diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2018-06-21 10:29:02 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2018-06-21 17:27:25 +0100 |
| commit | 63f8ca8d3fe1e3b52e079e41b29c85d14376f261 (patch) | |
| tree | 8449714aadfaf13c3a2ee0b14a86c710319f4f92 /perllib/FixMyStreet/App/Controller | |
| parent | e1853898c154356bf0af7ef021f9b1c519e8340b (diff) | |
Use CSV escaping for categories in URLs.
Categories could contain commas, so splitting on comma is not good enough.
Let’s escape the fields as if it’s a line in CSV. Fixes #2166.
Diffstat (limited to 'perllib/FixMyStreet/App/Controller')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth.pm | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report.pm | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/New.pm | 6 |
3 files changed, 7 insertions, 3 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index 533e6a9be..fa3403f6d 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -314,7 +314,7 @@ categories this user has been assigned to. sub redirect_to_categories : Private { my ( $self, $c ) = @_; - my $categories = join(',', @{ $c->user->categories }); + my $categories = $c->user->categories_string; my $body_short = $c->cobrand->short_name( $c->user->from_body ); $c->res->redirect( $c->uri_for( "/reports/" . $body_short, { filter_category => $categories } ) ); diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm index 799985f8e..f5d7db069 100644 --- a/perllib/FixMyStreet/App/Controller/Report.pm +++ b/perllib/FixMyStreet/App/Controller/Report.pm @@ -508,7 +508,7 @@ sub inspect : Private { # shortlist is always a single click away, being on the main nav. if ($c->user->has_body_permission_to('planned_reports')) { unless ($redirect_uri = $c->get_param("post_inspect_url")) { - my $categories = join(',', @{ $c->user->categories }); + my $categories = $c->user->categories_string; my $params = { lat => $problem->latitude, lon => $problem->longitude, diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm index 06885d566..9172de5b6 100644 --- a/perllib/FixMyStreet/App/Controller/Report/New.pm +++ b/perllib/FixMyStreet/App/Controller/Report/New.pm @@ -13,6 +13,7 @@ use Path::Class; use Utils; use mySociety::EmailUtil; use JSON::MaybeXS; +use Text::CSV; use FixMyStreet::SMS; =head1 NAME @@ -1509,8 +1510,11 @@ sub redirect_to_around : Private { foreach (qw(pc zoom)) { $params->{$_} = $c->get_param($_); } + + my $csv = Text::CSV->new; foreach (qw(status filter_category)) { - $params->{$_} = join(',', $c->get_param_list($_, 1)); + $csv->combine($c->get_param_list($_, 1)); + $params->{$_} = $csv->string; } # delete empty values |