CustomerVendor-Controller: Callback nicht 2x escapen

url_for() escapet die Parameter bereits, daher ist es schädlich, das
vorher auch noch manuell zu tun.

Behebt #128.

diff --git a/SL/Controller/CustomerVendor.pm b/SL/Controller/CustomerVendor.pm
index 625ec62e07253f96d19e28c437c4249b39c79972..a624ba27b36f73a3f1b4cdad139c7ce0ba9b537a 100644 (file)
--- a/SL/Controller/CustomerVendor.pm
+++ b/SL/Controller/CustomerVendor.pm
@@ -264,7 +264,6 @@ sub _transaction {
 
   $self->_save();
 
 
   $self->_save();
 

-  my $callback = $::form->escape($::form->{callback}, 1);

   my $name = $::form->escape($self->{cv}->name, 1);
   my $db = $self->is_vendor() ? 'vendor' : 'customer';
 
   my $name = $::form->escape($self->{cv}->name, 1);
   my $db = $self->is_vendor() ? 'vendor' : 'customer';
 


@@ -275,7 +274,7 @@ sub _transaction {
     $db .'_id' => $self->{cv}->id,
     $db        => $name,
     type       => $::form->{type},
     $db .'_id' => $self->{cv}->id,
     $db        => $name,
     type       => $::form->{type},

-    callback   => $callback,
+    callback   => $::form->{callback},

   );
 
   print $::form->redirect_header($url);
   );
 
   print $::form->redirect_header($url);