X-Git-Url: https://git.p6c8.net/selfforum.git/blobdiff_plain/cee4397796b2a1015b88addca2de54fe50dbc3f8..9b9648223ab2db3960298d04b83ecdd147ec21e9:/selfforum-cgi/user/fo_posting.pl

diff --git a/selfforum-cgi/user/fo_posting.pl b/selfforum-cgi/user/fo_posting.pl
index f4c6da0..1fe42a9 100644
--- a/selfforum-cgi/user/fo_posting.pl
+++ b/selfforum-cgi/user/fo_posting.pl
@@ -783,7 +783,7 @@ sub check_cgi {
     #
     my ($ftid, $fmid) = split /;/ => $q -> param ($formdata -> {followUp} -> {name}) => 2;
 
-    unless ($ftid =~ /\d+/ and $fmid =~ /\d+/) {
+    unless ($ftid =~ /^\d+$/ and $fmid =~ /^\d+$/) {
       $self -> {error} = {
         spec => 'unknown_followup',
         type => 'fatal'
@@ -880,6 +880,16 @@ sub check_cgi {
         };
         $self -> kill_param or return;
       }
+
+      elsif ($formdata -> {$name {$_}} -> {type} eq 'unique-id' and not may_id $val) {
+        $self -> {error} = {
+          spec => 'wrong_unique_id',
+          desc => $name{$_},
+          type => $formdata -> {$name {$_}} -> {errorType}
+        };
+          print STDERR "Manipuliert!";
+        $self -> kill_param or return;
+      }
     }
 
     if (exists ($formdata -> {$name {$_}} -> {values})