git URLs for various source trees

[ypp-sc-tools.db-live.git] / yarrg / web / qtextstringcheck

diff --git a/yarrg/web/qtextstringcheck b/yarrg/web/qtextstringcheck
index 3b4fdd7470443e040a09882a1e66eba621c3ac7e..539abce6a550d8387c0171b845ef20b50b0d651c 100755 (executable)
--- a/yarrg/web/qtextstringcheck
+++ b/yarrg/web/qtextstringcheck
@@ -60,12 +60,13 @@ use Scalar::Util qw(blessed);
 
 die if $what =~ m/[^a-z]/;
 my $chk= $m->fetch_comp("check_${what}");
+die "check_$what" unless $chk;
 
 my $mydbh;
 $dbh ||= ($mydbh= dbw_connect($ocean));
 
 my $debugf= !$debug ? sub { } : sub {
-    print "@_\n";
+    print escapeHTML("@_")."\n";
 };
 
 $debugf->("QTSC STRING '$string'");
@@ -105,11 +106,12 @@ if ($chk->method_exists('execute')) {
                        $sth, $sqlstmt_nqs,
                        $chk->attr_exists('abbrev_initials'),
                        $chk->attr('maxambig'),
-                       $chk->scall_method("nomatch", spec => $each),
+                       $chk->scall_method("nomatch", specq => escerrq($each)),
                        $chk->scall_method("manyambig"),
                        sub {
                                $chk->scall_method("ambiguous",
-                                       spec => $each, couldbe => $_[0])
+                                       specq => escerrq($each),
+                                       couldbe => $_[1])
                        });
                if (defined $temsg) {
                        $emsg= $temsg;
@@ -129,7 +131,10 @@ $emsg='' if !defined $emsg;
 $debugf->("QTSC EMSG='$emsg' RESULTS='@results'");
 
 if ($format =~ /json/) {
-       $r->content_type($ctype or $format);
+       $ctype ||= $format;
+       die unless grep { $_ eq $ctype }
+               qw(application/json text/plain text/xml);
+       $r->content_type($ctype);
        my $jobj= {
                success => 1*!length $emsg,
                show => (length $emsg      ? $emsg                       :