Commit 34af5791 authored by Frédéric Buclin's avatar Frédéric Buclin

Bug 721715: URLs in the See Also field must be detainted before inserted into the DB

r=dkl a=LpSolit
parent df170fd2
...@@ -2822,14 +2822,13 @@ sub add_see_also { ...@@ -2822,14 +2822,13 @@ sub add_see_also {
$class->check_required_create_fields($params); $class->check_required_create_fields($params);
my $field_values = $class->run_create_validators($params); my $field_values = $class->run_create_validators($params);
$uri = $field_values->{value}; my $value = $field_values->{value}->as_string;
$field_values->{value} = $uri->as_string; trick_taint($value);
$field_values->{value} = $value;
# We only add the new URI if it hasn't been added yet. URIs are # We only add the new URI if it hasn't been added yet. URIs are
# case-sensitive, but most of our DBs are case-insensitive, so we do # case-sensitive, but most of our DBs are case-insensitive, so we do
# this check case-insensitively. # this check case-insensitively.
my $value = $uri->as_string;
if (!grep { lc($_->name) eq lc($value) } @{ $self->see_also }) { if (!grep { lc($_->name) eq lc($value) } @{ $self->see_also }) {
my $privs; my $privs;
my $can = $self->check_can_change_field('see_also', '', $value, \$privs); my $can = $self->check_can_change_field('see_also', '', $value, \$privs);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment