[pLog-svn] r5677 - in plog/branches/lifetype-1.2/class: action/admin view/admin
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Wed Jul 18 17:27:54 EDT 2007
Author: oscar
Date: 2007-07-18 17:27:54 -0400 (Wed, 18 Jul 2007)
New Revision: 5677
Modified:
plog/branches/lifetype-1.2/class/action/admin/admineditpostsaction.class.php
plog/branches/lifetype-1.2/class/view/admin/adminpostslistview.class.php
Log:
Fixed most of the injection issues in the "edit posts" page
Modified: plog/branches/lifetype-1.2/class/action/admin/admineditpostsaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admineditpostsaction.class.php 2007-07-18 21:01:28 UTC (rev 5676)
+++ plog/branches/lifetype-1.2/class/action/admin/admineditpostsaction.class.php 2007-07-18 21:27:54 UTC (rev 5677)
@@ -2,6 +2,7 @@
lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
lt_include( PLOG_CLASS_PATH."class/view/admin/adminpostslistview.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
/**
* \ingroup Action
@@ -19,9 +20,41 @@
{
$this->AdminAction( $actionInfo, $request );
+ // field validation
+ $this->registerFieldValidator( "showCategory", new IntegerValidator( true ));
+ $this->registerFieldValidator( "showStatus", new IntegerValidator( true ));
+ $this->registerFieldValidator( "showUser", new IntegerValidator());
+ $this->registerFieldValidator( "showMonth", new IntegerValidator( true ));
+
$this->requirePermission( "view_posts" );
}
+ /**
+ * We're going to do some manual validation here because we want to capture the
+ * validation problem but instead of showing an error, we're just going to fix
+ * here (by resetting the value) and continue with the show as if nothing
+ * had happened.
+ */
+ function validate()
+ {
+ $intVal = new IntegerValidator( true );
+ $uIntVal = new IntegerValidator();
+
+ if( !$intVal->validate( $this->_request->getValue( "showCategory" )))
+ $this->_request->setValue( "showCategory", -1 );
+
+ if( !$intVal->validate( $this->_request->getValue( "showStatus" )))
+ $this->_request->setValue( "showStatus", -1 );
+
+ if( !$uIntVal->validate( $this->_request->getValue( "showUser" )))
+ $this->_request->setValue( "showUser", 0 );
+
+ if( !$intVal->validate( $this->_request->getValue( "showMonth" )))
+ $this->_request->setValue( "showMonth", -1 );
+
+ return( true );
+ }
+
/**
* Carries out the specified action
*/
Modified: plog/branches/lifetype-1.2/class/view/admin/adminpostslistview.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/view/admin/adminpostslistview.class.php 2007-07-18 21:01:28 UTC (rev 5676)
+++ plog/branches/lifetype-1.2/class/view/admin/adminpostslistview.class.php 2007-07-18 21:27:54 UTC (rev 5677)
@@ -9,6 +9,7 @@
lt_include( PLOG_CLASS_PATH.'class/data/timestamp.class.php' );
lt_include( PLOG_CLASS_PATH."class/dao/users.class.php" );
lt_include( PLOG_CLASS_PATH."class/config/siteconfig.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
/**
* \ingroup View
@@ -198,7 +199,7 @@
$this->setValue( "months", $this->_getMonths());
$this->setValue( "poststatus", $postStatusList );
$this->setValue( "poststatusWithoutAll", $postStatusListWithoutAll );
- $this->setValue( "searchTerms", $this->_searchTerms );
+ $this->setValue( "searchTerms", TextFilter::filterAllHTML( $this->_searchTerms ));
$this->setValue( "pager", $pager );
parent::render();
More information about the pLog-svn
mailing list