[pLog-svn] r4827 - plugins/branches/lifetype-1.2/templateeditor/class/action

oscar at devel.lifetype.net oscar at devel.lifetype.net
Thu Feb 22 15:41:33 EST 2007 

Author: oscar
Date: 2007-02-22 15:41:33 -0500 (Thu, 22 Feb 2007)
New Revision: 4827

Modified:
   plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogdeletetemplatesetsaction.class.php
   plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitedeletetemplatesetsaction.class.php
Log:
Never mind the zipped copy of your configuration files, it's actually a lot more fun if we can fucking delete them.


Modified: plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogdeletetemplatesetsaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogdeletetemplatesetsaction.class.php	2007-02-22 20:37:19 UTC (rev 4826)
+++ plugins/branches/lifetype-1.2/templateeditor/class/action/pluginblogdeletetemplatesetsaction.class.php	2007-02-22 20:41:33 UTC (rev 4827)
@@ -58,6 +58,11 @@
 
             foreach( $this->_templateIds as $templateId ) {
                 // we can't remove the default template
+
+				// sanitize parameters
+				$templateId = str_replace( "/", "", $templateId );
+				$templateId = str_replace( "..", "", $templateId );
+
                 if( $blogTemplate->getName() == $templateId ) {
                     $errorMessage .=$this->_locale->pr( "error_template_is_current", $templateId)."<br/>";
                 }

Modified: plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitedeletetemplatesetsaction.class.php
===================================================================
--- plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitedeletetemplatesetsaction.class.php	2007-02-22 20:37:19 UTC (rev 4826)
+++ plugins/branches/lifetype-1.2/templateeditor/class/action/pluginsitedeletetemplatesetsaction.class.php	2007-02-22 20:41:33 UTC (rev 4827)
@@ -57,6 +57,11 @@
         	$defaultTemplate = $this->_config->getValue( "default_template" );
 
             foreach( $this->_templateIds as $templateId ) {
+	
+				// sanitize parameters
+				$templateId = str_replace( "/", "", $templateId );
+				$templateId = str_replace( "..", "", $templateId );
+	
             	// we can't remove the default template
             	if( $defaultTemplate ==$templateId )
             		$errorMessage .=$this->_locale->pr( "error_template_is_default", $templateId)."<br/>";

More information about the pLog-svn mailing list