[pLog-svn] r3682 - plog/trunk/class/action
mark at devel.lifetype.net
mark at devel.lifetype.net
Mon Jul 3 17:00:57 GMT 2006
Author: mark
Date: 2006-07-03 17:00:57 +0000 (Mon, 03 Jul 2006)
New Revision: 3682
Modified:
plog/trunk/class/action/blogaction.class.php
plog/trunk/class/action/defaultaction.class.php
plog/trunk/class/action/viewarticleaction.class.php
Log:
Fixed a sql injection reported in plog-svn.
Modified: plog/trunk/class/action/blogaction.class.php
===================================================================
--- plog/trunk/class/action/blogaction.class.php 2006-07-03 16:24:24 UTC (rev 3681)
+++ plog/trunk/class/action/blogaction.class.php 2006-07-03 17:00:57 UTC (rev 3682)
@@ -260,15 +260,15 @@
$day = substr( $date, 6, 2);
}
else {
- // to much overhead for just getting the current date
- // :TODO: but we might need to read the timezone to enter a valid date.. not sure ..
- // $t = new Timestamp();
- // $year = $t->getYear();
- $year = date('Y');
- // $month = $t->getMonth();
- $month = date('m');
- // $day = $t->getDay();
- $day = date('d');
+ // to much overhead for just getting the current date
+ // :TODO: but we might need to read the timezone to enter a valid date.. not sure ..
+ // $t = new Timestamp();
+ // $year = $t->getYear();
+ $year = date('Y');
+ // $month = $t->getMonth();
+ $month = date('m');
+ // $day = $t->getDay();
+ $day = date('d');
}
$this->_session->setValue( 'Year', $year );
Modified: plog/trunk/class/action/defaultaction.class.php
===================================================================
--- plog/trunk/class/action/defaultaction.class.php 2006-07-03 16:24:24 UTC (rev 3681)
+++ plog/trunk/class/action/defaultaction.class.php 2006-07-03 17:00:57 UTC (rev 3682)
@@ -42,7 +42,9 @@
// value of the Date parameter from the request
$this->_date = $this->_request->getValue( "Date", -1 );
-
+ $val = new IntegerValidator();
+ if( !$val->validate( $this->_date ) )
+ $this->_date = -1;
$this->_categoryName = $this->_request->getValue( 'postCategoryName' );
$this->_categoryId = $this->_request->getValue( 'postCategoryId' );
if( $this->_categoryId == '' )
Modified: plog/trunk/class/action/viewarticleaction.class.php
===================================================================
--- plog/trunk/class/action/viewarticleaction.class.php 2006-07-03 16:24:24 UTC (rev 3681)
+++ plog/trunk/class/action/viewarticleaction.class.php 2006-07-03 17:00:57 UTC (rev 3682)
@@ -53,6 +53,9 @@
$this->_userId = $this->_request->getValue( "userId", -1 );
$this->_userName = $this->_request->getValue( "userName" );
$this->_date = $this->_request->getValue( "Date", -1 );
+ $val = new IntegerValidator();
+ if( !$val->validate( $this->_date ) )
+ $this->_date = -1;
$this->_isCommentAdded = ($this->_request->getValue( "op" ) == "AddComment" );
// Calculate the correct article date period
More information about the pLog-svn
mailing list