[pLog-svn] r3522 - plog/branches/lifetype-1.0.5/class/action

Oscar Renalias oscar at renalias.net
Sun Jun 4 17:31:54 GMT 2006


Obviously not right. Fixing it right now...

On 4 Jun 2006, at 20:24, Mark Wu wrote:

> Hi Oscar:
>
> +			$this->registerFieldValidator( "albumName", new
> IntegerValidator(), true );
> +			$this->registerFieldValidator( "blogId", new
> IntegerValidator(), true );
> +			$this->registerFieldValidator( "blogName", new
> IntegerValidator(), true );
> +			$this->registerFieldValidator( "userId", new
> IntegerValidator(), true );
> +			$this->registerFieldValidator( "blogUserName", new
> IntegerValidator(), true );	
>
> I just see the code and issue. Wow.... The first sql injection  
> issue ...:(
>
>  it seems even the "Name" field, we use IntegerValidator. Is it right?
>
> Mark


More information about the pLog-svn mailing list