[pLog-svn] r3522 - plog/branches/lifetype-1.0.5/class/action

oscar at devel.lifetype.net oscar at devel.lifetype.net
Sat Jun 3 22:28:33 GMT 2006


Author: oscar
Date: 2006-06-03 22:28:33 +0000 (Sat, 03 Jun 2006)
New Revision: 3522

Modified:
   plog/branches/lifetype-1.0.5/class/action/commentaction.class.php
   plog/branches/lifetype-1.0.5/class/action/defaultaction.class.php
   plog/branches/lifetype-1.0.5/class/action/resourceserveraction.class.php
   plog/branches/lifetype-1.0.5/class/action/rssaction.class.php
   plog/branches/lifetype-1.0.5/class/action/viewalbumaction.class.php
   plog/branches/lifetype-1.0.5/class/action/viewarticleaction.class.php
   plog/branches/lifetype-1.0.5/class/action/viewarticletrackbacksaction.class.php
   plog/branches/lifetype-1.0.5/class/action/viewresourceaction.class.php
Log:
added some validation to all action classes, looks like we had forgotten it


Modified: plog/branches/lifetype-1.0.5/class/action/commentaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/commentaction.class.php	2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/commentaction.class.php	2006-06-03 22:28:33 UTC (rev 3522)
@@ -27,6 +27,7 @@
 			
 			// data validation
 			$this->registerFieldValidator( "articleId", new IntegerValidator());
+			$this->registerFieldValidator( "parentId", new IntegerValidator());			
             $this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_incorrect_article_id" ));
         }
 

Modified: plog/branches/lifetype-1.0.5/class/action/defaultaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/defaultaction.class.php	2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/defaultaction.class.php	2006-06-03 22:28:33 UTC (rev 3522)
@@ -6,6 +6,8 @@
     include_once( PLOG_CLASS_PATH."class/dao/blogs.class.php" );
     include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
 	include_once( PLOG_CLASS_PATH."class/plugin/pluginmanager.class.php" );	
+	include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+	include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );	
 
     /**
      * \ingroup Action
@@ -27,14 +29,24 @@
 		function DefaultAction( $actionInfo, $request )
         {
 			$this->BlogAction( $actionInfo, $request );
+			
+			$this->registerFieldValidator( "postCategoryId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "postCategoryName", new StringValidator(), true );
+			$this->registerFieldValidator( "userId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "userName", new StringValidator(), true );
+			
+			$this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_articles" ));
         }
 
         function validate()
         {
+			if( !parent::validate())
+				return false;
+	
             // value of the Date parameter from the request
             $this->_date = $this->_request->getValue( "Date", -1 );
 
-		$this->_categoryName = $this->_request->getValue( 'postCategoryName' );
+			$this->_categoryName = $this->_request->getValue( 'postCategoryName' );
             $this->_categoryId = $this->_request->getValue( 'postCategoryId' );
             if( $this->_categoryId == '' )
             	if( $this->_date == -1 )

Modified: plog/branches/lifetype-1.0.5/class/action/resourceserveraction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/resourceserveraction.class.php	2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/resourceserveraction.class.php	2006-06-03 22:28:33 UTC (rev 3522)
@@ -9,6 +9,8 @@
 	include_once( PLOG_CLASS_PATH."class/net/url.class.php" );
     include_once( PLOG_CLASS_PATH."class/security/pipeline.class.php" );
     include_once( PLOG_CLASS_PATH."class/plugin/pluginmanager.class.php" );	
+	include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+	include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );	
 
     /**
      * \ingroup Action
@@ -32,6 +34,23 @@
         	$this->_session = $session['SessionInfo'];			
 			
 			$this->_config =& Config::getConfig();
+			
+			$this->registerFieldValidator( "resource", new StringValidator(), true );
+			$this->registerFieldValidator( "resId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "albumId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "albumName", new IntegerValidator(), true );
+			$this->registerFieldValidator( "blogId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "blogName", new IntegerValidator(), true );
+			$this->registerFieldValidator( "userId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "blogUserName", new IntegerValidator(), true );			
+			
+			// since this class does not return HTML code but files, we cannot
+			// return HTML so let's return 404 status code with a custom error message
+			$view = new ResourceServerView();
+			$view->addHeaderResponse( "HTTP/1.1 404 Not Found" );
+			$view->addHeaderResponse( "Status: 404 Not Found" );
+			$view->addHeaderResponse( "X-LifeType-Error: Invalid parameters" );
+			$this->setValidationErrorView( $view );
 		}
 		
         /**
@@ -100,6 +119,9 @@
 		
 		function validate()
 		{
+			if( !parent::validate())
+				return false;
+			
 			// before we do anything, let's find out the blogId and if there isn't any, quit
 			$this->_getBlogInfo();
 			if( $this->_blogInfo == false ) {
@@ -107,7 +129,7 @@
 				$this->_view = new ResourceServerView();
 				$this->_view->addHeaderResponse( "HTTP/1.1 404 Not Found" );
 				$this->_view->addHeaderResponse( "Status: 404 Not Found" );
-				$this->_view->addHeaderResponse( "X-pLog-Error: Blog $resId is not correct" );
+				$this->_view->addHeaderResponse( "X-LifeType-Error: Blog $resId is not correct" );
 				
 				return false;			
 			}
@@ -129,7 +151,7 @@
 				$this->_view = new ResourceServerView();
 				$this->_view->addHeaderResponse( "HTTP/1.1 403 Forbidden" );
 				$this->_view->addHeaderResponse( "Status: 403 Forbidden" );
-				$this->_view->addHeaderResponse( "X-pLog-Error: Access is blocked" );
+				$this->_view->addHeaderResponse( "X-LifeType-Error: Access is blocked" );
 			
 				return false;
             }
@@ -151,7 +173,7 @@
 						$this->_view = new ResourceServerView();
 						$this->_view->addHeaderResponse( "HTTP/1.1 404 Not Found" );
 						$this->_view->addHeaderResponse( "Status: 404 Not Found" );
-						$this->_view->addHeaderResponse( "X-pLog-Error: Album $albumId not found" );
+						$this->_view->addHeaderResponse( "X-LifeType-Error: Album $albumId not found" );
 						return false;
 					}
 					$this->_albumId = $album->getId();
@@ -198,7 +220,7 @@
 				$this->_view = new ResourceServerView();
 				$this->_view->addHeaderResponse( "HTTP/1.1 404 Not Found" );
 				$this->_view->addHeaderResponse( "Status: 404 Not Found" );
-				$this->_view->addHeaderResponse( "X-pLog-Error: Resource $this->_resId not found" );		
+				$this->_view->addHeaderResponse( "X-LifeType-Error: Resource $this->_resId not found" );		
 				
 				return false;
 			}

Modified: plog/branches/lifetype-1.0.5/class/action/rssaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/rssaction.class.php	2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/rssaction.class.php	2006-06-03 22:28:33 UTC (rev 3522)
@@ -6,6 +6,8 @@
     include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
     include_once( PLOG_CLASS_PATH."class/locale/locale.class.php" );
     include_once( PLOG_CLASS_PATH."class/locale/locales.class.php" );
+    include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+    include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
 
     /**
      * \ingroup Action
@@ -23,6 +25,14 @@
     	function RssAction( $blogInfo, $request )
         {
         	$this->BlogAction( $blogInfo, $request );
+
+			$this->registerFieldValidator( "categoryId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "profile", new StringValidator(), true );
+
+			// generate a dummy view with nothing in it to signal an error
+			$view = new RssView( $this->_blogInfo, DEFAULT_PROFILE );
+			$view->setValue( "articles", Array());
+			$this->setValidationErrorView( $view );			
         }
 
         /**

Modified: plog/branches/lifetype-1.0.5/class/action/viewalbumaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/viewalbumaction.class.php	2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/viewalbumaction.class.php	2006-06-03 22:28:33 UTC (rev 3522)
@@ -7,6 +7,7 @@
     include_once( PLOG_CLASS_PATH."class/gallery/dao/galleryresources.class.php" );
     include_once( PLOG_CLASS_PATH."class/gallery/dao/galleryalbums.class.php" );
     include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+    include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
 
 	define( "VIEW_ALBUMS_TEMPLATE", "albums" );
 	define( "VIEW_ALBUM_TEMPLATE", "album" );
@@ -25,13 +26,21 @@
 		function ViewAlbumAction( $actionInfo, $request )
         {
 			$this->BlogAction( $actionInfo, $request );
+			
+			$this->registerFieldValidator( "albumId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "albumName", new StringValidator(), true );
+			
+			$this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_album" ));
         }
 
         // checks that the articleId is valid
         function validate()
         {
+			if( !parent::validate())
+				return false;
+	
         	$this->_albumId = $this->_request->getValue( "albumId", 0 );
-		$this->_albumName = $this->_request->getValue( "albumName" );
+			$this->_albumName = $this->_request->getValue( "albumName" );
 			
             return true;
         }
@@ -41,7 +50,7 @@
         	$galleryResources = new GalleryResources();
             $galleryAlbums = new GalleryAlbums();
 
-		$browseRootAlbum = ( $this->_albumId == 0 && $this->_albumName == "" ); 
+			$browseRootAlbum = ( $this->_albumId == 0 && $this->_albumName == "" ); 
 			
 			// check which template we should use
             if( $browseRootAlbum )

Modified: plog/branches/lifetype-1.0.5/class/action/viewarticleaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/viewarticleaction.class.php	2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/viewarticleaction.class.php	2006-06-03 22:28:33 UTC (rev 3522)
@@ -10,6 +10,8 @@
     include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
 	include_once( PLOG_CLASS_PATH."class/view/viewarticleview.class.php" );
 	include_once( PLOG_CLASS_PATH.'class/data/timestamp.class.php' );
+	include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+	include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );	
 
     /**
      * \ingroup Action
@@ -33,14 +35,25 @@
 		function ViewArticleAction( $actionInfo, $request )
         {
 			$this->BlogAction( $actionInfo, $request );
+			
+			$this->registerFieldValidator( "articleId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "articleName", new StringValidator(), true );
+			$this->registerFieldValidator( "postCategoryId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "postCategoryName", new StringValidator(), true );
+			$this->registerFieldValidator( "userId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "userName", new StringValidator(), true );
+
+			$this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_article" ));
         }
         
         // checks that the articleId is valid
         function validate()
         {
+			if( !parent::validate())
+				return( false );
+	
         	$this->_articleId = $this->_request->getValue( "articleId" );
 			$this->_articleName = $this->_request->getValue( "articleName" );
-			
 			// find some other additional parameters and use some 'null' values
 			// in casuse they're empty
 			$this->_categoryId = $this->_request->getValue( "postCategoryId", -1 );
@@ -49,7 +62,7 @@
 			$this->_userName = $this->_request->getValue( "userName" );
 			$this->_date = $this->_request->getValue( "Date", -1 );
 			$this->_isCommentAdded = ($this->_request->getValue( "op" ) == "AddComment" );
-
+			
 			// Caculate the correct article date period
 			$adjustedDates = $this->_getCorrectedDatePeriod( $this->_date );
 			$this->_date = $adjustedDates["adjustedDate"];

Modified: plog/branches/lifetype-1.0.5/class/action/viewarticletrackbacksaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/viewarticletrackbacksaction.class.php	2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/viewarticletrackbacksaction.class.php	2006-06-03 22:28:33 UTC (rev 3522)
@@ -7,6 +7,7 @@
     include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
 	include_once( PLOG_CLASS_PATH."class/dao/users.class.php" );
 	include_once( PLOG_CLASS_PATH."class/dao/articlecategories.class.php" );
+	include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
 
 	define( "VIEW_TRACKBACKS_TEMPLATE", "posttrackbacks" );
 
@@ -30,11 +31,22 @@
 		function ViewArticleTrackbacksAction( $actionInfo, $request )
         {
 			$this->BlogAction( $actionInfo, $request );
+			
+			$this->registerFieldValidator( "articleId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "articleName", new StringValidator(), true );
+			$this->registerFieldValidator( "postCategoryId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "postCategoryName", new StringValidator(), true );
+			$this->registerFieldValidator( "userId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "userName", new StringValidator(), true );
+
+			$this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_article" ));			
         }
 
-
         function validate()
         {
+			if( !parent::validate())
+				return false;
+	
         	$this->_articleId    = $this->_request->getValue( "articleId" );
         	$this->_articleName  = $this->_request->getValue( "articleName" );
 			$this->_categoryId   = $this->_request->getValue( "postCategoryId", -1 );

Modified: plog/branches/lifetype-1.0.5/class/action/viewresourceaction.class.php
===================================================================
--- plog/branches/lifetype-1.0.5/class/action/viewresourceaction.class.php	2006-06-03 22:28:13 UTC (rev 3521)
+++ plog/branches/lifetype-1.0.5/class/action/viewresourceaction.class.php	2006-06-03 22:28:33 UTC (rev 3522)
@@ -4,6 +4,7 @@
     include_once( PLOG_CLASS_PATH."class/view/errorview.class.php" );
     include_once( PLOG_CLASS_PATH."class/gallery/dao/galleryresources.class.php" );
     include_once( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+    include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
 
 	define( "VIEW_RESOURCE_TEMPLATE", "resource" );
 
@@ -24,11 +25,21 @@
 		function ViewResourceAction( $actionInfo, $request )
         {
 			$this->BlogAction( $actionInfo, $request );
+			
+			$this->registerFieldValidator( "resId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "resouce", new StringValidator(), true );
+			$this->registerFieldValidator( "albumId", new IntegerValidator(), true );
+			$this->registerFieldValidator( "albumName", new StringValidator(), true );
+			
+			$this->setValidationErrorView( new ErrorView( $this->_blogInfo, "error_fetching_resource" ));			
         }
 
         // checks that the articleId is valid
         function validate()
         {
+			if( !parent::validate())
+				return false;
+	
         	$this->_resourceId = $this->_request->getValue( "resId" );
             $this->_resourceName = $this->_request->getValue( "resource" );
 			$this->_albumId = $this->_request->getValue( "albumId" );



More information about the pLog-svn mailing list