Escape titles and dates on their way out of the HTML. It _shouldn't_ be

[pr0n] / perl / Sesse / pr0n / Listing.pm

diff --git a/perl/Sesse/pr0n/Listing.pm b/perl/Sesse/pr0n/Listing.pm
index 8447040a760421e50718afc3a88f71142766f22a..294b7bc278c472a650733e7051e29050a0b216d7 100644 (file)
--- a/perl/Sesse/pr0n/Listing.pm
+++ b/perl/Sesse/pr0n/Listing.pm
@@ -9,7 +9,7 @@ sub handler {
        my $dbh = Sesse::pr0n::Common::get_dbh();
 
         # Internal? (Ugly?)
-       if ($r->get_server_name =~ /internal/) {
+       if ($r->get_server_name =~ /internal/ || $r->get_server_name =~ /skoyen\.bilder\.knatten\.com/) {
                my $user = Sesse::pr0n::Common::check_access($r);
                if (!defined($user)) {
                        return Apache2::Const::OK;
@@ -18,7 +18,7 @@ sub handler {
 
 #      my $q = $dbh->prepare('SELECT t1.id,t1.date,t1.name FROM events t1 LEFT JOIN images t2 ON t1.id=t2.event WHERE t1.vhost=? GROUP BY t1.id,t1.date,t1.name ORDER BY COALESCE(MAX(t2.date),\'1970-01-01 00:00:00\'),t1.id') or
 #              dberror($r, "Couldn't list events");
-       my $q = $dbh->prepare('SELECT id,date,name FROM events WHERE vhost=? ORDER BY last_picture DESC')
+       my $q = $dbh->prepare('SELECT id,date,name FROM events e JOIN last_picture_cache c ON e.id=c.event WHERE vhost=? ORDER BY last_picture DESC')
                or dberror($r, "Couldn't list events");
        $q->execute($r->get_server_name)
                or dberror($r, "Couldn't get events");
@@ -31,8 +31,8 @@ sub handler {
 
        while (my $ref = $q->fetchrow_hashref()) {
                my $id = $ref->{'id'};
-               my $date = $ref->{'date'};
-               my $name = $ref->{'name'};
+               my $date = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'date'}));
+               my $name = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'name'}));
                
                $r->print("      <li><a href=\"$id/\">$name</a> ($date)</li>\n");
        }