[pLog-svn] r5540 - in plog/branches/lifetype-1.2/class: data/filter summary/action
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Wed Jun 13 16:15:37 EDT 2007
Author: oscar
Date: 2007-06-13 16:15:37 -0400 (Wed, 13 Jun 2007)
New Revision: 5540
Added:
plog/branches/lifetype-1.2/class/data/filter/htmlspecialcharsfilter.class.php
Modified:
plog/branches/lifetype-1.2/class/summary/action/dousercreation.class.php
plog/branches/lifetype-1.2/class/summary/action/summarysendresetemail.class.php
Log:
Added a new filter that calls htmlspecialchars(), and used it in the summary to prevent further potential XSS vulnerabilities
Added: plog/branches/lifetype-1.2/class/data/filter/htmlspecialcharsfilter.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/data/filter/htmlspecialcharsfilter.class.php (rev 0)
+++ plog/branches/lifetype-1.2/class/data/filter/htmlspecialcharsfilter.class.php 2007-06-13 20:15:37 UTC (rev 5540)
@@ -0,0 +1,24 @@
+<?php
+
+ lt_include( PLOG_CLASS_PATH."class/data/filter/filterbase.class.php" );
+
+ /**
+ * \ingroup Filter
+ *
+ * This class extends the FilterBase interface to filter all HTML
+ * code in the given string
+ */
+ class HtmlSpecialCharsFilter extends FilterBase
+ {
+ /**
+ * Filters out all HTML and Javascript code from the given string
+ *
+ * @param data
+ * @return The input string without HTML code
+ */
+ function filter( $data )
+ {
+ return( parent::filter( htmlspecialchars( $data )));
+ }
+ }
+?>
\ No newline at end of file
Modified: plog/branches/lifetype-1.2/class/summary/action/dousercreation.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/summary/action/dousercreation.class.php 2007-06-13 18:15:57 UTC (rev 5539)
+++ plog/branches/lifetype-1.2/class/summary/action/dousercreation.class.php 2007-06-13 20:15:37 UTC (rev 5540)
@@ -5,7 +5,8 @@
lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/usernamevalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/passwordvalidator.class.php" );
- lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlspecialcharsfilter.class.php" );
lt_include( PLOG_CLASS_PATH."class/dao/users.class.php" );
lt_include( PLOG_CLASS_PATH."class/summary/view/doblogregistrationview.class.php" );
@@ -23,6 +24,7 @@
// apply some filters to the data in the request
$f = new HtmlFilter();
+ $f->addFilter( new HtmlSpecialCharsFilter());
$this->_request->registerFilter( "userName", $f );
$this->_request->registerFilter( "userFullName", $f );
$this->_request->registerFilter( "userEmail", $f );
Modified: plog/branches/lifetype-1.2/class/summary/action/summarysendresetemail.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/summary/action/summarysendresetemail.class.php 2007-06-13 18:15:57 UTC (rev 5539)
+++ plog/branches/lifetype-1.2/class/summary/action/summarysendresetemail.class.php 2007-06-13 20:15:37 UTC (rev 5540)
@@ -5,6 +5,7 @@
lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/emailvalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlspecialcharsfilter.class.php" );
lt_include( PLOG_CLASS_PATH."class/dao/users.class.php" );
lt_include( PLOG_CLASS_PATH."class/summary/data/summarytools.class.php" );
lt_include( PLOG_CLASS_PATH."class/config/config.class.php" );
@@ -25,6 +26,7 @@
// data filtering
$f = new HtmlFilter();
+ $f->addFilter( new HtmlSpecialCharsFilter());
$this->_request->registerFilter( "userName", $f );
$this->_request->registerFilter( "userEmail", $f );
More information about the pLog-svn
mailing list