[pLog-svn] r3681 - plog/branches/lifetype-1.0.6/class/action
Oscar Renalias
oscar at renalias.net
Mon Jul 17 21:16:09 GMT 2006
Mark,
since you made these changes, can you check if they're needed in 1.1?
Oscar
On 3 Jul 2006, at 19:24, mark at devel.lifetype.net wrote:
> Author: mark
> Date: 2006-07-03 16:24:24 +0000 (Mon, 03 Jul 2006)
> New Revision: 3681
>
> Modified:
> plog/branches/lifetype-1.0.6/class/action/blogaction.class.php
> plog/branches/lifetype-1.0.6/class/action/defaultaction.class.php
> plog/branches/lifetype-1.0.6/class/action/
> viewarticleaction.class.php
> Log:
> Fixed a sql injection report in plog-svn.
>
> Modified: plog/branches/lifetype-1.0.6/class/action/
> blogaction.class.php
> ===================================================================
> --- plog/branches/lifetype-1.0.6/class/action/blogaction.class.php
> 2006-07-03 15:52:54 UTC (rev 3680)
> +++ plog/branches/lifetype-1.0.6/class/action/blogaction.class.php
> 2006-07-03 16:24:24 UTC (rev 3681)
> @@ -8,7 +8,8 @@
> include_once( PLOG_CLASS_PATH."class/security/
> pipeline.class.php" );
> include_once( PLOG_CLASS_PATH."class/net/http/
> subdomains.class.php" );
> include_once( PLOG_CLASS_PATH."class/dao/referers.class.php" );
> - include_once( PLOG_CLASS_PATH."class/dao/articles.class.php" );
> + include_once( PLOG_CLASS_PATH."class/dao/articles.class.php" );
> + include_once( PLOG_CLASS_PATH."class/data/validator/
> integervalidator.class.php" );
>
> /**
> * \ingroup Action
> @@ -210,16 +211,18 @@
> function checkDateParameter()
> {
> $date = $this->_request->getValue( 'Date' );
> - if( $date ) {
> + $val = new IntegerValidator();
> + if( $date && $val->validate( $date ) ) {
> $year = substr( $date, 0, 4);
> $month = substr( $date, 4,2 );
> $day = substr( $date, 6, 2);
> }
> else {
> - $t = new Timestamp();
> - $year = $t->getYear();
> - $month = $t->getMonth();
> - $day = $t->getDay();
> + $year = date('Y');
> + // $month = $t->getMonth();
> + $month = date('m');
> + // $day = $t->getDay();
> + $day = date('d');
> }
>
> $this->_session->setValue( 'Year', $year );
>
> Modified: plog/branches/lifetype-1.0.6/class/action/
> defaultaction.class.php
> ===================================================================
> --- plog/branches/lifetype-1.0.6/class/action/
> defaultaction.class.php 2006-07-03 15:52:54 UTC (rev 3680)
> +++ plog/branches/lifetype-1.0.6/class/action/
> defaultaction.class.php 2006-07-03 16:24:24 UTC (rev 3681)
> @@ -45,6 +45,10 @@
>
> // value of the Date parameter from the request
> $this->_date = $this->_request->getValue( "Date", -1 );
> + $val = new IntegerValidator();
> + if( !$val->validate( $this->_date ) ) {
> + $this->_date = -1;
> + }
>
> $this->_categoryName = $this->_request->getValue
> ( 'postCategoryName' );
> $this->_categoryId = $this->_request->getValue
> ( 'postCategoryId' );
>
> Modified: plog/branches/lifetype-1.0.6/class/action/
> viewarticleaction.class.php
> ===================================================================
> --- plog/branches/lifetype-1.0.6/class/action/
> viewarticleaction.class.php 2006-07-03 15:52:54 UTC (rev 3680)
> +++ plog/branches/lifetype-1.0.6/class/action/
> viewarticleaction.class.php 2006-07-03 16:24:24 UTC (rev 3681)
> @@ -61,6 +61,10 @@
> $this->_userId = $this->_request->getValue( "userId", -1 );
> $this->_userName = $this->_request->getValue( "userName" );
> $this->_date = $this->_request->getValue( "Date", -1 );
> + $val = new IntegerValidator();
> + if( !$val->validate( $this->_date ) ) {
> + $this->_date = -1;
> + }
> $this->_isCommentAdded = ($this->_request->getValue( "op" ) ==
> "AddComment" );
>
> // Caculate the correct article date period
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list