri.cgi b/blitiri.cgi
index 6ada91b..8ce4298 100755
--- a/blitiri.cgi
+++ b/blitiri.cgi
@@ -549,9 +549,7 @@ def valid_link(link):
 	return None
 
 def sanitize(obj):
-	if isinstance(obj, basestring):
-		return cgi.escape(obj, True)
-	return obj
+	return cgi.escape(obj, quote = True)
 
 
 # find out our URL, needed for syndication