CheckRFC: https-links now will be matched

[selfforum.git] / selfforum-cgi / user / fo_posting.pl

diff --git a/selfforum-cgi/user/fo_posting.pl b/selfforum-cgi/user/fo_posting.pl
index f4c6da01071a28913fb5d4bb00db836e61538f5a..1fe42a9d8104a3b612c5e1780221cc2e0db8b8d8 100644 (file)
--- a/selfforum-cgi/user/fo_posting.pl
+++ b/selfforum-cgi/user/fo_posting.pl
@@ -783,7 +783,7 @@ sub check_cgi {
     #
     my ($ftid, $fmid) = split /;/ => $q -> param ($formdata -> {followUp} -> {name}) => 2;
 
     #
     my ($ftid, $fmid) = split /;/ => $q -> param ($formdata -> {followUp} -> {name}) => 2;
 

-    unless ($ftid =~ /\d+/ and $fmid =~ /\d+/) {
+    unless ($ftid =~ /^\d+$/ and $fmid =~ /^\d+$/) {

       $self -> {error} = {
         spec => 'unknown_followup',
         type => 'fatal'
       $self -> {error} = {
         spec => 'unknown_followup',
         type => 'fatal'


@@ -880,6 +880,16 @@ sub check_cgi {
         };
         $self -> kill_param or return;
       }
         };
         $self -> kill_param or return;
       }

+
+      elsif ($formdata -> {$name {$_}} -> {type} eq 'unique-id' and not may_id $val) {
+        $self -> {error} = {
+          spec => 'wrong_unique_id',
+          desc => $name{$_},
+          type => $formdata -> {$name {$_}} -> {errorType}
+        };
+          print STDERR "Manipuliert!";
+        $self -> kill_param or return;
+      }

     }
 
     if (exists ($formdata -> {$name {$_}} -> {values})
     }
 
     if (exists ($formdata -> {$name {$_}} -> {values})