Better quoting

diff --git a/group_chooser.cgi b/group_chooser.cgi
index 3cab9d2..2c99724 100755 (executable)
--- a/group_chooser.cgi
+++ b/group_chooser.cgi
@@ -33,7 +33,8 @@ if ($in{'multi'}) {
                                @mems = &unique( split(/ /, $ginfo[3]),
                                                 @{$members{$ginfo[2]}} );
                                if (@mems > 3) { @mems = (@mems[0..1], "..."); }
-                               print "selr[$i] = \"",join(' ', @mems),"\";\n";
+                               print "selr[$i] = \"",
+                                 &quote_escape(join(' ', @mems), "'"),"\";\n";
                                }
                        else { print "selr[$i] = \"???\";\n"; }
                        }

diff --git a/user_chooser.cgi b/user_chooser.cgi
index b0fde48..24c16d9 100755 (executable)
--- a/user_chooser.cgi
+++ b/user_chooser.cgi
@@ -22,8 +22,13 @@ if ($in{'multi'}) {
                        print "sel[$i] = \"".
                              &quote_escape($ul[$i], '"')."\";\n";
                        @uinfo = getpwnam($ul[$i]);
-                       if (@uinfo) { print "selr[$i] = \"$uinfo[6]\";\n"; }
-                       else { print "selr[$i] = \"???\";\n"; }
+                       if (@uinfo) {
+                               print "selr[$i] = \"".
+                                     &quote_escape($uinfo[6])."\";\n"; }
+                               }
+                       else {
+                               print "selr[$i] = \"???\";\n";
+                               }
                        }
                print "</script>\n";
                print "<title>$text{'users_title1'}</title>\n";