[pLog-svn] r6688 - plog/branches/lifetype-1.2/class/action
Mark Wu
markplace at gmail.com
Tue Jul 1 08:57:44 EDT 2008
I have the same thought before.
And after review the code, I think it is better if lifetype just reject it
and ask user try again.
Because it will show the warning message to users, and it can prevent hacker
try again and again.
And it is okay for me, if you want to allow html here, because we already
filter it before use it .
Mark
> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
> Sent: Tuesday, July 01, 2008 8:34 PM
> To: LifeType Developer List
> Subject: Re: [pLog-svn] r6688 -
> plog/branches/lifetype-1.2/class/action
>
> Yeah, I wondered about this - I think there is a filter
> later, and so that's why I left it. We should probably
> remove the filter if we aren't going to allow it at all.
> Though when I thought about it, I thought the filter solution
> was a better one - so then the user doesn't get an error, but
> it just does the search.
>
> On Tue, 1 Jul 2008, mark at devel.lifetype.net wrote:
>
> > Author: mark
> > Date: 2008-07-01 01:41:15 -0400 (Tue, 01 Jul 2008) New
> Revision: 6688
> >
> > Modified:
> > plog/branches/lifetype-1.2/class/action/defaultaction.class.php
> > plog/branches/lifetype-1.2/class/action/searchaction.class.php
> > Log:
> > We should not allow the html in searchTerms.
> >
> > Modified:
> > plog/branches/lifetype-1.2/class/action/defaultaction.class.php
> > ===================================================================
> > ---
> plog/branches/lifetype-1.2/class/action/defaultaction.cl
> ass.php 2008-07-01 05:37:16 UTC (rev 6687)
> > +++
> plog/branches/lifetype-1.2/class/action/defaultaction.cl
> ass.php 2008-07-01 05:41:15 UTC (rev 6688)
> > @@ -30,7 +30,7 @@
> > {
> > $this->BlogAction( $actionInfo, $request );
> >
> > - $this->registerFieldValidator(
> "searchTerms", new StringValidator( true ), true );
> > + $this->registerFieldValidator(
> "searchTerms", new
> > +StringValidator(), true );
> > $this->registerFieldValidator(
> "postCategoryId", new IntegerValidator(), true );
> > $this->registerFieldValidator(
> "postCategoryName", new StringValidator( ), true );
> > $this->registerFieldValidator(
> "userId", new IntegerValidator(),
> > true );
> >
> > Modified:
> > plog/branches/lifetype-1.2/class/action/searchaction.class.php
> > ===================================================================
> > ---
> plog/branches/lifetype-1.2/class/action/searchaction.cl
> ass.php 2008-07-01 05:37:16 UTC (rev 6687)
> > +++
> plog/branches/lifetype-1.2/class/action/searchaction.cl
> ass.php 2008-07-01 05:41:15 UTC (rev 6688)
> > @@ -23,7 +23,7 @@
> > $this->BlogAction( $actionInfo, $request );
> >
> > // data validation
> > - $this->registerFieldValidator(
> "searchTerms", new StringValidator( true ));
> > + $this->registerFieldValidator(
> "searchTerms", new
> > +StringValidator());
> > $this->setValidationErrorView( new
> ErrorView( $this->_blogInfo, "error_incorrect_search_terms" ));
> > }
> >
> >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://limedaley.com/mailman/listinfo/plog-svn
> >
>
> --
> Jon Daley
> http://jon.limedaley.com
> ~~
> There isn't any problem in child-rearing that cannot be
> solved with duct tape.
> -- Alan Wagstaff
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
More information about the pLog-svn
mailing list