[pLog-svn] r4822 - plugins/branches/lifetype-1.2/templateeditor/class/action
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Thu Feb 22 14:46:38 EST 2007
Author: oscar
Date: 2007-02-22 14:46:37 -0500 (Thu, 22 Feb 2007)
New Revision: 4822
Modified:
plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogedittemplatefileaction.class.php
plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsiteedittemplatefileaction.class.php
Log:
It looks like wwe are on a fucking roll...
Modified: plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogedittemplatefileaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogedittemplatefileaction.class.php 2007-02-22 19:17:18 UTC (rev 4821)
+++ plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogedittemplatefileaction.class.php 2007-02-22 19:46:37 UTC (rev 4822)
@@ -1,8 +1,11 @@
<?php
include_once( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/templatenamevalidator.class.php" );
include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogedittemplatefileview.class.php" );
include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogeditsubfoldertemplatefileview.class.php" );
+ include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogtemplatesetslistview.class.php" );
/**
* shows a form with the current configuration
@@ -18,6 +21,17 @@
{
$this->AdminAction( $actionInfo, $request );
+ // special validator
+ $val = new StringValidator();
+ $val->addRule( new RegExpRule( "[a-zA-Z0-9]*" ));
+
+ $this->registerFieldValidator( "templateId", $val );
+ $this->registerFieldValidator( "subFolderId", $val, true );
+ $this->registerFieldValidator( "fileId", new TemplateNameValidator());
+ $view = new PluginBlogTemplateSetsListView( $this->_blogInfo );
+ $view->setErrorMessage( "error_loading_template_file" );
+ $this->setValidationErrorView( $view );
+
$this->requirePermission( "edit_blog_templates" );
}
@@ -25,7 +39,12 @@
{
$this->_templateId = $this->_request->getValue( "templateId" );
$this->_subFolderId = $this->_request->getValue( "subFolderId" );
+
+ // fetch and sanitize the "fileId" parameter
$this->_fileId = $this->_request->getValue( "fileId" );
+ $this->_fileId = str_replace( "/", "", $this->_fileId );
+ $this->_fileId = str_replace( "..", "", $this->_fileId );
+
$this->_backupId = $this->_request->getValue( "backupId" );
$this->_view = new PluginBlogEditTemplateFileView( $this->_blogInfo, $this->_templateId, $this->_fileId, $this->_backupId );
Modified: plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsiteedittemplatefileaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsiteedittemplatefileaction.class.php 2007-02-22 19:17:18 UTC (rev 4821)
+++ plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsiteedittemplatefileaction.class.php 2007-02-22 19:46:37 UTC (rev 4822)
@@ -1,8 +1,11 @@
<?php
include_once( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/templatenamevalidator.class.php" );
include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsiteedittemplatefileview.class.php" );
include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsiteeditsubfoldertemplatefileview.class.php" );
+ include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsitetemplatesetslistview.class.php" );
/**
* shows a form with the current configuration
@@ -18,14 +21,30 @@
{
$this->AdminAction( $actionInfo, $request );
+ // special validator
+ $val = new StringValidator();
+ $val->addRule( new RegExpRule( "[a-zA-Z0-9]*" ));
+
+ $this->registerFieldValidator( "templateId", $val );
+ $this->registerFieldValidator( "subFolderId", $val, true );
+ $this->registerFieldValidator( "fileId", new TemplateNameValidator());
+ $view = new PluginSiteTemplateSetsListView( $this->_blogInfo );
+ $view->setErrorMessage( "error_loading_template_file" );
+ $this->setValidationErrorView( $view );
+
$this->requireAdminPermission( "edit_global_templates" );
}
function perform()
{
$this->_templateId = $this->_request->getValue( "templateId" );
- $this->_subFolderId = $this->_request->getValue( "subFolderId" );
+ $this->_subFolderId = $this->_request->getValue( "subFolderId" );
+
+ // fetch and sanitize the "fileId" parameter
$this->_fileId = $this->_request->getValue( "fileId" );
+ $this->_fileId = str_replace( "/", "", $this->_fileId );
+ $this->_fileId = str_replace( "..", "", $this->_fileId );
+
$this->_backupId = $this->_request->getValue( "backupId" );
if ( empty($this->_subFolderId) ) {
More information about the pLog-svn
mailing list