Revision 897668e9
Von Moritz Bunkus vor fast 9 Jahren hinzugefügt
| SL/Controller/CustomerVendor.pm | ||
|---|---|---|
| 264 | 264 |
|
| 265 | 265 |
$self->_save(); |
| 266 | 266 |
|
| 267 |
my $callback = $::form->escape($::form->{callback}, 1);
|
|
| 268 | 267 |
my $name = $::form->escape($self->{cv}->name, 1);
|
| 269 | 268 |
my $db = $self->is_vendor() ? 'vendor' : 'customer'; |
| 270 | 269 |
|
| ... | ... | |
| 275 | 274 |
$db .'_id' => $self->{cv}->id,
|
| 276 | 275 |
$db => $name, |
| 277 | 276 |
type => $::form->{type},
|
| 278 |
callback => $callback,
|
|
| 277 |
callback => $::form->{callback},
|
|
| 279 | 278 |
); |
| 280 | 279 |
|
| 281 | 280 |
print $::form->redirect_header($url); |
Auch abrufbar als: Unified diff
CustomerVendor-Controller: Callback nicht 2x escapen
url_for() escapet die Parameter bereits, daher ist es schädlich, das
vorher auch noch manuell zu tun.
Behebt #128.