Switch to default-escaped in templates.

This means any variable used in a template is automatically HTML-escaped, unless it is marked as safe either in code by using a SafeString, or in the template with the `mark_safe` function or the `safe` filter.
author: Matthew Somerville <matthew@mysociety.org> 2019-11-26 17:09:56 +0000
committer: Matthew Somerville <matthew@mysociety.org> 2019-12-09 09:38:03 +0000
commit: 6c2d3d5a7d84521d34daa2cf7e4be76a54b3b0e0 (patch)
tree: 75ef8cd6e1df444572ae5ec3a4048e6c3366a088 /perllib/FixMyStreet/DB/Result/User.pm
parent: a4290acdff6781979cc3cd7c0142d553236e5666 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm
index 9554bbe7e..4f46fcfe2 100644
--- a/perllib/FixMyStreet/DB/Result/User.pm
+++ b/perllib/FixMyStreet/DB/Result/User.pm
@@ -449,8 +449,8 @@ sub has_permission_to {
     return 0 unless $available{$permission_type};
 
     return 1 if $self->is_superuser;
-    return 0 if !$body_ids || (ref $body_ids && !@$body_ids);
-    $body_ids = [ $body_ids ] unless ref $body_ids;
+    return 0 if !$body_ids || (ref $body_ids eq 'ARRAY' && !@$body_ids);
+    $body_ids = [ $body_ids ] unless ref $body_ids eq 'ARRAY';
     my %body_ids = map { $_ => 1 } @$body_ids;
 
     foreach (@{$self->body_permissions}) {
author	Matthew Somerville <matthew@mysociety.org>	2019-11-26 17:09:56 +0000
committer	Matthew Somerville <matthew@mysociety.org>	2019-12-09 09:38:03 +0000
commit	6c2d3d5a7d84521d34daa2cf7e4be76a54b3b0e0 (patch)
tree	75ef8cd6e1df444572ae5ec3a4048e6c3366a088 /perllib/FixMyStreet/DB/Result/User.pm
parent	a4290acdff6781979cc3cd7c0142d553236e5666 (diff)