[pLog-svn] r3522 - plog/branches/lifetype-1.0.5/class/action
    Oscar Renalias 
    oscar at renalias.net
       
    Sun Jun  4 17:31:54 GMT 2006
    
    
  
Obviously not right. Fixing it right now...
On 4 Jun 2006, at 20:24, Mark Wu wrote:
> Hi Oscar:
>
> +			$this->registerFieldValidator( "albumName", new
> IntegerValidator(), true );
> +			$this->registerFieldValidator( "blogId", new
> IntegerValidator(), true );
> +			$this->registerFieldValidator( "blogName", new
> IntegerValidator(), true );
> +			$this->registerFieldValidator( "userId", new
> IntegerValidator(), true );
> +			$this->registerFieldValidator( "blogUserName", new
> IntegerValidator(), true );	
>
> I just see the code and issue. Wow.... The first sql injection  
> issue ...:(
>
>  it seems even the "Name" field, we use IntegerValidator. Is it right?
>
> Mark
    
    
More information about the pLog-svn
mailing list