Commit 6a723f18 authored by Leigh Stoller's avatar Leigh Stoller

Encode metadata values with encode_entities() from HTML::Entities module.

This forces all metadata values to be plain text values for now.
parent 181608c7
......@@ -22,6 +22,7 @@ use libtestbed;
use libtblog;
use Experiment;
use English;
use HTML::Entities;
use overload ('""' => 'Stringify');
# Configure variables
......@@ -682,7 +683,8 @@ sub NewMetadata($$$$;$)
}
my $safename = DBQuoteSpecial($name);
my $safevalue = DBQuoteSpecial($value);
# HTML entity encode; yep, plain text only.
my $safevalue = DBQuoteSpecial(encode_entities($value));
my $query_result =
DBQueryWarn("insert into experiment_template_metadata_items set ".
......@@ -786,7 +788,7 @@ sub ModifyMetadata($$$$)
if ($already_exists <= 0);
$name = DBQuoteSpecial($name);
$value = DBQuoteSpecial($value);
$value = DBQuoteSpecial(encode_entities($value));
DBQueryWarn("lock tables experiment_template_metadata_items write")
or return -1;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment