summaryrefslogtreecommitdiff
path: root/lib/VNDB/Handler/VNEdit.pm
diff options
context:
space:
mode:
authormorkt <>2015-01-12 09:54:26 +0100
committerYorhel <git@yorhel.nl>2015-01-12 09:54:26 +0100
commite80376eba0846f15f97f865aadcf4793f228b1a3 (patch)
tree701a13572234cb1db2d601819f145b395277025d /lib/VNDB/Handler/VNEdit.pm
parent34331f1a4625eec8df708a4142b4570c155fb40e (diff)
staff: Stronger verification of form data
Diffstat (limited to 'lib/VNDB/Handler/VNEdit.pm')
-rw-r--r--lib/VNDB/Handler/VNEdit.pm22
1 files changed, 14 insertions, 8 deletions
diff --git a/lib/VNDB/Handler/VNEdit.pm b/lib/VNDB/Handler/VNEdit.pm
index a7900628..b055a87c 100644
--- a/lib/VNDB/Handler/VNEdit.pm
+++ b/lib/VNDB/Handler/VNEdit.pm
@@ -85,6 +85,7 @@ sub edit {
|| $vid && (($v->{locked} || $v->{hidden}) && !$self->authCan('dbmod'));
my $r = $v ? $self->dbReleaseGet(vid => $v->{id}) : [];
+ my $chars = $v ? $self->dbCharGet(vid => $v->{id}, results => 50) : [];
my %b4 = !$vid ? () : (
(map { $_ => $v->{$_} } qw|title original desc alias length l_wp l_encubed l_renai image img_nsfw ihid ilock|),
@@ -145,11 +146,17 @@ sub edit {
$last_c = $c;
}
- my $last_s;
- for my $s (sort { $a->{aid} <=> $b->{aid} || $a->{cid} <=> $b->{cid} } @$raw_s) {
- next if $last_s->{aid} == $s->{aid} && $last_s->{cid} == $s->{cid};
- push @seiyuu, $s;
- $last_s = $s;
+ # if character list is empty, any seiyuu data will be discarded
+ if (@$chars && @$raw_s) {
+ my %vn_chars = map +($_->{id} => 1), @$chars;
+ my $last_s;
+ for my $s (sort { $a->{aid} <=> $b->{aid} || $a->{cid} <=> $b->{cid} } @$raw_s) {
+ next unless exists $vn_chars{$s->{cid}}; # weed out odd characters
+ next if $last_s->{aid} == $s->{aid} && $last_s->{cid} == $s->{cid};
+ $s->{cid} += 0; # force numeric conversion
+ push @seiyuu, $s;
+ $last_s = $s;
+ }
}
};
push @{$frm->{_err}}, [ 'credits', 'template', 'json' ] if $@;
@@ -210,7 +217,7 @@ sub edit {
$self->htmlHeader(title => $title, noindex => 1);
$self->htmlMainTabs('v', $v, 'edit') if $vid;
$self->htmlEditMessage('v', $v, $title);
- _form($self, $v, $frm, $r);
+ _form($self, $v, $frm, $r, $chars);
$self->htmlFooter;
}
@@ -250,8 +257,7 @@ sub _uploadimage {
sub _form {
- my($self, $v, $frm, $r) = @_;
- my $chars = $v ? $self->dbCharGet(vid => $v->{id}, results => 50) : [];
+ my($self, $v, $frm, $r, $chars) = @_;
my $import = @$chars ? $self->dbVNImportSeiyuu($v->{id}, [ map $_->{id}, @$chars ]) : [];
$self->htmlForm({ frm => $frm, action => $v ? "/v$v->{id}/edit" : '/v/new', editsum => 1, upload => 1 },
vn_geninfo => [ mt('_vnedit_geninfo'),