[pLog-svn] r3522 - plog/branches/lifetype-1.0.5/class/action
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Sat Jun 3 22:28:33 GMT 2006
Author: oscar
Date: 2006-06-03 22:28:33 +0000 (Sat, 03 Jun 2006)
New Revision: 3522
Modified:
plog/branches/lifetype-1.0.5/class/action/commentaction.class.php
plog/branches/lifetype-1.0.5/class/action/defaultaction.class.php
plog/branches/lifetype-1.0.5/class/action/resourceserveraction.class.php
plog/branches/lifetype-1.0.5/class/action/rssaction.class.php
plog/branches/lifetype-1.0.5/class/action/viewalbumaction.class.php
plog/branches/lifetype-1.0.5/class/action/viewarticleaction.class.php
plog/branches/lifetype-1.0.5/class/action/viewarticletrackbacksaction.class.php
plog/branches/lifetype-1.0.5/class/action/viewresourceaction.class.php
Log:
added some validation to all action classes, looks like we had forgotten it
Modified: plog/branches/lifetype-1.0.5/class/action/commentaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/commentaction.class.php 2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/commentaction.class.php 2006-06-03 22:28:33 UTC (rev 3522)
@@ -27,6 +27,7 @@
// data validation
$this->registerFieldValidator( "articleId", new IntegerValidator());
+ $this->registerFieldValidator( "parentId", new IntegerValidator());
$this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_incorrect_article_id" ));
}
Modified: plog/branches/lifetype-1.0.5/class/action/defaultaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/defaultaction.class.php 2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/defaultaction.class.php 2006-06-03 22:28:33 UTC (rev 3522)
@@ -6,6 +6,8 @@
include_once( PLOG_CLASS_PATH."class/dao/blogs.class.php" );
include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
include_once( PLOG_CLASS_PATH."class/plugin/pluginmanager.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
/**
* \ingroup Action
@@ -27,14 +29,24 @@
function DefaultAction( $actionInfo, $request )
{
$this->BlogAction( $actionInfo, $request );
+
+ $this->registerFieldValidator( "postCategoryId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "postCategoryName", new StringValidator(), true );
+ $this->registerFieldValidator( "userId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "userName", new StringValidator(), true );
+
+ $this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_articles" ));
}
function validate()
{
+ if( !parent::validate())
+ return false;
+
// value of the Date parameter from the request
$this->_date = $this->_request->getValue( "Date", -1 );
- $this->_categoryName = $this->_request->getValue( 'postCategoryName' );
+ $this->_categoryName = $this->_request->getValue( 'postCategoryName' );
$this->_categoryId = $this->_request->getValue( 'postCategoryId' );
if( $this->_categoryId == '' )
if( $this->_date == -1 )
Modified: plog/branches/lifetype-1.0.5/class/action/resourceserveraction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/resourceserveraction.class.php 2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/resourceserveraction.class.php 2006-06-03 22:28:33 UTC (rev 3522)
@@ -9,6 +9,8 @@
include_once( PLOG_CLASS_PATH."class/net/url.class.php" );
include_once( PLOG_CLASS_PATH."class/security/pipeline.class.php" );
include_once( PLOG_CLASS_PATH."class/plugin/pluginmanager.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
/**
* \ingroup Action
@@ -32,6 +34,23 @@
$this->_session = $session['SessionInfo'];
$this->_config =& Config::getConfig();
+
+ $this->registerFieldValidator( "resource", new StringValidator(), true );
+ $this->registerFieldValidator( "resId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "albumId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "albumName", new IntegerValidator(), true );
+ $this->registerFieldValidator( "blogId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "blogName", new IntegerValidator(), true );
+ $this->registerFieldValidator( "userId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "blogUserName", new IntegerValidator(), true );
+
+ // since this class does not return HTML code but files, we cannot
+ // return HTML so let's return 404 status code with a custom error message
+ $view = new ResourceServerView();
+ $view->addHeaderResponse( "HTTP/1.1 404 Not Found" );
+ $view->addHeaderResponse( "Status: 404 Not Found" );
+ $view->addHeaderResponse( "X-LifeType-Error: Invalid parameters" );
+ $this->setValidationErrorView( $view );
}
/**
@@ -100,6 +119,9 @@
function validate()
{
+ if( !parent::validate())
+ return false;
+
// before we do anything, let's find out the blogId and if there isn't any, quit
$this->_getBlogInfo();
if( $this->_blogInfo == false ) {
@@ -107,7 +129,7 @@
$this->_view = new ResourceServerView();
$this->_view->addHeaderResponse( "HTTP/1.1 404 Not Found" );
$this->_view->addHeaderResponse( "Status: 404 Not Found" );
- $this->_view->addHeaderResponse( "X-pLog-Error: Blog $resId is not correct" );
+ $this->_view->addHeaderResponse( "X-LifeType-Error: Blog $resId is not correct" );
return false;
}
@@ -129,7 +151,7 @@
$this->_view = new ResourceServerView();
$this->_view->addHeaderResponse( "HTTP/1.1 403 Forbidden" );
$this->_view->addHeaderResponse( "Status: 403 Forbidden" );
- $this->_view->addHeaderResponse( "X-pLog-Error: Access is blocked" );
+ $this->_view->addHeaderResponse( "X-LifeType-Error: Access is blocked" );
return false;
}
@@ -151,7 +173,7 @@
$this->_view = new ResourceServerView();
$this->_view->addHeaderResponse( "HTTP/1.1 404 Not Found" );
$this->_view->addHeaderResponse( "Status: 404 Not Found" );
- $this->_view->addHeaderResponse( "X-pLog-Error: Album $albumId not found" );
+ $this->_view->addHeaderResponse( "X-LifeType-Error: Album $albumId not found" );
return false;
}
$this->_albumId = $album->getId();
@@ -198,7 +220,7 @@
$this->_view = new ResourceServerView();
$this->_view->addHeaderResponse( "HTTP/1.1 404 Not Found" );
$this->_view->addHeaderResponse( "Status: 404 Not Found" );
- $this->_view->addHeaderResponse( "X-pLog-Error: Resource $this->_resId not found" );
+ $this->_view->addHeaderResponse( "X-LifeType-Error: Resource $this->_resId not found" );
return false;
}
Modified: plog/branches/lifetype-1.0.5/class/action/rssaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/rssaction.class.php 2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/rssaction.class.php 2006-06-03 22:28:33 UTC (rev 3522)
@@ -6,6 +6,8 @@
include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
include_once( PLOG_CLASS_PATH."class/locale/locale.class.php" );
include_once( PLOG_CLASS_PATH."class/locale/locales.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
/**
* \ingroup Action
@@ -23,6 +25,14 @@
function RssAction( $blogInfo, $request )
{
$this->BlogAction( $blogInfo, $request );
+
+ $this->registerFieldValidator( "categoryId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "profile", new StringValidator(), true );
+
+ // generate a dummy view with nothing in it to signal an error
+ $view = new RssView( $this->_blogInfo, DEFAULT_PROFILE );
+ $view->setValue( "articles", Array());
+ $this->setValidationErrorView( $view );
}
/**
Modified: plog/branches/lifetype-1.0.5/class/action/viewalbumaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/viewalbumaction.class.php 2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/viewalbumaction.class.php 2006-06-03 22:28:33 UTC (rev 3522)
@@ -7,6 +7,7 @@
include_once( PLOG_CLASS_PATH."class/gallery/dao/galleryresources.class.php" );
include_once( PLOG_CLASS_PATH."class/gallery/dao/galleryalbums.class.php" );
include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
define( "VIEW_ALBUMS_TEMPLATE", "albums" );
define( "VIEW_ALBUM_TEMPLATE", "album" );
@@ -25,13 +26,21 @@
function ViewAlbumAction( $actionInfo, $request )
{
$this->BlogAction( $actionInfo, $request );
+
+ $this->registerFieldValidator( "albumId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "albumName", new StringValidator(), true );
+
+ $this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_album" ));
}
// checks that the articleId is valid
function validate()
{
+ if( !parent::validate())
+ return false;
+
$this->_albumId = $this->_request->getValue( "albumId", 0 );
- $this->_albumName = $this->_request->getValue( "albumName" );
+ $this->_albumName = $this->_request->getValue( "albumName" );
return true;
}
@@ -41,7 +50,7 @@
$galleryResources = new GalleryResources();
$galleryAlbums = new GalleryAlbums();
- $browseRootAlbum = ( $this->_albumId == 0 && $this->_albumName == "" );
+ $browseRootAlbum = ( $this->_albumId == 0 && $this->_albumName == "" );
// check which template we should use
if( $browseRootAlbum )
Modified: plog/branches/lifetype-1.0.5/class/action/viewarticleaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/viewarticleaction.class.php 2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/viewarticleaction.class.php 2006-06-03 22:28:33 UTC (rev 3522)
@@ -10,6 +10,8 @@
include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
include_once( PLOG_CLASS_PATH."class/view/viewarticleview.class.php" );
include_once( PLOG_CLASS_PATH.'class/data/timestamp.class.php' );
+ include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
/**
* \ingroup Action
@@ -33,14 +35,25 @@
function ViewArticleAction( $actionInfo, $request )
{
$this->BlogAction( $actionInfo, $request );
+
+ $this->registerFieldValidator( "articleId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "articleName", new StringValidator(), true );
+ $this->registerFieldValidator( "postCategoryId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "postCategoryName", new StringValidator(), true );
+ $this->registerFieldValidator( "userId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "userName", new StringValidator(), true );
+
+ $this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_article" ));
}
// checks that the articleId is valid
function validate()
{
+ if( !parent::validate())
+ return( false );
+
$this->_articleId = $this->_request->getValue( "articleId" );
$this->_articleName = $this->_request->getValue( "articleName" );
-
// find some other additional parameters and use some 'null' values
// in casuse they're empty
$this->_categoryId = $this->_request->getValue( "postCategoryId", -1 );
@@ -49,7 +62,7 @@
$this->_userName = $this->_request->getValue( "userName" );
$this->_date = $this->_request->getValue( "Date", -1 );
$this->_isCommentAdded = ($this->_request->getValue( "op" ) == "AddComment" );
-
+
// Caculate the correct article date period
$adjustedDates = $this->_getCorrectedDatePeriod( $this->_date );
$this->_date = $adjustedDates["adjustedDate"];
Modified: plog/branches/lifetype-1.0.5/class/action/viewarticletrackbacksaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/viewarticletrackbacksaction.class.php 2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/viewarticletrackbacksaction.class.php 2006-06-03 22:28:33 UTC (rev 3522)
@@ -7,6 +7,7 @@
include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/users.class.php" );
include_once( PLOG_CLASS_PATH."class/dao/articlecategories.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
define( "VIEW_TRACKBACKS_TEMPLATE", "posttrackbacks" );
@@ -30,11 +31,22 @@
function ViewArticleTrackbacksAction( $actionInfo, $request )
{
$this->BlogAction( $actionInfo, $request );
+
+ $this->registerFieldValidator( "articleId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "articleName", new StringValidator(), true );
+ $this->registerFieldValidator( "postCategoryId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "postCategoryName", new StringValidator(), true );
+ $this->registerFieldValidator( "userId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "userName", new StringValidator(), true );
+
+ $this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_article" ));
}
-
function validate()
{
+ if( !parent::validate())
+ return false;
+
$this->_articleId = $this->_request->getValue( "articleId" );
$this->_articleName = $this->_request->getValue( "articleName" );
$this->_categoryId = $this->_request->getValue( "postCategoryId", -1 );
Modified: plog/branches/lifetype-1.0.5/class/action/viewresourceaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/viewresourceaction.class.php 2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/viewresourceaction.class.php 2006-06-03 22:28:33 UTC (rev 3522)
@@ -4,6 +4,7 @@
include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
include_once( PLOG_CLASS_PATH."class/gallery/dao/galleryresources.class.php" );
include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
define( "VIEW_RESOURCE_TEMPLATE", "resource" );
@@ -24,11 +25,21 @@
function ViewResourceAction( $actionInfo, $request )
{
$this->BlogAction( $actionInfo, $request );
+
+ $this->registerFieldValidator( "resId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "resouce", new StringValidator(), true );
+ $this->registerFieldValidator( "albumId", new IntegerValidator(), true );
+ $this->registerFieldValidator( "albumName", new StringValidator(), true );
+
+ $this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_resource" ));
}
// checks that the articleId is valid
function validate()
{
+ if( !parent::validate())
+ return false;
+
$this->_resourceId = $this->_request->getValue( "resId" );
$this->_resourceName = $this->_request->getValue( "resource" );
$this->_albumId = $this->_request->getValue( "albumId" );
More information about the pLog-svn
mailing list