[pLog-svn] r4732 - plog/branches/lifetype-1.1.6/class/action
Mark Wu
markplace at gmail.com
Wed Feb 14 04:11:55 EST 2007
Maybe we also need to consider backport to 1.0.x.
There are still a lot people use 1.0.x and not upgrade to 1.1.x
Mark
> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of
> oscar at devel.lifetype.net
> Sent: Wednesday, February 14, 2007 7:50 AM
> To: plog-svn at devel.lifetype.net
> Subject: [pLog-svn] r4732 - plog/branches/lifetype-1.1.6/class/action
>
> Author: oscar
> Date: 2007-02-13 18:50:04 -0500 (Tue, 13 Feb 2007) New Revision: 4732
>
> Modified:
> plog/branches/lifetype-1.1.6/class/action/rssaction.class.php
> Log:
> Fix for the issue reported by Matt, now backported to
> Lifetype 1.1.6 (which should be released tomorrow) Those of
> you running 1.1.x, please apply this fix asap - it should be
> as easy as overwriting your version of
> class/action/rssaction.class.php with this one:
>
> http://devel.lifetype.net/svn/plog/plog/branches/lifetype-1.1.
> 6/class/action/rssaction.class.php
>
> Modified:
> plog/branches/lifetype-1.1.6/class/action/rssaction.class.php
> ===================================================================
> ---
> plog/branches/lifetype-1.1.6/class/action/rssaction.class.php
> 2007-02-13 23:48:18 UTC (rev 4731)
> +++
> plog/branches/lifetype-1.1.6/class/action/rssaction.class.php
> 2007-02-13 23:50:04 UTC (rev 4732)
> @@ -23,7 +23,12 @@
> $this->BlogAction( $blogInfo, $request );
>
> $this->registerFieldValidator(
> "categoryId", new IntegerValidator(), true );
> - $this->registerFieldValidator(
> "profile", new StringValidator(), true );
> +
> + // create a StringValidator and add an
> extra rule to make sure that the input string contains only
> + // alphanumeric characters
> + $profileValidator = new StringValidator();
> + $profileValidator->addRule( new
> RegexpRule( "^([a-zA-Z0-9]*)$" ));
> + $this->registerFieldValidator(
> "profile", $profileValidator, true );
>
> // generate a dummy view with nothing
> in it to signal an error
> $view = new RssView( $this->_blogInfo,
> RSS_VIEW_DEFAULT_PROFILE ); @@ -62,6 +67,11 @@
> // use the default profile as configured
> $profile = $this->_request->getValue( "profile" );
> if( $profile == "" ) $profile = $defaultProfile;
> +
> + // sanitize the profile variable
> + $profile = str_replace( ".", "", $profile );
> + $profile = str_replace( "/", "", $profile );
> + $profile = str_replace( "%", "",
> $profile );
>
> // fetch the category, or set it to '0'
> otherwise, which will mean
> // fetch all the most recent posts from any category
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list