[pLog-svn] r3682 - plog/trunk/class/action

mark at devel.lifetype.net mark at devel.lifetype.net
Mon Jul 3 17:00:57 GMT 2006


Author: mark
Date: 2006-07-03 17:00:57 +0000 (Mon, 03 Jul 2006)
New Revision: 3682

Modified:
   plog/trunk/class/action/blogaction.class.php
   plog/trunk/class/action/defaultaction.class.php
   plog/trunk/class/action/viewarticleaction.class.php
Log:
Fixed a sql injection reported in plog-svn.

Modified: plog/trunk/class/action/blogaction.class.php
===================================================================
--- plog/trunk/class/action/blogaction.class.php	2006-07-03 16:24:24 UTC (rev 3681)
+++ plog/trunk/class/action/blogaction.class.php	2006-07-03 17:00:57 UTC (rev 3682)
@@ -260,15 +260,15 @@
                 $day = substr( $date, 6, 2);
             }
             else {
-                    // to much overhead for just getting the current date
-                    // :TODO: but we might need to read the timezone to enter a valid date.. not sure ..
-            		// $t = new Timestamp();
-                	// $year = $t->getYear();
-                    $year = date('Y');
-                	// $month = $t->getMonth();
-                    $month = date('m');
-                	// $day = $t->getDay();
-                    $day = date('d');
+                // to much overhead for just getting the current date
+                // :TODO: but we might need to read the timezone to enter a valid date.. not sure ..
+            	// $t = new Timestamp();
+                // $year = $t->getYear();
+                $year = date('Y');
+                // $month = $t->getMonth();
+                $month = date('m');
+                // $day = $t->getDay();
+                $day = date('d');
             }
 
             $this->_session->setValue( 'Year', $year );

Modified: plog/trunk/class/action/defaultaction.class.php
===================================================================
--- plog/trunk/class/action/defaultaction.class.php	2006-07-03 16:24:24 UTC (rev 3681)
+++ plog/trunk/class/action/defaultaction.class.php	2006-07-03 17:00:57 UTC (rev 3682)
@@ -42,7 +42,9 @@
 	
             // value of the Date parameter from the request
             $this->_date = $this->_request->getValue( "Date", -1 );
-
+        	$val = new IntegerValidator();
+        	if( !$val->validate( $this->_date ) )
+            	$this->_date = -1;
 			$this->_categoryName = $this->_request->getValue( 'postCategoryName' );
             $this->_categoryId = $this->_request->getValue( 'postCategoryId' );
             if( $this->_categoryId == '' )

Modified: plog/trunk/class/action/viewarticleaction.class.php
===================================================================
--- plog/trunk/class/action/viewarticleaction.class.php	2006-07-03 16:24:24 UTC (rev 3681)
+++ plog/trunk/class/action/viewarticleaction.class.php	2006-07-03 17:00:57 UTC (rev 3682)
@@ -53,6 +53,9 @@
 			$this->_userId = $this->_request->getValue( "userId", -1 );
 			$this->_userName = $this->_request->getValue( "userName" );
 			$this->_date = $this->_request->getValue( "Date", -1 );
+        	$val = new IntegerValidator();
+        	if( !$val->validate( $this->_date ) )
+            	$this->_date = -1;
 			$this->_isCommentAdded = ($this->_request->getValue( "op" ) == "AddComment" );
 			
 			// Calculate the correct article date period



More information about the pLog-svn mailing list