[pLog-svn] r2166 - in plog/branches/plog-1.0.2/class: action/admin
data
oscar at devel.plogworld.net
oscar at devel.plogworld.net
Sun Jun 5 11:44:09 GMT 2005
Author: oscar
Date: 2005-06-05 11:44:09 +0000 (Sun, 05 Jun 2005)
New Revision: 2166
Modified:
plog/branches/plog-1.0.2/class/action/admin/adminaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminaddarticlecategoryaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminaddblogaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminaddbloguseraction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminaddcustomfieldaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminaddlinkaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminaddlinkcategoryaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminaddresourceaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminaddresourcealbumaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminadduseraction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminloginaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminpostmanagementcommonaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminupdatearticlecategoryaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminupdateblogsettingsaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminupdatecustomfieldaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminupdateeditblogaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminupdatelinkaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminupdatelinkcategoryaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminupdateresourceaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminupdateresourcealbumaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminupdateuserprofileaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminupdateusersettingsaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminuserprofileaction.class.php
plog/branches/plog-1.0.2/class/action/admin/adminxmlsavedraftaction.class.php
plog/branches/plog-1.0.2/class/data/textfilter.class.php
Log:
Fixed several potential XSS attacks by cleaning up all markup from most of the input fields (html in those fields is not needed anyway!) -- issue http://bugs.plogworld.net/view.php?id=577
Modified: plog/branches/plog-1.0.2/class/action/admin/adminaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -8,6 +8,7 @@
include_once( PLOG_CLASS_PATH."class/plugin/pluginmanager.class.php" );
include_once( PLOG_CLASS_PATH."class/template/cachecontrol.class.php" );
include_once( PLOG_CLASS_PATH."class/view/admin/admindefaultview.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
/**
* \ingroup Action
Modified: plog/branches/plog-1.0.2/class/action/admin/adminaddarticlecategoryaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminaddarticlecategoryaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminaddarticlecategoryaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -47,10 +47,10 @@
function perform()
{
// fetch the data, we already know it's valid and that we can trust it!
- $this->_categoryName = $this->_request->getValue( "categoryName" );
+ $this->_categoryName = Textfilter::filterAllHTML($this->_request->getValue( "categoryName" ));
$this->_categoryUrl = $this->_request->getValue( "categoryUrl" );
$this->_categoryInMainPage = Textfilter::checkboxToBoolean($this->_request->getValue( "categoryInMainPage" ));
- $this->_categoryDescription = $this->_request->getValue( "categoryDescription" );
+ $this->_categoryDescription = Textfilter::filterAllHTML($this->_request->getValue( "categoryDescription" ));
$this->_properties = $this->_request->getValue( "properties" );
// create the object...
Modified: plog/branches/plog-1.0.2/class/action/admin/adminaddblogaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminaddblogaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminaddblogaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -33,7 +33,7 @@
function perform()
{
// fetch the validated data
- $this->_blogName = $this->_request->getValue( "blogName" );
+ $this->_blogName = Textfilter::filterAllHTML($this->_request->getValue( "blogName" ));
$this->_ownerId = $this->_request->getValue( "blogOwner" );
$this->_blogProperties = $this->_request->getValue( "properties" );
Modified: plog/branches/plog-1.0.2/class/action/admin/adminaddbloguseraction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminaddbloguseraction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminaddbloguseraction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -59,7 +59,7 @@
function perform()
{
$this->_notificationText = $this->_request->getValue( "newBlogUserText" );
- $this->_newUsername = $this->_request->getValue( "newBlogUserName" );
+ $this->_newUsername = Textfilter::filterAllHTML($this->_request->getValue( "newBlogUserName" ));
// see if the user exists
$users = new Users();
Modified: plog/branches/plog-1.0.2/class/action/admin/adminaddcustomfieldaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminaddcustomfieldaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminaddcustomfieldaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -43,8 +43,8 @@
function perform()
{
// fetch the data
- $this->_fieldName = $this->_request->getValue( "fieldName" );
- $this->_fieldDescription = $this->_request->getValue( "fieldDescription" );
+ $this->_fieldName = Textfilter::filterAllHTML($this->_request->getValue( "fieldName" ));
+ $this->_fieldDescription = Textfilter::filterAllHTML($this->_request->getValue( "fieldDescription" ));
$this->_fieldType = $this->_request->getValue( "fieldType" );
$this->_fieldSearchable = (int)($this->_request->getValue( "fieldSearchable" ) != "" );
$this->_fieldHidden = (int)($this->_request->getValue( "fieldHidden" ) != "" );
Modified: plog/branches/plog-1.0.2/class/action/admin/adminaddlinkaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminaddlinkaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminaddlinkaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -51,11 +51,11 @@
function perform()
{
// fetch the data
- $this->_linkName = $this->_request->getValue( "linkName" );
- $this->_linkUrl = $this->_request->getValue( "linkUrl" );
+ $this->_linkName = Textfilter::filterAllHTML($this->_request->getValue( "linkName" ));
+ $this->_linkUrl = Textfilter::filterAllHTML($this->_request->getValue( "linkUrl" ));
$this->_linkCategoryId = $this->_request->getValue( "linkCategoryId" );
- $this->_linkDescription = $this->_request->getValue( "linkDescription" );
- $this->_linkRss = $this->_request->getValue( "linkRssFeed" );
+ $this->_linkDescription = Textfilter::filterAllHTML($this->_request->getValue( "linkDescription" ));
+ $this->_linkRss = Textfilter::filterAllHTML($this->_request->getValue( "linkRssFeed" ));
$this->_properties = Array();
// adds the new link to the database
Modified: plog/branches/plog-1.0.2/class/action/admin/adminaddlinkcategoryaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminaddlinkcategoryaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminaddlinkcategoryaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -38,7 +38,7 @@
function perform()
{
// add the new link category to the database
- $this->_linkCategoryName = $this->_request->getValue( "linkCategoryName" );
+ $this->_linkCategoryName = Textfilter::filterAllHTML($this->_request->getValue( "linkCategoryName" ));
$mylinksCategories = new MyLinksCategories();
$mylinksCategory = new MyLinksCategory( $this->_linkCategoryName,
$this->_blogInfo->getId(),
Modified: plog/branches/plog-1.0.2/class/action/admin/adminaddresourceaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminaddresourceaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminaddresourceaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -45,7 +45,7 @@
function perform()
{
// fetch the information coming from the resource
- $this->_description = $this->_request->getValue( "resourceDescription" );
+ $this->_description = Textfilter::filterAllHTML($this->_request->getValue( "resourceDescription" ));
$this->_albumId = $this->_request->getValue( "albumId" );
$this->_resource = $this->_request->getValue( "resourceFile" );
Modified: plog/branches/plog-1.0.2/class/action/admin/adminaddresourcealbumaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminaddresourcealbumaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminaddresourcealbumaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -42,8 +42,8 @@
function perform()
{
// fetch our data
- $this->_albumName = $this->_request->getValue( "albumName" );
- $this->_albumDescription = $this->_request->getValue( "albumDescription" );
+ $this->_albumName = Textfilter::filterAllHTML($this->_request->getValue( "albumName" ));
+ $this->_albumDescription = Textfilter::filterAllHTML($this->_request->getValue( "albumDescription" ));
$this->_parentId = $this->_request->getValue( "parentId" );
// create the album
Modified: plog/branches/plog-1.0.2/class/action/admin/adminadduseraction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminadduseraction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminadduseraction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -45,10 +45,10 @@
function perform()
{
// fetch the validated data
- $this->_userName = $this->_request->getValue( "userName" );
+ $this->_userName = Textfilter::filterAllHTML($this->_request->getValue( "userName" ));
$this->_userPassword = $this->_request->getValue( "userPassword" );
- $this->_userEmail = $this->_request->getValue( "userEmail" );
- $this->_userFullName = $this->_request->getValue( "userFullName" );
+ $this->_userEmail = Textfilter::filterAllHTML($this->_request->getValue( "userEmail" ));
+ $this->_userFullName = Textfilter::filterAllHTML($this->_request->getValue( "userFullName" ));
$this->_userStatus = $this->_request->getValue( "userStatus" );
$this->_userBlog = $this->_request->getValue( "userBlog" );
Modified: plog/branches/plog-1.0.2/class/action/admin/adminloginaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminloginaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminloginaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -52,9 +52,9 @@
function perform()
{
// get the parameters, which have already been validated
- $this->_userName = $this->_request->getValue( "userName" );
+ $this->_userName = Textfilter::filterAllHTML($this->_request->getValue( "userName" ));
$this->_userPassword = $this->_request->getValue( "userPassword" );
- $this->_op = $this->_request->getValue( "op" );
+ $this->_op = Textfilter::filterAllHTML($this->_request->getValue( "op" ));
// create a plugin manager
$pm =& PluginManager::getPluginManager();
Modified: plog/branches/plog-1.0.2/class/action/admin/adminpostmanagementcommonaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminpostmanagementcommonaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminpostmanagementcommonaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -118,9 +118,9 @@
{
$this->_postText = trim(Textfilter::xhtmlize($this->_request->getValue( "postText" )));
$this->_postExtendedText = trim(Textfilter::xhtmlize($this->_request->getValue( "postExtendedText" )));
- $this->_postTopic = $this->_request->getValue( "postTopic" );
+ $this->_postTopic = trim(Textfilter::filterAllHTML($this->_request->getValue( "postTopic" )));
$this->_postCategories = $this->_request->getValue( "postCategories" );
- $this->_postSlug = $this->_request->getValue( "postSlug" );
+ $this->_postSlug = trim(Textfilter::filterAllHTML($this->_request->getValue( "postSlug" )));
$this->_postStatus = $this->_request->getValue( "postStatus" );
$this->_sendNotification = $this->_request->getValue( "sendNotification" );
$this->_sendTrackbacks = $this->_request->getValue( "sendTrackbacks" );
Modified: plog/branches/plog-1.0.2/class/action/admin/adminupdatearticlecategoryaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminupdatearticlecategoryaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminupdatearticlecategoryaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -49,9 +49,9 @@
function perform()
{
// get the data from the form
- $this->_categoryName = $this->_request->getValue( "categoryName" );
+ $this->_categoryName = Textfilter::filterAllHTML($this->_request->getValue( "categoryName" ));
$this->_categoryId = $this->_request->getValue( "categoryId" );
- $this->_categoryDescription = $this->_request->getValue( "categoryDescription" );
+ $this->_categoryDescription = Textfilter::filterAllHTML($this->_request->getValue( "categoryDescription" ));
$this->_categoryInMainPage = $this->_request->getValue( "categoryInMainPage" );
$this->_properties = Array();
Modified: plog/branches/plog-1.0.2/class/action/admin/adminupdateblogsettingsaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminupdateblogsettingsaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminupdateblogsettingsaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -68,8 +68,8 @@
$blogSettings->setValue( "show_future_posts_in_calendar", Textfilter::checkboxToBoolean($this->_request->getValue( "blogShowFuturePosts" )));
$blogSettings->setValue( "new_drafts_autosave_enabled", Textfilter::checkboxToBoolean($this->_request->getValue( "blogEnableAutosaveDrafts" )));
$blogSettings->setValue( "comments_order", $this->_request->getValue( "blogCommentsOrder" ));
- $this->_blogInfo->setAbout( $this->_request->getValue( "blogAbout" ));
- $this->_blogInfo->setBlog( $this->_request->getValue( "blogName" ));
+ $this->_blogInfo->setAbout( Textfilter::filterAllHTML($this->_request->getValue( "blogAbout" )));
+ $this->_blogInfo->setBlog( Textfilter::filterAllHTML($this->_request->getValue( "blogName" )));
$this->_blogInfo->setSettings( $blogSettings );
$this->_blogInfo->setProperties( $this->_request->getValue( "properties" ));
@@ -86,8 +86,8 @@
}
// do it again, baby :)))
- $this->_blogInfo->setAbout( stripslashes($this->_request->getValue( "blogAbout" )));
- $this->_blogInfo->setBlog( stripslashes($this->_request->getValue( "blogName" )));
+ $this->_blogInfo->setAbout( Textfilter::filterAllHTML(stripslashes($this->_request->getValue( "blogAbout" ))));
+ $this->_blogInfo->setBlog( Textfilter::filterAllHTML(stripslashes($this->_request->getValue( "blogName" ))));
$this->_blogInfo->setSettings( $blogSettings );
$this->_blogInfo->setProperties( $this->_blogProperties );
$this->_session->setValue( "blogInfo", $this->_blogInfo );
Modified: plog/branches/plog-1.0.2/class/action/admin/adminupdatecustomfieldaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminupdatecustomfieldaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminupdatecustomfieldaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -43,8 +43,8 @@
{
// fetch the fields from the request
$this->_fieldId = $this->_request->getValue( "fieldId" );
- $this->_fieldName = $this->_request->getValue( "fieldName" );
- $this->_fieldDescription = $this->_request->getValue( "fieldDescription" );
+ $this->_fieldName = Textfilter::filterAllHTML($this->_request->getValue( "fieldName" ));
+ $this->_fieldDescription = Textfilter::filterAllHTML($this->_request->getValue( "fieldDescription" ));
$this->_fieldType = $this->_request->getValue( "fieldType" );
$this->_fieldSearchable = $this->_request->getValue( "fieldSearchable" );
$this->_fieldHidden = $this->_request->getValue( "fieldHidden" );
Modified: plog/branches/plog-1.0.2/class/action/admin/adminupdateeditblogaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminupdateeditblogaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminupdateeditblogaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -67,7 +67,7 @@
function perform()
{
// fetch the values from the form which have already been validated
- $this->_blogName = $this->_request->getValue( "blogName" );
+ $this->_blogName = Textfilter::filterAllHTML($this->_request->getValue( "blogName" ));
$this->_blogLocale = $this->_request->getValue( "blogLocale" );
$this->_blogTemplate = $this->_request->getValue( "blogTemplate" );
$this->_blogOwner = $this->_request->getValue( "blogOwner" );
Modified: plog/branches/plog-1.0.2/class/action/admin/adminupdatelinkaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminupdatelinkaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminupdatelinkaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -52,12 +52,12 @@
function perform()
{
// data is fine, we have already validated it
- $this->_linkName = $this->_request->getValue( "linkName" );
- $this->_linkDescription = $this->_request->getValue( "linkDescription" );
- $this->_linkUrl = $this->_request->getValue( "linkUrl" );
+ $this->_linkName = Textfilter::filterAllHTML($this->_request->getValue( "linkName" ));
+ $this->_linkDescription = Textfilter::filterAllHTML($this->_request->getValue( "linkDescription" ));
+ $this->_linkUrl = Textfilter::filterAllHTML($this->_request->getValue( "linkUrl" ));
$this->_linkCategoryId = $this->_request->getValue( "linkCategoryId" );
$this->_linkId = $this->_request->getValue( "linkId" );
- $this->_linkFeed = $this->_request->getValue( "linkRssFeed" );
+ $this->_linkFeed = Textfilter::filterAllHTML($this->_request->getValue( "linkRssFeed" ));
// fetch the link we're trying to update
$links = new MyLinks();
Modified: plog/branches/plog-1.0.2/class/action/admin/adminupdatelinkcategoryaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminupdatelinkcategoryaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminupdatelinkcategoryaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -41,7 +41,7 @@
{
// fetch the category we're trying to update
$this->_categoryId = $this->_request->getValue( "linkCategoryId" );
- $this->_categoryName = $this->_request->getValue( "linkCategoryName" );
+ $this->_categoryName = Textfilter::filterAllHTML($this->_request->getValue( "linkCategoryName" ));
$categories = new MyLinksCategories();
$category = $categories->getMyLinksCategory( $this->_categoryId, $this->_blogInfo->getId());
if( !$category ) {
Modified: plog/branches/plog-1.0.2/class/action/admin/adminupdateresourceaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminupdateresourceaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminupdateresourceaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -63,7 +63,7 @@
function perform()
{
// load the resource
- $this->_resourceDescription = $this->_request->getValue( "resourceDescription" );
+ $this->_resourceDescription = Textfilter::filterAllHTML($this->_request->getValue( "resourceDescription" ));
$this->_albumId = $this->_request->getValue( "albumId" );
$this->_resourceId = $this->_request->getValue( "resourceId" );
$resources = new GalleryResources();
Modified: plog/branches/plog-1.0.2/class/action/admin/adminupdateresourcealbumaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminupdateresourcealbumaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminupdateresourcealbumaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -48,8 +48,8 @@
{
$this->_albumId = $this->_request->getValue( "albumId" );
$this->_parentId = $this->_request->getValue( "parentId" );
- $this->_albumName = $this->_request->getValue( "albumName" );
- $this->_albumDescription = $this->_request->getValue( "albumDescription" );
+ $this->_albumName = Textfilter::filterAllHTML($this->_request->getValue( "albumName" ));
+ $this->_albumDescription = Textfilter::filterAllHTML($this->_request->getValue( "albumDescription" ));
$this->_showAlbum = $this->_request->getValue( "showAlbum" );
if( $this->_showAlbum == "" )
$this->_showAlbum = 0;
Modified: plog/branches/plog-1.0.2/class/action/admin/adminupdateuserprofileaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminupdateuserprofileaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminupdateuserprofileaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -49,10 +49,10 @@
{
// get the data
$this->_userId = $this->_request->getValue( "userId" );
- $this->_userPassword = $this->_request->getValue( "userPassword" );
- $this->_userEmail = $this->_request->getValue( "userEmail" );
- $this->_userAbout = $this->_request->getValue( "userAbout" );
- $this->_userFullName = $this->_request->getValue( "userFullName" );
+ $this->_userPassword = Textfilter::filterAllHTML($this->_request->getValue( "userPassword" ));
+ $this->_userEmail = Textfilter::filterAllHTML($this->_request->getValue( "userEmail" ));
+ $this->_userAbout = Textfilter::filterAllHTML($this->_request->getValue( "userAbout" ));
+ $this->_userFullName = Textfilter::filterAllHTML($this->_request->getValue( "userFullName" ));
$this->_adminPrivs = $this->_request->getValue( "userIsSiteAdmin" );
$this->_userProperties = $this->_request->getValue( "properties" );
$this->_userPassword = trim($this->_request->getValue( "userPassword" ));
Modified: plog/branches/plog-1.0.2/class/action/admin/adminupdateusersettingsaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminupdateusersettingsaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminupdateusersettingsaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -75,11 +75,11 @@
function perform()
{
// update the user information
- $this->_userInfo->setEmail( trim($this->_request->getValue( "userEmail" )));
+ $this->_userInfo->setEmail( Textfilter::filterAllHTML($this->_request->getValue( "userEmail" )));
if( $this->_userPassword != "" )
$this->_userInfo->setPassword( $this->_userPassword );
- $this->_userInfo->setAboutMyself( trim($this->_request->getValue( "userAbout" )));
- $this->_userInfo->setFullName( trim($this->_request->getValue( "userFullName" )));
+ $this->_userInfo->setAboutMyself( Textfilter::filterAllHTML($this->_request->getValue( "userAbout" )));
+ $this->_userInfo->setFullName( Textfilter::filterAllHTML($this->_request->getValue( "userFullName" )));
$this->_userInfo->setPictureId( $this->_request->getValue( "userPictureId" ));
$this->_userInfo->setProperties( $this->_request->getValue( "properties" ));
$this->notifyEvent( EVENT_PRE_USER_UPDATE, Array( "user" => &$this->_userInfo ));
Modified: plog/branches/plog-1.0.2/class/action/admin/adminuserprofileaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminuserprofileaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminuserprofileaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -51,4 +51,4 @@
return true;
}
}
-?>
+?>
\ No newline at end of file
Modified: plog/branches/plog-1.0.2/class/action/admin/adminxmlsavedraftaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/admin/adminxmlsavedraftaction.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/action/admin/adminxmlsavedraftaction.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -17,9 +17,9 @@
function validate()
{
- $this->_postText = rtrim(ltrim($this->_request->getValue( "postText" )));
- $this->_postExtendedText = rtrim(ltrim($this->_request->getValue( "postExtendedText" )));
- $this->_postTopic = rtrim(ltrim($this->_request->getValue( "postTopic" )));
+ $this->_postText = Textfilter::filterAllHTML($this->_request->getValue( "postText" ));
+ $this->_postExtendedText = Textfilter::filterAllHTML($this->_request->getValue( "postExtendedText" ));
+ $this->_postTopic = Textfilter::filterAllHTML($this->_request->getValue( "postTopic" ));
// if there is no text, extended text or topic there is no point in saving anything
if( $this->_postText == "" && $this->_postExtendedTExt == "" &&
Modified: plog/branches/plog-1.0.2/class/data/textfilter.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/data/textfilter.class.php 2005-06-05 10:52:01 UTC (rev 2165)
+++ plog/branches/plog-1.0.2/class/data/textfilter.class.php 2005-06-05 11:44:09 UTC (rev 2166)
@@ -102,7 +102,7 @@
// y luego eliminamos el javascript
$filteredString = Textfilter::filterJavaScript( $tmp );
- return $filteredString;
+ return( trim($filteredString));
}
/**
More information about the pLog-svn
mailing list