[pLog-svn] r2172 - plog/branches/plog-1.0.2/class/action
oscar at devel.plogworld.net
oscar at devel.plogworld.net
Mon Jun 6 10:45:29 GMT 2005
Author: oscar
Date: 2005-06-06 10:45:28 +0000 (Mon, 06 Jun 2005)
New Revision: 2172
Modified:
plog/branches/plog-1.0.2/class/action/addcommentaction.class.php
Log:
more XSS fixes, this one was kinda nasty...
Modified: plog/branches/plog-1.0.2/class/action/addcommentaction.class.php
===================================================================
--- plog/branches/plog-1.0.2/class/action/addcommentaction.class.php 2005-06-05 14:07:39 UTC (rev 2171)
+++ plog/branches/plog-1.0.2/class/action/addcommentaction.class.php 2005-06-06 10:45:28 UTC (rev 2172)
@@ -9,11 +9,13 @@
include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
include_once( PLOG_CLASS_PATH."class/data/validator/emailvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/httpurlvalidator.class.php" );
include_once( PLOG_CLASS_PATH."class/net/client.class.php" );
include_once( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
include_once( PLOG_CLASS_PATH."class/bayesian/bayesianfiltercore.class.php" );
include_once( PLOG_CLASS_PATH."class/template/cachecontrol.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
/**
* \ingroup Action
@@ -54,6 +56,7 @@
$this->registerFieldValidator( "userName", new StringValidator());
$this->_form->setFieldErrorMessage( "userName", $this->_locale->tr("error_comment_without_name" ));
$this->registerFieldValidator( "commentText", new StringValidator());
+ $this->registerFieldValidator( "userUrl", new HttpUrlValidator());
$this->_form->setFieldErrorMessage( "commentText", $this->_locale->tr("error_comment_without_text" ));
$view = new ErrorView( $this->_blogInfo );
$view->setErrorMessage( "There has been an error validating the data!" );
@@ -70,16 +73,16 @@
$this->_parentId = $this->_request->getValue( "parentId" );
if( $this->_parentId == null || $this->_parentId == "" )
$this->_parentId = 0;
- $this->_userEmail = trim($this->_request->getValue( "userEmail" ));
- $this->_userUrl = trim($this->_request->getValue( "userUrl" ));
+ $this->_userEmail = Textfilter::filterAllHTML($this->_request->getValue( "userEmail" ));
+ $this->_userUrl = Textfilter::filterAllHTML($this->_request->getValue( "userUrl" ));
if( (strlen($this->_userUrl) != 0) &&
(substr($this->_userUrl, 0, 7 ) != "http://" )){
$this->_userUrl = "http://".$this->_userUrl;
}
- $this->_userName = trim($this->_request->getValue( "userName" ));
+ $this->_userName = Textfilter::filterAllHTML($this->_request->getValue( "userName" ));
$this->_commentText = trim($this->_request->getValue( "commentText" ));
$this->_commentTopic = trim($this->_request->getValue( "commentTopic" ));
- // remove all straneous stuff from the text and topic
+ // remove all weird stuff from the text and topic
$tf = new TextFilter();
$this->_commentTopic = $tf->xhtmlize($tf->filterHTML( $this->_commentTopic ));
// and also from the text
More information about the pLog-svn
mailing list