[pLog-svn] r4731 - plog/branches/lifetype-1.2/class/action

oscar at devel.lifetype.net oscar at devel.lifetype.net
Tue Feb 13 18:48:18 EST 2007


Author: oscar
Date: 2007-02-13 18:48:18 -0500 (Tue, 13 Feb 2007)
New Revision: 4731

Modified:
   plog/branches/lifetype-1.2/class/action/rssaction.class.php
Log:
Fix to the security issue reported by Matt, for LT 1.2. Those of you running the beta or a development snapshot, please upgrade asap as this is quite critical.

Modified: plog/branches/lifetype-1.2/class/action/rssaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/rssaction.class.php	2007-02-13 22:29:08 UTC (rev 4730)
+++ plog/branches/lifetype-1.2/class/action/rssaction.class.php	2007-02-13 23:48:18 UTC (rev 4731)
@@ -22,9 +22,14 @@
     	function RssAction( $blogInfo, $request )
         {
         	$this->BlogAction( $blogInfo, $request );
-
+			
 			$this->registerFieldValidator( "categoryId", new IntegerValidator(), true );
-			$this->registerFieldValidator( "profile", new StringValidator(), true );
+			
+			// create a StringValidator and add an extra rule to make sure that the input string contains only
+			// alphanumeric characters
+			$profileValidator = new StringValidator();
+			$profileValidator->addRule( new RegexpRule( "^([a-zA-Z0-9]*)$" ));
+			$this->registerFieldValidator( "profile", $profileValidator, true );
 
 			// generate a dummy view with nothing in it to signal an error
 			$view = new RssView( $this->_blogInfo, RSS_VIEW_DEFAULT_PROFILE );
@@ -63,6 +68,11 @@
             // use the default profile as configured
             $profile = $this->_request->getValue( "profile" );
 			if( $profile == "" ) $profile = $defaultProfile;
+			
+			// sanitize the profile variable
+			$profile = str_replace( ".", "", $profile );
+			$profile = str_replace( "/", "", $profile );
+			$profile = str_replace( "%", "", $profile );			
 
             // fetch the category, or set it to '0' otherwise, which will mean
             // fetch all the most recent posts from any category



More information about the pLog-svn mailing list