From 897668e98733ed799c193eaacf722f863412cbc8 Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Wed, 10 Feb 2016 13:26:58 +0100 Subject: [PATCH] CustomerVendor-Controller: Callback nicht 2x escapen MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit url_for() escapet die Parameter bereits, daher ist es schädlich, das vorher auch noch manuell zu tun. Behebt #128. --- SL/Controller/CustomerVendor.pm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/SL/Controller/CustomerVendor.pm b/SL/Controller/CustomerVendor.pm index 625ec62e0..a624ba27b 100644 --- a/SL/Controller/CustomerVendor.pm +++ b/SL/Controller/CustomerVendor.pm @@ -264,7 +264,6 @@ sub _transaction { $self->_save(); - my $callback = $::form->escape($::form->{callback}, 1); my $name = $::form->escape($self->{cv}->name, 1); my $db = $self->is_vendor() ? 'vendor' : 'customer'; @@ -275,7 +274,7 @@ sub _transaction { $db .'_id' => $self->{cv}->id, $db => $name, type => $::form->{type}, - callback => $callback, + callback => $::form->{callback}, ); print $::form->redirect_header($url); -- 2.20.1