[pLog-svn] r4829 - plugins/branches/lifetype-1.1/templateeditor/class/action
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Thu Feb 22 16:05:20 EST 2007
Author: oscar
Date: 2007-02-22 16:05:20 -0500 (Thu, 22 Feb 2007)
New Revision: 4829
Modified:
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogarchivetemplatesetaction.class.php
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogcopytemplatesetaction.class.php
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogdeletetemplatefilesaction.class.php
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogdeletetemplatesetsaction.class.php
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogedittemplatefileaction.class.php
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogtemplateslistaction.class.php
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogupdatetemplatefileaction.class.php
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitearchivetemplatesetaction.class.php
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitecopytemplatesetaction.class.php
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitedeletetemplatefilesaction.class.php
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitedeletetemplatesetsaction.class.php
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsiteedittemplatefileaction.class.php
plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitetemplateslistaction.class.php
Log:
Backport of all the fixes from the LT 1.2 version to the LT 1.1 version.
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogarchivetemplatesetaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogarchivetemplatesetaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogarchivetemplatesetaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -18,7 +18,10 @@
function perform()
{
- $this->_templateId = $this->_request->getValue( "templateId" );
+ // fetch and sanitize parameters
+ $this->_templateId = $this->_request->getValue( "templateId" );
+ $this->_templateId = str_replace( "/", "", $this->_templateId );
+ $this->_templateId = str_replace( "..", "", $this->_templateId );
$ts = new TemplateSetStorage();
$blogId = $this->_blogInfo->getId();
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogcopytemplatesetaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogcopytemplatesetaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogcopytemplatesetaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -24,7 +24,7 @@
{
$this->_templateId = $this->_request->getValue( "templateId" );
$this->_newTemplateId = $this->_request->getValue( "newTemplateId" );
- if( !$this->isValidTamplateSetName( $this->_newTemplateId ) ) {
+ if( !$this->isValidTamplateSetName( $this->_newTemplateId ) || !$this->isValidTamplateSetName( $this->_templateId )) {
$this->_view = new PluginBlogTemplateSetsListView( $this->_blogInfo );
$this->_view->setErrorMessage( $this->_locale->tr("templateeditor_error_templateset_name"));
$this->setCommonData();
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogdeletetemplatefilesaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogdeletetemplatefilesaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogdeletetemplatefilesaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -30,12 +30,15 @@
else
$this->registerFieldValidator( "fileIds", new ArrayValidator());
$view = new PluginBlogTemplatesListView( $this->_blogInfo , $this->_templateId);
- if ( empty($this->_subFolderId) ) {
+
+ if ( empty($this->_subFolderId) ) {
$view = new PluginBlogTemplatesListView( $this->_blogInfo , $this->_templateId);
- } else {
+ }
+ else {
$view = new PluginBlogTemplateSubFolderListView( $this->_blogInfo, $this->_templateId, $this->_subFolderId );
}
- $view->setErrorMessage( $this->_locale->tr("error_no_files_selected"));
+
+ $view->setErrorMessage( $this->_locale->tr("error_no_files_selected"));
$this->setValidationErrorView( $view );
}
@@ -68,6 +71,11 @@
if ( !empty($this->_subFolderId) ) $templateFolder = $templateFolder . $this->_subFolderId . "/";
foreach( $this->_fileIds as $fileId ) {
+
+ // sanitize parameters
+ $fileId = str_replace( "/", "", $fileId );
+ $fileId = str_replace( "..", "", $fileId );
+
$filename = $templateFolder . $fileId;
// if it's not the default, then try to really remove it from disk
if( !File::delete( $filename ))
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogdeletetemplatesetsaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogdeletetemplatesetsaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogdeletetemplatesetsaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -56,6 +56,11 @@
foreach( $this->_templateIds as $templateId ) {
// we can't remove the default template
+
+ // sanitize parameters
+ $templateId = str_replace( "/", "", $templateId );
+ $templateId = str_replace( "..", "", $templateId );
+
if( $blogTemplate->getName() == $templateId ) {
$errorMessage .=$this->_locale->pr( "error_template_is_current", $templateId)."<br/>";
}
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogedittemplatefileaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogedittemplatefileaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogedittemplatefileaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -1,8 +1,11 @@
<?php
include_once( PLOG_CLASS_PATH."class/action/admin/blogowneradminaction.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/templatenamevalidator.class.php" );
include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogedittemplatefileview.class.php" );
include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogeditsubfoldertemplatefileview.class.php" );
+ include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogtemplatesetslistview.class.php" );
/**
* shows a form with the current configuration
@@ -17,13 +20,36 @@
function PluginBlogEditTemplateFileAction( $actionInfo, $request )
{
$this->BlogOwnerAdminAction( $actionInfo, $request );
+
+ // special validator
+ $val = new StringValidator();
+ $val->addRule( new RegExpRule( "[a-zA-Z0-9]*" ));
+
+ $this->registerFieldValidator( "templateId", $val );
+ $this->registerFieldValidator( "subFolderId", $val, true );
+ $this->registerFieldValidator( "fileId", new TemplateNameValidator());
+ $view = new PluginBlogTemplateSetsListView( $this->_blogInfo );
+ $view->setErrorMessage( "error_loading_template_file" );
+ $this->setValidationErrorView( $view );
}
function perform()
{
+ // fetch and sanitize parameters
$this->_templateId = $this->_request->getValue( "templateId" );
- $this->_subFolderId = $this->_request->getValue( "subFolderId" );
+ $this->_templateId = str_replace( "/", "", $this->_templateId );
+ $this->_templateId = str_replace( "..", "", $this->_templateId );
+
+ // sanitize parameter subFolderId
+ $this->_subFolderId = $this->_request->getValue( "subFolderId" );
+ $this->_subFolderId = str_replace( "/", "", $this->_subFolderId );
+ $this->_subFolderId = str_replace( "..", "", $this->_subFolderId );
+
+ // fetch and sanitize the "fileId" parameter
$this->_fileId = $this->_request->getValue( "fileId" );
+ $this->_fileId = str_replace( "/", "", $this->_fileId );
+ $this->_fileId = str_replace( "..", "", $this->_fileId );
+
$this->_backupId = $this->_request->getValue( "backupId" );
$this->_view = new PluginBlogEditTemplateFileView( $this->_blogInfo, $this->_templateId, $this->_fileId, $this->_backupId );
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogtemplateslistaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogtemplateslistaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogtemplateslistaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -1,8 +1,11 @@
<?php
include_once( PLOG_CLASS_PATH."class/action/admin/blogowneradminaction.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/rules/regexprule.class.php" );
include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogtemplateslistview.class.php" );
include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogtemplatesubfolderlistview.class.php" );
+ include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginblogtemplatesetslistview.class.php" );
/**
* shows a form with the current configuration
@@ -15,12 +18,26 @@
function PluginBlogTemplatesListAction( $actionInfo, $request )
{
$this->BlogOwnerAdminAction( $actionInfo, $request );
+
+ $val = new StringValidator();
+ $val->addRule( new RegExpRule( "[a-zA-Z0-9]+" ));
+ $this->registerFieldValidator( "templateId", $val );
+ $view = new PluginBlogTemplateSetsListView( $this->_blogInfo );
+ $view->setErrorMessage( "error_loading_template_file" );
+ $this->setValidationErrorView( $view );
}
function perform()
{
+ // fetch and sanitize parameters
$this->_templateId = $this->_request->getValue( "templateId" );
- $this->_subFolderId = $this->_request->getValue( "subFolderId" );
+ $this->_templateId = str_replace( "/", "", $this->_templateId );
+ $this->_templateId = str_replace( "..", "", $this->_templateId );
+
+ // sanitize parameter subFolderId
+ $this->_subFolderId = $this->_request->getValue( "subFolderId" );
+ $this->_subFolderId = str_replace( "/", "", $this->_subFolderId );
+ $this->_subFolderId = str_replace( "..", "", $this->_subFolderId );
if ( empty($this->_subFolderId) ) {
$this->_view = new PluginBlogTemplatesListView( $this->_blogInfo, $this->_templateId );
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogupdatetemplatefileaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogupdatetemplatefileaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginblogupdatetemplatefileaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -36,10 +36,12 @@
if ( empty($this->_subFolderId) ) {
$view = new PluginBlogEditTemplateFileView( $this->_blogInfo, $this->_templateId, $this->_fileId, $this->_backupId );
- } else {
+ }
+ else {
$view = new PluginBlogEditSubFolderTemplateFileView( $this->_blogInfo, $this->_templateId, $this->_subFolderId, $this->_fileId, $this->_backupId );
}
- $view->setErrorMessage( $this->_locale->tr("error_updating_template_file"));
+
+ $view->setErrorMessage( $this->_locale->tr("error_updating_template_file"));
$this->setValidationErrorView( $view );
}
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitearchivetemplatesetaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitearchivetemplatesetaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitearchivetemplatesetaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -18,7 +18,10 @@
function perform()
{
- $this->_templateId = $this->_request->getValue( "templateId" );
+ // fetch and sanitize parameters
+ $this->_templateId = $this->_request->getValue( "templateId" );
+ $this->_templateId = str_replace( "/", "", $this->_templateId );
+ $this->_templateId = str_replace( "..", "", $this->_templateId );
$ts = new TemplateSetStorage();
$blogId = $this->_blogInfo->getId();
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitecopytemplatesetaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitecopytemplatesetaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitecopytemplatesetaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -23,7 +23,7 @@
{
$this->_templateId = $this->_request->getValue( "templateId" );
$this->_newTemplateId = $this->_request->getValue( "newTemplateId" );
- if( !$this->isValidTamplateSetName( $this->_newTemplateId ) ) {
+ if( !$this->isValidTamplateSetName( $this->_newTemplateId ) || !$this->isValidTamplateSetName( $this->_templateId )) {
$this->_view = new PluginSiteTemplateSetsListView( $this->_blogInfo );
$this->_view->setErrorMessage( $this->_locale->tr("templateeditor_error_templateset_name"));
$this->setCommonData();
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitedeletetemplatefilesaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitedeletetemplatefilesaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitedeletetemplatefilesaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -31,7 +31,8 @@
$this->registerFieldValidator( "fileIds", new ArrayValidator());
if ( empty($this->_subFolderId) ) {
$view = new PluginSiteTemplatesListView( $this->_blogInfo, $this->_templateId );
- } else {
+ }
+ else {
$view = new PluginSiteTemplateSubFolderListView( $this->_blogInfo, $this->_templateId, $this->_subFolderId );
}
$view->setErrorMessage( $this->_locale->tr("error_no_files_selected"));
@@ -67,6 +68,11 @@
if ( !empty($this->_subFolderId) ) $templateFolder = $templateFolder . $this->_subFolderId . "/";
foreach( $this->_fileIds as $fileId ) {
+
+ // sanitize parameters
+ $fileId = str_replace( "/", "", $fileId );
+ $fileId = str_replace( "..", "", $fileId );
+
$filename = $templateFolder . $fileId;
// if it's not the default, then try to really remove it from disk
if( !File::delete( $filename ))
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitedeletetemplatesetsaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitedeletetemplatesetsaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitedeletetemplatesetsaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -55,6 +55,11 @@
$defaultTemplate = $this->_config->getValue( "default_template" );
foreach( $this->_templateIds as $templateId ) {
+
+ // sanitize parameters
+ $templateId = str_replace( "/", "", $templateId );
+ $templateId = str_replace( "..", "", $templateId );
+
// we can't remove the default template
if( $defaultTemplate ==$templateId )
$errorMessage .=$this->_locale->pr( "error_template_is_default", $templateId)."<br/>";
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsiteedittemplatefileaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsiteedittemplatefileaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsiteedittemplatefileaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -1,8 +1,11 @@
<?php
include_once( PLOG_CLASS_PATH."class/action/admin/siteadminaction.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/templatenamevalidator.class.php" );
include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsiteedittemplatefileview.class.php" );
include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsiteeditsubfoldertemplatefileview.class.php" );
+ include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsitetemplatesetslistview.class.php" );
/**
* shows a form with the current configuration
@@ -17,13 +20,36 @@
function PluginSiteEditTemplateFileAction( $actionInfo, $request )
{
$this->SiteAdminAction( $actionInfo, $request );
+
+ // special validator
+ $val = new StringValidator();
+ $val->addRule( new RegExpRule( "[a-zA-Z0-9]*" ));
+
+ $this->registerFieldValidator( "templateId", $val );
+ $this->registerFieldValidator( "subFolderId", $val, true );
+ $this->registerFieldValidator( "fileId", new TemplateNameValidator());
+ $view = new PluginSiteTemplateSetsListView( $this->_blogInfo );
+ $view->setErrorMessage( "error_loading_template_file" );
+ $this->setValidationErrorView( $view );
}
function perform()
{
+ // fetch and sanitize parameters
$this->_templateId = $this->_request->getValue( "templateId" );
- $this->_subFolderId = $this->_request->getValue( "subFolderId" );
+ $this->_templateId = str_replace( "/", "", $this->_templateId );
+ $this->_templateId = str_replace( "..", "", $this->_templateId );
+
+ // sanitize parameter subFolderId
+ $this->_subFolderId = $this->_request->getValue( "subFolderId" );
+ $this->_subFolderId = str_replace( "/", "", $this->_subFolderId );
+ $this->_subFolderId = str_replace( "..", "", $this->_subFolderId );
+
+ // fetch and sanitize the "fileId" parameter
$this->_fileId = $this->_request->getValue( "fileId" );
+ $this->_fileId = str_replace( "/", "", $this->_fileId );
+ $this->_fileId = str_replace( "..", "", $this->_fileId );
+
$this->_backupId = $this->_request->getValue( "backupId" );
if ( empty($this->_subFolderId) ) {
Modified: plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitetemplateslistaction.class.php
===================================================================
--- plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitetemplateslistaction.class.php 2007-02-22 20:43:06 UTC (rev 4828)
+++ plugins/branches/lifetype-1.1/templateeditor/class/action/pluginsitetemplateslistaction.class.php 2007-02-22 21:05:20 UTC (rev 4829)
@@ -1,8 +1,11 @@
<?php
include_once( PLOG_CLASS_PATH."class/action/admin/siteadminaction.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ include_once( PLOG_CLASS_PATH."class/data/validator/rules/regexprule.class.php" );
include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsitetemplateslistview.class.php" );
include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsitetemplatesubfolderlistview.class.php" );
+ include_once( PLOG_CLASS_PATH."plugins/templateeditor/class/view/pluginsitetemplatesetslistview.class.php" );
/**
* shows a form with the current configuration
@@ -15,16 +18,31 @@
function PluginSiteTemplatesListAction( $actionInfo, $request )
{
$this->SiteAdminAction( $actionInfo, $request );
+
+ $val = new StringValidator();
+ $val->addRule( new RegExpRule( "[a-zA-Z0-9]+" ));
+ $this->registerFieldValidator( "templateId", $val );
+ $view = new PluginSiteTemplateSetsListView( $this->_blogInfo );
+ $view->setErrorMessage( "error_loading_template_file" );
+ $this->setValidationErrorView( $view );
}
function perform()
{
+ // fetch and sanitize parameters
$this->_templateId = $this->_request->getValue( "templateId" );
+ $this->_templateId = str_replace( "/", "", $this->_templateId );
+ $this->_templateId = str_replace( "..", "", $this->_templateId );
+
+ // sanitize parameter subFolderId
$this->_subFolderId = $this->_request->getValue( "subFolderId" );
+ $this->_subFolderId = str_replace( "/", "", $this->_subFolderId );
+ $this->_subFolderId = str_replace( "..", "", $this->_subFolderId );
if ( empty($this->_subFolderId) ) {
$this->_view = new PluginSiteTemplatesListView( $this->_blogInfo, $this->_templateId );
- } else {
+ }
+ else {
$this->_view = new PluginSiteTemplateSubFolderListView( $this->_blogInfo, $this->_templateId, $this->_subFolderId );
}
More information about the pLog-svn
mailing list