[pLog-svn] r3681 - plog/branches/lifetype-1.0.6/class/action
Mark Wu
markplace at gmail.com
Mon Jul 17 21:17:15 GMT 2006
I already added them to 1.1. :)
Mark
> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of
> Oscar Renalias
> Sent: Tuesday, July 18, 2006 5:16 AM
> To: plog-svn at devel.lifetype.net
> Subject: Re: [pLog-svn] r3681 -
> plog/branches/lifetype-1.0.6/class/action
>
> Mark,
>
> since you made these changes, can you check if they're needed in 1.1?
>
> Oscar
>
> On 3 Jul 2006, at 19:24, mark at devel.lifetype.net wrote:
>
> > Author: mark
> > Date: 2006-07-03 16:24:24 +0000 (Mon, 03 Jul 2006) New
> Revision: 3681
> >
> > Modified:
> > plog/branches/lifetype-1.0.6/class/action/blogaction.class.php
> > plog/branches/lifetype-1.0.6/class/action/defaultaction.class.php
> > plog/branches/lifetype-1.0.6/class/action/
> > viewarticleaction.class.php
> > Log:
> > Fixed a sql injection report in plog-svn.
> >
> > Modified: plog/branches/lifetype-1.0.6/class/action/
> > blogaction.class.php
> > ===================================================================
> > ---
> plog/branches/lifetype-1.0.6/class/action/blogaction.cl
> ass.php
> > 2006-07-03 15:52:54 UTC (rev 3680)
> > +++
> plog/branches/lifetype-1.0.6/class/action/blogaction.cl
> ass.php
> > 2006-07-03 16:24:24 UTC (rev 3681)
> > @@ -8,7 +8,8 @@
> > include_once( PLOG_CLASS_PATH."class/security/
> > pipeline.class.php" );
> > include_once( PLOG_CLASS_PATH."class/net/http/
> subdomains.class.php"
> > );
> > include_once( PLOG_CLASS_PATH."class/dao/referers.class.php" );
> > - include_once(
> PLOG_CLASS_PATH."class/dao/articles.class.php" );
> > + include_once( PLOG_CLASS_PATH."class/dao/articles.class.php" );
> > + include_once( PLOG_CLASS_PATH."class/data/validator/
> > integervalidator.class.php" );
> >
> > /**
> > * \ingroup Action
> > @@ -210,16 +211,18 @@
> > function checkDateParameter()
> > {
> > $date = $this->_request->getValue( 'Date' );
> > - if( $date ) {
> > + $val = new IntegerValidator();
> > + if( $date && $val->validate( $date ) ) {
> > $year = substr( $date, 0, 4);
> > $month = substr( $date, 4,2 );
> > $day = substr( $date, 6, 2);
> > }
> > else {
> > - $t = new Timestamp();
> > - $year = $t->getYear();
> > - $month = $t->getMonth();
> > - $day = $t->getDay();
> > + $year = date('Y');
> > + // $month = $t->getMonth();
> > + $month = date('m');
> > + // $day = $t->getDay();
> > + $day = date('d');
> > }
> >
> > $this->_session->setValue( 'Year', $year );
> >
> > Modified: plog/branches/lifetype-1.0.6/class/action/
> > defaultaction.class.php
> > ===================================================================
> > --- plog/branches/lifetype-1.0.6/class/action/
> > defaultaction.class.php 2006-07-03 15:52:54 UTC (rev 3680)
> > +++ plog/branches/lifetype-1.0.6/class/action/
> > defaultaction.class.php 2006-07-03 16:24:24 UTC (rev 3681)
> > @@ -45,6 +45,10 @@
> >
> > // value of the Date parameter from the request
> > $this->_date = $this->_request->getValue( "Date", -1 );
> > + $val = new IntegerValidator();
> > + if( !$val->validate( $this->_date ) ) {
> > + $this->_date = -1;
> > + }
> >
> > $this->_categoryName =
> $this->_request->getValue (
> > 'postCategoryName' );
> > $this->_categoryId = $this->_request->getValue (
> > 'postCategoryId' );
> >
> > Modified: plog/branches/lifetype-1.0.6/class/action/
> > viewarticleaction.class.php
> > ===================================================================
> > --- plog/branches/lifetype-1.0.6/class/action/
> > viewarticleaction.class.php 2006-07-03 15:52:54 UTC (rev 3680)
> > +++ plog/branches/lifetype-1.0.6/class/action/
> > viewarticleaction.class.php 2006-07-03 16:24:24 UTC (rev 3681)
> > @@ -61,6 +61,10 @@
> > $this->_userId =
> $this->_request->getValue( "userId", -1 );
> > $this->_userName =
> $this->_request->getValue( "userName" );
> > $this->_date =
> $this->_request->getValue( "Date", -1 );
> > + $val = new IntegerValidator();
> > + if( !$val->validate( $this->_date ) ) {
> > + $this->_date = -1;
> > + }
> > $this->_isCommentAdded =
> ($this->_request->getValue( "op" ) ==
> > "AddComment" );
> >
> > // Caculate the correct article date period
> >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://devel.lifetype.net/mailman/listinfo/plog-svn
> >
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
More information about the pLog-svn
mailing list