Escape titles and dates on their way out of the HTML. It _shouldn't_ be

[pr0n] / perl / Sesse / pr0n / Index.pm

diff --git a/perl/Sesse/pr0n/Index.pm b/perl/Sesse/pr0n/Index.pm
index 88affa1df0df74aaf6f6aa45d71868918c0465ac..ca02b75003ed4bb54f04d801978ed1e7da8072f1 100644 (file)
--- a/perl/Sesse/pr0n/Index.pm
+++ b/perl/Sesse/pr0n/Index.pm
@@ -34,8 +34,8 @@ sub handler {
        my %defsettings = (
                thumbxres => 80,
                thumbyres => 64,
-               xres => undef,
-               yres => undef,
+               xres => -1,
+               yres => -1,
                start => 1,
                num => -1,
                all => 1,
@@ -45,6 +45,11 @@ sub handler {
                fullscreen => 0,
        );
        
+       # Any NEF files => default to processing
+       my $ref = $dbh->selectrow_hashref('SELECT * FROM images WHERE event=? AND LOWER(filename) LIKE \'%.nef\' LIMIT 1',
+               undef, $event)
+               and $defsettings{'xres'} = $defsettings{'yres'} = undef;
+       
        # Reduce the front page load when in overload mode.
        if (Sesse::pr0n::Overload::is_in_overload($r)) {
                $defsettings{'num'} = 100;
@@ -77,12 +82,18 @@ sub handler {
                $num = undef;
        }
 
-       my $ref = $dbh->selectrow_hashref('SELECT * FROM events WHERE id=? AND vhost=?',
+       $ref = $dbh->selectrow_hashref('SELECT name,date,EXTRACT(EPOCH FROM last_update) AS last_update FROM events WHERE id=? AND vhost=?',
                undef, $event, $r->get_server_name)
                or error($r, "Could not find event $event", 404, "File not found");
 
-       my $name = $ref->{'name'};
-       my $date = $ref->{'date'};
+       my $date = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'date'}));
+       my $name = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'name'}));
+       $r->set_last_modified($ref->{'last_update'});
+                               
+       # If the client can use cache, do so
+       if ((my $rc = $r->meets_conditions) != Apache2::Const::OK) {
+               return $rc;
+       }
        
        # Count the number of selected images.
        $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS num_selected FROM images WHERE event=? AND selected=\'t\'", undef, $event);
@@ -148,6 +159,7 @@ sub handler {
                # Print out all thumbnails
                if ($rot == 1) {
                        $r->print("    <form method=\"post\" action=\"/rotate\">\n");
+                       $r->print("      <input type=\"hidden\" name=\"event\" value=\"$event\" />\n");
                
                        while (my $ref = $q->fetchrow_hashref()) {
                                my $imgsz = "";
@@ -437,7 +449,8 @@ sub print_nextprev {
                my %newsettings = %$settings;
                $newsettings{'start'} = $newstart;
                chomp (my $title = Sesse::pr0n::Templates::fetch_template($r, 'prevpage'));
-               Sesse::pr0n::Common::print_link($r, "$title ($newstart-$newend)\n", "/$event/", \%newsettings, $defsettings);
+               chomp (my $accesskey = Sesse::pr0n::Templates::fetch_template($r, 'prevaccesskey'));
+               Sesse::pr0n::Common::print_link($r, "$title ($newstart-$newend)\n", "/$event/", \%newsettings, $defsettings, $accesskey);
        }
 
        # This
@@ -455,7 +468,8 @@ sub print_nextprev {
                my %newsettings = %$settings;
                $newsettings{'start'} = $newstart;
                chomp (my $title = Sesse::pr0n::Templates::fetch_template($r, 'nextpage'));
-               Sesse::pr0n::Common::print_link($r, "$title ($newstart-$newend)", "/$event/", \%newsettings, $defsettings);
+               chomp (my $accesskey = Sesse::pr0n::Templates::fetch_template($r, 'nextaccesskey'));
+               Sesse::pr0n::Common::print_link($r, "$title ($newstart-$newend)", "/$event/", \%newsettings, $defsettings, $accesskey);
        }
 
        $r->print("    </p>\n");