[pLog-svn] r4823 - plugins/branches/lifetype-1.2/templateeditor/class/action

oscar at devel.lifetype.net oscar at devel.lifetype.net
Thu Feb 22 15:17:12 EST 2007 

Author: oscar
Date: 2007-02-22 15:17:12 -0500 (Thu, 22 Feb 2007)
New Revision: 4823

Modified:
   plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogtemplateslistaction.class.php
   plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitetemplateslistaction.class.php
Log:
Like I said, on fire.


Modified: plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogtemplateslistaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogtemplateslistaction.class.php	2007-02-22 19:46:37 UTC (rev 4822)
+++ plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogtemplateslistaction.class.php	2007-02-22 20:17:12 UTC (rev 4823)
@@ -1,8 +1,11 @@
 <?php
 
 	include_once( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
+	include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );	
+	include_once( PLOG_CLASS_PATH."class/data/validator/rules/regexprule.class.php" );	
 	include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogtemplateslistview.class.php" );
 	include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogtemplatesubfolderlistview.class.php" );
+	include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogtemplatesetslistview.class.php" );	
 
 	/**
 	 * shows a form with the current configuration
@@ -15,13 +18,24 @@
 		function PluginBlogTemplatesListAction( $actionInfo, $request )
 		{
 			$this->AdminAction( $actionInfo, $request );
+			
+			$val = new StringValidator();
+			$val->addRule( new RegExpRule( "[a-zA-Z0-9]+" ));
+			$this->registerFieldValidator( "templateId", $val );
+			$view = new PluginBlogTemplateSetsListView( $this->_blogInfo );
+			$view->setErrorMessage( "error_loading_template_file" );
+			$this->setValidationErrorView( $view );			
 
 			$this->requirePermission( "edit_blog_templates" );
 		}
 		
 		function perform()
 		{
+			// fetch and sanitize parameters
             $this->_templateId = $this->_request->getValue( "templateId" );
+			$this->_templateId = str_replace( "/", "", $this->_templateId );
+			$this->_templateId = str_replace( "..", "", $this->_templateId );
+
             $this->_subFolderId = $this->_request->getValue( "subFolderId" );     
             
             if ( empty($this->_subFolderId) ) {

Modified: plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitetemplateslistaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitetemplateslistaction.class.php	2007-02-22 19:46:37 UTC (rev 4822)
+++ plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitetemplateslistaction.class.php	2007-02-22 20:17:12 UTC (rev 4823)
@@ -1,8 +1,11 @@
 <?php
 
 	include_once( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
+	include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );	
+	include_once( PLOG_CLASS_PATH."class/data/validator/rules/regexprule.class.php" );	
 	include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsitetemplateslistview.class.php" );
 	include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsitetemplatesubfolderlistview.class.php" );
+	include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsitetemplatesetslistview.class.php" );		
 
 	/**
 	 * shows a form with the current configuration
@@ -16,12 +19,23 @@
 		{
 			$this->AdminAction( $actionInfo, $request );
 			
+			$val = new StringValidator();
+			$val->addRule( new RegExpRule( "[a-zA-Z0-9]+" ));
+			$this->registerFieldValidator( "templateId", $val );
+			$view = new PluginSiteTemplateSetsListView( $this->_blogInfo );
+			$view->setErrorMessage( "error_loading_template_file" );
+			$this->setValidationErrorView( $view );
+			
 			$this->requireAdminPermission( "edit_global_templates" );			
 		}
 		
 		function perform()
 		{
+			// fetch and sanitize parameters
             $this->_templateId = $this->_request->getValue( "templateId" );
+			$this->_templateId = str_replace( "/", "", $this->_templateId );
+			$this->_templateId = str_replace( "..", "", $this->_templateId );
+
             $this->_subFolderId = $this->_request->getValue( "subFolderId" );
             
             if ( empty($this->_subFolderId) ) {

More information about the pLog-svn mailing list