[pLog-svn] r5538 - plog/branches/lifetype-1.2/class/summary/action
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Wed Jun 13 14:08:48 EDT 2007
Author: oscar
Date: 2007-06-13 14:08:48 -0400 (Wed, 13 Jun 2007)
New Revision: 5538
Modified:
plog/branches/lifetype-1.2/class/summary/action/summarysendresetemail.class.php
Log:
Another small xss issue.
Modified: plog/branches/lifetype-1.2/class/summary/action/summarysendresetemail.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/summary/action/summarysendresetemail.class.php 2007-06-12 21:53:22 UTC (rev 5537)
+++ plog/branches/lifetype-1.2/class/summary/action/summarysendresetemail.class.php 2007-06-13 18:08:48 UTC (rev 5538)
@@ -4,6 +4,7 @@
lt_include( PLOG_CLASS_PATH."class/summary/view/summarymessageview.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/emailvalidator.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
lt_include( PLOG_CLASS_PATH."class/dao/users.class.php" );
lt_include( PLOG_CLASS_PATH."class/summary/data/summarytools.class.php" );
lt_include( PLOG_CLASS_PATH."class/config/config.class.php" );
@@ -21,6 +22,11 @@
function SummarySendResetEmail( $actionInfo, $request )
{
$this->SummaryAction( $actionInfo, $request );
+
+ // data filtering
+ $f = new HtmlFilter();
+ $this->_request->registerFilter( "userName", $f );
+ $this->_request->registerFilter( "userEmail", $f );
// data validation
$this->registerFieldValidator( "userName", new StringValidator());
More information about the pLog-svn
mailing list