Use CSV escaping for categories in URLs.

Categories could contain commas, so splitting on comma is not good enough. Let’s escape the fields as if it’s a line in CSV. Fixes #2166.
author: Matthew Somerville <matthew-github@dracos.co.uk> 2018-06-21 10:29:02 +0100
committer: Matthew Somerville <matthew-github@dracos.co.uk> 2018-06-21 17:27:25 +0100
commit: 63f8ca8d3fe1e3b52e079e41b29c85d14376f261 (patch)
tree: 8449714aadfaf13c3a2ee0b14a86c710319f4f92 /perllib/FixMyStreet/App/Controller/Report/New.pm
parent: e1853898c154356bf0af7ef021f9b1c519e8340b (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm
index 06885d566..9172de5b6 100644
--- a/perllib/FixMyStreet/App/Controller/Report/New.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/New.pm
@@ -13,6 +13,7 @@ use Path::Class;
 use Utils;
 use mySociety::EmailUtil;
 use JSON::MaybeXS;
+use Text::CSV;
 use FixMyStreet::SMS;
 
 =head1 NAME
@@ -1509,8 +1510,11 @@ sub redirect_to_around : Private {
     foreach (qw(pc zoom)) {
         $params->{$_} = $c->get_param($_);
     }
+
+    my $csv = Text::CSV->new;
     foreach (qw(status filter_category)) {
-        $params->{$_} = join(',', $c->get_param_list($_, 1));
+        $csv->combine($c->get_param_list($_, 1));
+        $params->{$_} = $csv->string;
     }
 
     # delete empty values
author	Matthew Somerville <matthew-github@dracos.co.uk>	2018-06-21 10:29:02 +0100
committer	Matthew Somerville <matthew-github@dracos.co.uk>	2018-06-21 17:27:25 +0100
commit	63f8ca8d3fe1e3b52e079e41b29c85d14376f261 (patch)
tree	8449714aadfaf13c3a2ee0b14a86c710319f4f92 /perllib/FixMyStreet/App/Controller/Report/New.pm
parent	e1853898c154356bf0af7ef021f9b1c519e8340b (diff)