[pLog-svn] r3681 - plog/branches/lifetype-1.0.6/class/action

Mark Wu markplace at gmail.com
Mon Jul 17 21:17:15 GMT 2006 

I already added them to 1.1. :)

Mark

> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net 
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of 
> Oscar Renalias
> Sent: Tuesday, July 18, 2006 5:16 AM
> To: plog-svn at devel.lifetype.net
> Subject: Re: [pLog-svn] r3681 - 
> plog/branches/lifetype-1.0.6/class/action
> 
> Mark,
> 
> since you made these changes, can you check if they're needed in 1.1?
> 
> Oscar
> 
> On 3 Jul 2006, at 19:24, mark at devel.lifetype.net wrote:
> 
> > Author: mark
> > Date: 2006-07-03 16:24:24 +0000 (Mon, 03 Jul 2006) New 
> Revision: 3681
> >
> > Modified:
> >    plog/branches/lifetype-1.0.6/class/action/blogaction.class.php
> >    plog/branches/lifetype-1.0.6/class/action/defaultaction.class.php
> >    plog/branches/lifetype-1.0.6/class/action/
> > viewarticleaction.class.php
> > Log:
> > Fixed a sql injection report in plog-svn.
> >
> > Modified: plog/branches/lifetype-1.0.6/class/action/
> > blogaction.class.php
> > ===================================================================
> > --- 
> plog/branches/lifetype-1.0.6/class/action/blogaction.cl
> ass.php	 
> > 2006-07-03 15:52:54 UTC (rev 3680)
> > +++ 
> plog/branches/lifetype-1.0.6/class/action/blogaction.cl
> ass.php	 
> > 2006-07-03 16:24:24 UTC (rev 3681)
> > @@ -8,7 +8,8 @@
> >      include_once( PLOG_CLASS_PATH."class/security/ 
> > pipeline.class.php" );
> >  	include_once( PLOG_CLASS_PATH."class/net/http/ 
> subdomains.class.php" 
> > );
> >  	include_once( PLOG_CLASS_PATH."class/dao/referers.class.php" );
> > -    include_once( 
> PLOG_CLASS_PATH."class/dao/articles.class.php" );	
> > +    include_once( PLOG_CLASS_PATH."class/dao/articles.class.php" );
> > +    include_once( PLOG_CLASS_PATH."class/data/validator/
> > integervalidator.class.php" );
> >
> >      /**
> >       * \ingroup Action
> > @@ -210,16 +211,18 @@
> >          function checkDateParameter()
> >          {
> >          	$date = $this->_request->getValue( 'Date' );
> > -        	if( $date ) {
> > +        	$val = new IntegerValidator();
> > +        	if( $date && $val->validate( $date ) ) {
> >              	$year = substr( $date, 0, 4);
> >                  $month = substr( $date, 4,2 );
> >                  $day = substr( $date, 6, 2);
> >              }
> >              else {
> > -            		$t = new Timestamp();
> > -                	$year = $t->getYear();
> > -                	$month = $t->getMonth();
> > -                	$day = $t->getDay();
> > +                $year = date('Y');
> > +                // $month = $t->getMonth();
> > +                $month = date('m');
> > +                // $day = $t->getDay();
> > +                $day = date('d');
> >              }
> >
> >              $this->_session->setValue( 'Year', $year );
> >
> > Modified: plog/branches/lifetype-1.0.6/class/action/
> > defaultaction.class.php
> > ===================================================================
> > --- plog/branches/lifetype-1.0.6/class/action/ 
> > defaultaction.class.php	2006-07-03 15:52:54 UTC (rev 3680)
> > +++ plog/branches/lifetype-1.0.6/class/action/
> > defaultaction.class.php	2006-07-03 16:24:24 UTC (rev 3681)
> > @@ -45,6 +45,10 @@
> >  	
> >              // value of the Date parameter from the request
> >              $this->_date = $this->_request->getValue( "Date", -1 );
> > +        	$val = new IntegerValidator();
> > +        	if( !$val->validate( $this->_date ) ) {
> > +            	$this->_date = -1;
> > +            }
> >
> >  			$this->_categoryName = 
> $this->_request->getValue ( 
> > 'postCategoryName' );
> >              $this->_categoryId = $this->_request->getValue ( 
> > 'postCategoryId' );
> >
> > Modified: plog/branches/lifetype-1.0.6/class/action/
> > viewarticleaction.class.php
> > ===================================================================
> > --- plog/branches/lifetype-1.0.6/class/action/ 
> > viewarticleaction.class.php	2006-07-03 15:52:54 UTC (rev 3680)
> > +++ plog/branches/lifetype-1.0.6/class/action/
> > viewarticleaction.class.php	2006-07-03 16:24:24 UTC (rev 3681)
> > @@ -61,6 +61,10 @@
> >  			$this->_userId = 
> $this->_request->getValue( "userId", -1 );
> >  			$this->_userName = 
> $this->_request->getValue( "userName" );
> >  			$this->_date = 
> $this->_request->getValue( "Date", -1 );
> > +        	$val = new IntegerValidator();
> > +        	if( !$val->validate( $this->_date ) ) {
> > +            	$this->_date = -1;
> > +            }
> >  			$this->_isCommentAdded = 
> ($this->_request->getValue( "op" ) == 
> > "AddComment" );
> >  			
> >  			// Caculate the correct article date period
> >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://devel.lifetype.net/mailman/listinfo/plog-svn
> >
> 
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn

More information about the pLog-svn mailing list