[pLog-svn] r5676 - plog/branches/lifetype-1.2/class/action/admin

oscar at devel.lifetype.net oscar at devel.lifetype.net
Wed Jul 18 17:01:29 EDT 2007


Author: oscar
Date: 2007-07-18 17:01:28 -0400 (Wed, 18 Jul 2007)
New Revision: 5676

Modified:
   plog/branches/lifetype-1.2/class/action/admin/admindeleteblogtemplateaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/admindeletelocalesaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/admindeletetemplatesaction.class.php
Log:
Fixed 3 further potential XSS issues where input was being passed unfiltered back to the template.


Modified: plog/branches/lifetype-1.2/class/action/admin/admindeleteblogtemplateaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admindeleteblogtemplateaction.class.php	2007-07-18 20:47:04 UTC (rev 5675)
+++ plog/branches/lifetype-1.2/class/action/admin/admindeleteblogtemplateaction.class.php	2007-07-18 21:01:28 UTC (rev 5676)
@@ -5,7 +5,8 @@
 	lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
 	lt_include( PLOG_CLASS_PATH."class/data/validator/arrayvalidator.class.php" );
 	lt_include( PLOG_CLASS_PATH."class/template/templatesets/templatesetstorage.class.php" );
-	
+	lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
+		
     /**
      * \ingroup Action
      * @private
@@ -57,8 +58,11 @@
 			$successMessage = "";
 			$totalOk = 0;
 			$blogTemplate = $this->_blogInfo->getTemplateSet();
+			$f = new HtmlFilter();
 
             foreach( $this->_templateIds as $templateId ) {
+				$templateId = $f->filter( $templateId );
+	
 				// we can't remove the current template!
 				if( $blogTemplate->getName() == $templateId ) {
 					$errorMessage .= $this->_locale->pr("error_template_is_current", $templateId )."<br/>";

Modified: plog/branches/lifetype-1.2/class/action/admin/admindeletelocalesaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admindeletelocalesaction.class.php	2007-07-18 20:47:04 UTC (rev 5675)
+++ plog/branches/lifetype-1.2/class/action/admin/admindeletelocalesaction.class.php	2007-07-18 21:01:28 UTC (rev 5676)
@@ -5,6 +5,7 @@
     lt_include( PLOG_CLASS_PATH."class/locale/locales.class.php" );
     lt_include( PLOG_CLASS_PATH."class/data/validator/arrayvalidator.class.php" );
     lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+	lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );	
 
     /**
      * \ingroup Action
@@ -71,9 +72,11 @@
             $errorMessage = "";
             $successMessage = "";
             $totalOk = 0;
+			$f = new HtmlFilter();	
 
             foreach( $this->_localeIds as $localeId ) {
             	if( $localeId != $defaultLocale ) {
+					$localeId = $f->filter( $localeId );	
             		if( $locales->removeLocale( $localeId )) {
             			$totalOk++;
             			if( $totalOk < 2 )

Modified: plog/branches/lifetype-1.2/class/action/admin/admindeletetemplatesaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admindeletetemplatesaction.class.php	2007-07-18 20:47:04 UTC (rev 5675)
+++ plog/branches/lifetype-1.2/class/action/admin/admindeletetemplatesaction.class.php	2007-07-18 21:01:28 UTC (rev 5676)
@@ -5,6 +5,7 @@
 	lt_include( PLOG_CLASS_PATH."class/view/admin/adminsitetemplateslistview.class.php" );
 	lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
 	lt_include( PLOG_CLASS_PATH."class/data/validator/arrayvalidator.class.php" );
+	lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );	
 
     /**
      * \ingroup Action
@@ -56,11 +57,14 @@
         	$errorMessage = "";
         	$successMessage = "";
         	$totalOk = 0;
+			$f = new HtmlFilter();	
 
         	// get the id of the default template
         	$defaultTemplate = $this->_config->getValue( "default_template" );
 
             foreach( $this->_templateIds as $templateId ) {
+				$templateId = $f->filter( $templateId );
+	
             	// we can't remove the default template
             	if( $defaultTemplate ==$templateId )
             		$errorMessage .=$this->_locale->pr( "error_template_is_default", $templateId)."<br/>";



More information about the pLog-svn mailing list