[pLog-svn] r5841 - in plog/trunk: class/action/admin locale/admin

oscar at devel.lifetype.net oscar at devel.lifetype.net
Sun Aug 19 12:34:44 EDT 2007 

Author: oscar
Date: 2007-08-19 12:34:44 -0400 (Sun, 19 Aug 2007)
New Revision: 5841

Modified:
   plog/trunk/class/action/admin/admincopytemplatesetaction.class.php
   plog/trunk/locale/admin/locale_en_UK.php
Log:
Added some extra security checks and filters


Modified: plog/trunk/class/action/admin/admincopytemplatesetaction.class.php
===================================================================
--- plog/trunk/class/action/admin/admincopytemplatesetaction.class.php	2007-08-19 16:29:58 UTC (rev 5840)
+++ plog/trunk/class/action/admin/admincopytemplatesetaction.class.php	2007-08-19 16:34:44 UTC (rev 5841)
@@ -33,7 +33,7 @@
 				return false;
 
 			// check that the template really exists
-			$this->_templateId = $this->_request->getFilteredValue( "templateId", new RegexpFilter( "/[^A-Za-z0-9_]/" ));
+			$this->_templateId = $this->_request->getFilteredValue( "templateId", new RegexpFilter( "/[^A-Za-z0-9_\-]/" ));
 			if( !TemplateSets::isTemplate( $this->_templateId )) {
 				$this->_form->setFieldValidationStatus( "templateId", false );
 				$this->validationErrorProcessing();
@@ -41,7 +41,7 @@
 			}
 
 			// check that the destination template does not exist
-			$this->_destTemplate = $this->_request->getFilteredValue( "destTemplate", new RegexpFilter( "/[^A-Za-z0-9_\/\-]/" ));
+			$this->_destTemplate = $this->_request->getFilteredValue( "destTemplate", new RegexpFilter( "/[^A-Za-z0-9_\-]/" ));
 			if( TemplateSets::isTemplate( $this->_destTemplate )) {
 				// show a more specific error message
 				$this->_validationErrorView->setErrorMessage( $this->_locale->tr( "error_template_set_already_exists" ));
@@ -49,6 +49,15 @@
 				$this->validationErrorProcessing();
 				return( false );				
 			}
+			
+			// and that the potential destination folder doesn't exist
+			$newTemplateFolder = TemplateSetStorage::getBaseTemplateFolder() . "/" . $this->_destTemplate;			
+			if( File::exists( $newTemplateFolder )) {
+				$this->_validationErrorView->setErrorMessage( $this->_locale->tr( "error_folder_already_exists" ));
+				$this->_form->setFieldValidationStatus( "destTemplate", false );
+				$this->validationErrorProcessing();
+				return( false );				
+			}
 
 			// otherwise everything is peachy
 			return( true );

Modified: plog/trunk/locale/admin/locale_en_UK.php
===================================================================
--- plog/trunk/locale/admin/locale_en_UK.php	2007-08-19 16:29:58 UTC (rev 5840)
+++ plog/trunk/locale/admin/locale_en_UK.php	2007-08-19 16:34:44 UTC (rev 5841)
@@ -1323,6 +1323,7 @@
 $messages['error_copying_template_set'] = 'There was an error copying the template set';
 $messages['error_template_set_already_exists'] = 'The destination template set already exists'; 
 $messages['template_file_deleted_ok'] = 'Template file deleted successfully';
+$messages['error_folder_already_exists'] = 'The destination folder already exists';
 
 $messages['ok'] = 'Ok';
 $messages['cancel'] = 'Cancel';

More information about the pLog-svn mailing list