summaryrefslogtreecommitdiff
path: root/lib/VNDB/Handler/Releases.pm
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2010-11-22 11:04:56 +0100
committerYorhel <git@yorhel.nl>2010-11-22 11:04:56 +0100
commit1c545349e9c17c9d1b7800c3b085ce6a0cff186a (patch)
treeb21cf89f3aa26356d8de383caea9535ad8bcce79 /lib/VNDB/Handler/Releases.pm
parent8395dc9db24ebd4814e7dd5cade08ce1e41b559b (diff)
Added basic validation of the filter string
fil_parse() now checks for proper formatting of the string and ignores key/value pairs that are not the list of allowed keys. This makes it impossible to provide extra, unintended, arguments to dbReleaseGet(), such as 'results'.
Diffstat (limited to 'lib/VNDB/Handler/Releases.pm')
-rw-r--r--lib/VNDB/Handler/Releases.pm3
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/VNDB/Handler/Releases.pm b/lib/VNDB/Handler/Releases.pm
index 63ea0922..36378212 100644
--- a/lib/VNDB/Handler/Releases.pm
+++ b/lib/VNDB/Handler/Releases.pm
@@ -492,8 +492,7 @@ sub browse {
);
return 404 if $f->{_err};
- # TODO: validate the filter string?
- my $fil = fil_parse $f->{fil};
+ my $fil = fil_parse $f->{fil}, qw|type patch freeware doujin date_before date_after minage lang resolution plat med|;
_fil_compat($self, $fil);
$f->{fil} = fil_serialize($fil);