[pLog-svn] r5676 - plog/branches/lifetype-1.2/class/action/admin
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Wed Jul 18 17:01:29 EDT 2007
Author: oscar
Date: 2007-07-18 17:01:28 -0400 (Wed, 18 Jul 2007)
New Revision: 5676
Modified:
plog/branches/lifetype-1.2/class/action/admin/admindeleteblogtemplateaction.class.php
plog/branches/lifetype-1.2/class/action/admin/admindeletelocalesaction.class.php
plog/branches/lifetype-1.2/class/action/admin/admindeletetemplatesaction.class.php
Log:
Fixed 3 further potential XSS issues where input was being passed unfiltered back to the template.
Modified: plog/branches/lifetype-1.2/class/action/admin/admindeleteblogtemplateaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admindeleteblogtemplateaction.class.php 2007-07-18 20:47:04 UTC (rev 5675)
+++ plog/branches/lifetype-1.2/class/action/admin/admindeleteblogtemplateaction.class.php 2007-07-18 21:01:28 UTC (rev 5676)
@@ -5,7 +5,8 @@
lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/arrayvalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/template/templatesets/templatesetstorage.class.php" );
-
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
+
/**
* \ingroup Action
* @private
@@ -57,8 +58,11 @@
$successMessage = "";
$totalOk = 0;
$blogTemplate = $this->_blogInfo->getTemplateSet();
+ $f = new HtmlFilter();
foreach( $this->_templateIds as $templateId ) {
+ $templateId = $f->filter( $templateId );
+
// we can't remove the current template!
if( $blogTemplate->getName() == $templateId ) {
$errorMessage .= $this->_locale->pr("error_template_is_current", $templateId )."<br/>";
Modified: plog/branches/lifetype-1.2/class/action/admin/admindeletelocalesaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admindeletelocalesaction.class.php 2007-07-18 20:47:04 UTC (rev 5675)
+++ plog/branches/lifetype-1.2/class/action/admin/admindeletelocalesaction.class.php 2007-07-18 21:01:28 UTC (rev 5676)
@@ -5,6 +5,7 @@
lt_include( PLOG_CLASS_PATH."class/locale/locales.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/arrayvalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
/**
* \ingroup Action
@@ -71,9 +72,11 @@
$errorMessage = "";
$successMessage = "";
$totalOk = 0;
+ $f = new HtmlFilter();
foreach( $this->_localeIds as $localeId ) {
if( $localeId != $defaultLocale ) {
+ $localeId = $f->filter( $localeId );
if( $locales->removeLocale( $localeId )) {
$totalOk++;
if( $totalOk < 2 )
Modified: plog/branches/lifetype-1.2/class/action/admin/admindeletetemplatesaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admindeletetemplatesaction.class.php 2007-07-18 20:47:04 UTC (rev 5675)
+++ plog/branches/lifetype-1.2/class/action/admin/admindeletetemplatesaction.class.php 2007-07-18 21:01:28 UTC (rev 5676)
@@ -5,6 +5,7 @@
lt_include( PLOG_CLASS_PATH."class/view/admin/adminsitetemplateslistview.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/arrayvalidator.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
/**
* \ingroup Action
@@ -56,11 +57,14 @@
$errorMessage = "";
$successMessage = "";
$totalOk = 0;
+ $f = new HtmlFilter();
// get the id of the default template
$defaultTemplate = $this->_config->getValue( "default_template" );
foreach( $this->_templateIds as $templateId ) {
+ $templateId = $f->filter( $templateId );
+
// we can't remove the default template
if( $defaultTemplate ==$templateId )
$errorMessage .=$this->_locale->pr( "error_template_is_default", $templateId)."<br/>";
More information about the pLog-svn
mailing list