[pLog-svn] r6503 -plugins/branches/lifetype-1.2/editcomments/class/action

Mark Wu markplace at gmail.com
Thu Jun 5 06:59:12 EDT 2008 

Why we  need to filter it??

If articleId is not integer, we should reject the request instead of filter
it.... 

Mark

> -----Original Message-----
> From: plog-svn-bounces at devel.lifetype.net 
> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of 
> jondaley at devel.lifetype.net
> Sent: Thursday, June 05, 2008 6:52 PM
> To: plog-svn at devel.lifetype.net
> Subject: [pLog-svn] r6503 
> -plugins/branches/lifetype-1.2/editcomments/class/action
> 
> Author: jondaley
> Date: 2008-06-05 06:51:52 -0400 (Thu, 05 Jun 2008) New Revision: 6503
> 
> Modified:
>    
> plugins/branches/lifetype-1.2/editcomments/class/action/adminu
> pdatecommentaction.class.php
> Log:
> we need to manually filter the ids since we are grabbing them 
> in the constructor.  a 'real' Filter() would be better, but 
> 1.2 doesn't have very many filters available.  We'll need to 
> add them in 2.0
> 
> Modified: 
> plugins/branches/lifetype-1.2/editcomments/class/action/adminu
> pdatecommentaction.class.php
> ===================================================================
> --- 
> plugins/branches/lifetype-1.2/editcomments/class/action/adminu
> pdatecommentaction.class.php	2008-06-05 10:49:33 UTC (rev 6502)
> +++ 
> plugins/branches/lifetype-1.2/editcomments/class/action/adminu
> pdatecommentaction.class.php	2008-06-05 10:51:52 UTC (rev 6503)
> @@ -36,7 +36,8 @@
>  
>              // articleId is needed, even on a cancel operation
>          $this->registerFieldValidator("articleId", new 
> IntegerValidator());
> -        $this->_articleId = $this->_request->getValue( "articleId" );
> +            // should use a filter instead
> +        $this->_articleId = preg_replace("/[^0-9]/", "", 
> + $this->_request->getValue( "articleId" ));
>          
>          if($this->_op == "updateComment"){
>              $this->registerFieldValidator("commentId", new 
> IntegerValidator()); @@ -48,8 +49,9 @@
>              $this->registerFieldValidator("authorUrl", new 
> HttpUrlValidator(), true);
>              $this->registerFieldValidator("commentDateTime", 
> new StringValidator(false));
>              $this->registerFieldValidator("commentIp", new 
> StringValidator(false));
> -            
> -            $this->_commentId = 
> $this->_request->getValue("commentId");
> +
> +                // should use a filter instead
> +            $this->_commentId = preg_replace("/[^0-9]/", "", 
> + $this->_request->getValue("commentId"));
>              $view = new 
> AdminEditCommentView($this->_blogInfo, $this->_commentId);
>  
>              $view->setErrorMessage( 
> $this->_locale->tr("pluginEditCommentsInvalidData"));
> 
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn

More information about the pLog-svn mailing list