diff options
author | Yorhel <git@yorhel.nl> | 2010-11-22 11:04:56 +0100 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2010-11-22 11:04:56 +0100 |
commit | 1c545349e9c17c9d1b7800c3b085ce6a0cff186a (patch) | |
tree | b21cf89f3aa26356d8de383caea9535ad8bcce79 /lib/VNDB/Handler/Releases.pm | |
parent | 8395dc9db24ebd4814e7dd5cade08ce1e41b559b (diff) |
Added basic validation of the filter string
fil_parse() now checks for proper formatting of the string and ignores
key/value pairs that are not the list of allowed keys. This makes it
impossible to provide extra, unintended, arguments to dbReleaseGet(),
such as 'results'.
Diffstat (limited to 'lib/VNDB/Handler/Releases.pm')
-rw-r--r-- | lib/VNDB/Handler/Releases.pm | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/VNDB/Handler/Releases.pm b/lib/VNDB/Handler/Releases.pm index 63ea0922..36378212 100644 --- a/lib/VNDB/Handler/Releases.pm +++ b/lib/VNDB/Handler/Releases.pm @@ -492,8 +492,7 @@ sub browse { ); return 404 if $f->{_err}; - # TODO: validate the filter string? - my $fil = fil_parse $f->{fil}; + my $fil = fil_parse $f->{fil}, qw|type patch freeware doujin date_before date_after minage lang resolution plat med|; _fil_compat($self, $fil); $f->{fil} = fil_serialize($fil); |