1 files changed, 6 insertions, 3 deletions

diff --git a/web/nms.gathering.org/api/private/comment-add b/web/nms.gathering.org/api/private/comment-add
index 7ad386e..2f8b0b7 100755
--- a/web/nms.gathering.org/api/private/comment-add
+++ b/web/nms.gathering.org/api/private/comment-add
@@ -2,12 +2,15 @@
 # vim:ts=8:sw=8
 use lib '../../../../include';
 use utf8;
-use nms::web qw($dbh db_safe_quote);
+use nms::web qw($dbh db_safe_quote get_input finalize_output);
 use strict;
 use warnings;
 
-my $data = db_safe_quote('comment');
-my $switch = db_safe_quote('switch');
+my $in = get_input();
+my %tmp = %{JSON::XS::decode_json($in)};
+
+my $data = $dbh->quote($tmp{'comment'});
+my $switch = $dbh->quote($tmp{'switch'});
 my $user = $dbh->quote($ENV{'REMOTE_USER'} || "undefined");
 
 my $q = $nms::web::dbh->prepare("INSERT INTO switch_comments (time,username,switch,comment) values (now(),$user,(select switch from switches where sysname = $switch limit 1),$data)");