[pLog-svn] r4822 - plugins/branches/lifetype-1.2/templateeditor/class/action

oscar at devel.lifetype.net oscar at devel.lifetype.net
Thu Feb 22 14:46:38 EST 2007 

Author: oscar
Date: 2007-02-22 14:46:37 -0500 (Thu, 22 Feb 2007)
New Revision: 4822

Modified:
   plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogedittemplatefileaction.class.php
   plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsiteedittemplatefileaction.class.php
Log:
It looks like wwe are on a fucking roll...


Modified: plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogedittemplatefileaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogedittemplatefileaction.class.php	2007-02-22 19:17:18 UTC (rev 4821)
+++ plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogedittemplatefileaction.class.php	2007-02-22 19:46:37 UTC (rev 4822)
@@ -1,8 +1,11 @@
 <?php
 
 	include_once( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
+	include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+	include_once( PLOG_CLASS_PATH."class/data/validator/templatenamevalidator.class.php" );	
 	include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogedittemplatefileview.class.php" );
 	include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogeditsubfoldertemplatefileview.class.php" );
+	include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogtemplatesetslistview.class.php" );		
 
 	/**
 	 * shows a form with the current configuration
@@ -18,6 +21,17 @@
 		{
 			$this->AdminAction( $actionInfo, $request );
 			
+			// special validator
+			$val = new StringValidator();
+			$val->addRule( new RegExpRule( "[a-zA-Z0-9]*" ));
+			
+			$this->registerFieldValidator( "templateId", $val );
+			$this->registerFieldValidator( "subFolderId", $val, true );
+			$this->registerFieldValidator( "fileId", new TemplateNameValidator());
+            $view = new PluginBlogTemplateSetsListView( $this->_blogInfo );
+			$view->setErrorMessage( "error_loading_template_file" );
+			$this->setValidationErrorView( $view );			
+			
 			$this->requirePermission( "edit_blog_templates" );
 		}
 		
@@ -25,7 +39,12 @@
 		{
             $this->_templateId = $this->_request->getValue( "templateId" );
             $this->_subFolderId = $this->_request->getValue( "subFolderId" );
+
+			// fetch and sanitize the "fileId" parameter
             $this->_fileId = $this->_request->getValue( "fileId" );
+			$this->_fileId = str_replace( "/", "", $this->_fileId );
+			$this->_fileId = str_replace( "..", "", $this->_fileId );			
+
             $this->_backupId = $this->_request->getValue( "backupId" );
             
             $this->_view = new PluginBlogEditTemplateFileView( $this->_blogInfo, $this->_templateId, $this->_fileId, $this->_backupId );

Modified: plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsiteedittemplatefileaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsiteedittemplatefileaction.class.php	2007-02-22 19:17:18 UTC (rev 4821)
+++ plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsiteedittemplatefileaction.class.php	2007-02-22 19:46:37 UTC (rev 4822)
@@ -1,8 +1,11 @@
 <?php
 
 	include_once( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
+	include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+	include_once( PLOG_CLASS_PATH."class/data/validator/templatenamevalidator.class.php" );	
 	include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsiteedittemplatefileview.class.php" );
 	include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsiteeditsubfoldertemplatefileview.class.php" );
+	include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsitetemplatesetslistview.class.php" );	
 
 	/**
 	 * shows a form with the current configuration
@@ -18,14 +21,30 @@
 		{
 			$this->AdminAction( $actionInfo, $request );
 			
+			// special validator
+			$val = new StringValidator();
+			$val->addRule( new RegExpRule( "[a-zA-Z0-9]*" ));
+			
+			$this->registerFieldValidator( "templateId", $val );
+			$this->registerFieldValidator( "subFolderId", $val, true );
+			$this->registerFieldValidator( "fileId", new TemplateNameValidator());
+            $view = new PluginSiteTemplateSetsListView( $this->_blogInfo );
+			$view->setErrorMessage( "error_loading_template_file" );
+			$this->setValidationErrorView( $view );
+			
 			$this->requireAdminPermission( "edit_global_templates" );			
 		}
 		
 		function perform()
 		{
             $this->_templateId = $this->_request->getValue( "templateId" );
-            $this->_subFolderId = $this->_request->getValue( "subFolderId" );
+            $this->_subFolderId = $this->_request->getValue( "subFolderId" );			
+
+			// fetch and sanitize the "fileId" parameter
             $this->_fileId = $this->_request->getValue( "fileId" );
+			$this->_fileId = str_replace( "/", "", $this->_fileId );
+			$this->_fileId = str_replace( "..", "", $this->_fileId );			
+			
             $this->_backupId = $this->_request->getValue( "backupId" );
             
             if ( empty($this->_subFolderId) ) {

More information about the pLog-svn mailing list