$dbh ||= ($mydbh= dbw_connect($ocean));
my $debugf= !$debug ? sub { } : sub {
- print "@_\n";
+ print escapeHTML("@_")."\n";
};
$debugf->("QTSC STRING '$string'");
$sth, $sqlstmt_nqs,
$chk->attr_exists('abbrev_initials'),
$chk->attr('maxambig'),
- $chk->scall_method("nomatch", spec => $each),
+ $chk->scall_method("nomatch", specq => escerrq($each)),
$chk->scall_method("manyambig"),
sub {
$chk->scall_method("ambiguous",
- spec => $each, couldbe => $_[1])
+ specq => escerrq($each),
+ couldbe => $_[1])
});
if (defined $temsg) {
$emsg= $temsg;
$debugf->("QTSC EMSG='$emsg' RESULTS='@results'");
if ($format =~ /json/) {
- $r->content_type($ctype or $format);
+ $ctype ||= $format;
+ die unless grep { $_ eq $ctype }
+ qw(application/json text/plain text/xml);
+ $r->content_type($ctype);
my $jobj= {
success => 1*!length $emsg,
show => (length $emsg ? $emsg :