[pLog-svn] r4826 - plugins/branches/lifetype-1.2/templateeditor/class/action

oscar at devel.lifetype.net oscar at devel.lifetype.net
Thu Feb 22 15:37:19 EST 2007 

Author: oscar
Date: 2007-02-22 15:37:19 -0500 (Thu, 22 Feb 2007)
New Revision: 4826

Modified:
   plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogarchivetemplatesetaction.class.php
   plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitearchivetemplatesetaction.class.php
Log:
So you want to download a zipped copy of our configuration files? No fucking problem!


Modified: plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogarchivetemplatesetaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogarchivetemplatesetaction.class.php	2007-02-22 20:29:20 UTC (rev 4825)
+++ plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogarchivetemplatesetaction.class.php	2007-02-22 20:37:19 UTC (rev 4826)
@@ -20,7 +20,10 @@
 
         function perform()
         {
-        	$this->_templateId = $this->_request->getValue( "templateId" );
+			// fetch and sanitize parameters
+            $this->_templateId = $this->_request->getValue( "templateId" );
+			$this->_templateId = str_replace( "/", "", $this->_templateId );
+			$this->_templateId = str_replace( "..", "", $this->_templateId );
         	
         	$ts = new TemplateSetStorage();
             $blogId = $this->_blogInfo->getId();

Modified: plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitearchivetemplatesetaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitearchivetemplatesetaction.class.php	2007-02-22 20:29:20 UTC (rev 4825)
+++ plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitearchivetemplatesetaction.class.php	2007-02-22 20:37:19 UTC (rev 4826)
@@ -20,7 +20,10 @@
 
         function perform()
         {
-        	$this->_templateId = $this->_request->getValue( "templateId" );
+			// fetch and sanitize parameters
+            $this->_templateId = $this->_request->getValue( "templateId" );
+			$this->_templateId = str_replace( "/", "", $this->_templateId );
+			$this->_templateId = str_replace( "..", "", $this->_templateId );
         	
         	$ts = new TemplateSetStorage();
             $blogId = $this->_blogInfo->getId();

More information about the pLog-svn mailing list