diff options
author | morkt <> | 2015-01-12 09:54:26 +0100 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2015-01-12 09:54:26 +0100 |
commit | e80376eba0846f15f97f865aadcf4793f228b1a3 (patch) | |
tree | 701a13572234cb1db2d601819f145b395277025d /lib/VNDB/Handler/VNEdit.pm | |
parent | 34331f1a4625eec8df708a4142b4570c155fb40e (diff) |
staff: Stronger verification of form data
Diffstat (limited to 'lib/VNDB/Handler/VNEdit.pm')
-rw-r--r-- | lib/VNDB/Handler/VNEdit.pm | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/lib/VNDB/Handler/VNEdit.pm b/lib/VNDB/Handler/VNEdit.pm index a7900628..b055a87c 100644 --- a/lib/VNDB/Handler/VNEdit.pm +++ b/lib/VNDB/Handler/VNEdit.pm @@ -85,6 +85,7 @@ sub edit { || $vid && (($v->{locked} || $v->{hidden}) && !$self->authCan('dbmod')); my $r = $v ? $self->dbReleaseGet(vid => $v->{id}) : []; + my $chars = $v ? $self->dbCharGet(vid => $v->{id}, results => 50) : []; my %b4 = !$vid ? () : ( (map { $_ => $v->{$_} } qw|title original desc alias length l_wp l_encubed l_renai image img_nsfw ihid ilock|), @@ -145,11 +146,17 @@ sub edit { $last_c = $c; } - my $last_s; - for my $s (sort { $a->{aid} <=> $b->{aid} || $a->{cid} <=> $b->{cid} } @$raw_s) { - next if $last_s->{aid} == $s->{aid} && $last_s->{cid} == $s->{cid}; - push @seiyuu, $s; - $last_s = $s; + # if character list is empty, any seiyuu data will be discarded + if (@$chars && @$raw_s) { + my %vn_chars = map +($_->{id} => 1), @$chars; + my $last_s; + for my $s (sort { $a->{aid} <=> $b->{aid} || $a->{cid} <=> $b->{cid} } @$raw_s) { + next unless exists $vn_chars{$s->{cid}}; # weed out odd characters + next if $last_s->{aid} == $s->{aid} && $last_s->{cid} == $s->{cid}; + $s->{cid} += 0; # force numeric conversion + push @seiyuu, $s; + $last_s = $s; + } } }; push @{$frm->{_err}}, [ 'credits', 'template', 'json' ] if $@; @@ -210,7 +217,7 @@ sub edit { $self->htmlHeader(title => $title, noindex => 1); $self->htmlMainTabs('v', $v, 'edit') if $vid; $self->htmlEditMessage('v', $v, $title); - _form($self, $v, $frm, $r); + _form($self, $v, $frm, $r, $chars); $self->htmlFooter; } @@ -250,8 +257,7 @@ sub _uploadimage { sub _form { - my($self, $v, $frm, $r) = @_; - my $chars = $v ? $self->dbCharGet(vid => $v->{id}, results => 50) : []; + my($self, $v, $frm, $r, $chars) = @_; my $import = @$chars ? $self->dbVNImportSeiyuu($v->{id}, [ map $_->{id}, @$chars ]) : []; $self->htmlForm({ frm => $frm, action => $v ? "/v$v->{id}/edit" : '/v/new', editsum => 1, upload => 1 }, vn_geninfo => [ mt('_vnedit_geninfo'), |