[pLog-svn] r6503 -plugins/branches/lifetype-1.2/editcomments/class/action

Jon Daley plogworld at jon.limedaley.com
Thu Jun 5 07:00:29 EDT 2008 

 	How do you suggest we reject it in the constructor?

On Thu, 5 Jun 2008, Mark Wu wrote:

> Why we  need to filter it??
>
> If articleId is not integer, we should reject the request instead of filter
> it....
>
> Mark
>
>> -----Original Message-----
>> From: plog-svn-bounces at devel.lifetype.net
>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of
>> jondaley at devel.lifetype.net
>> Sent: Thursday, June 05, 2008 6:52 PM
>> To: plog-svn at devel.lifetype.net
>> Subject: [pLog-svn] r6503
>> -plugins/branches/lifetype-1.2/editcomments/class/action
>>
>> Author: jondaley
>> Date: 2008-06-05 06:51:52 -0400 (Thu, 05 Jun 2008) New Revision: 6503
>>
>> Modified:
>>
>> plugins/branches/lifetype-1.2/editcomments/class/action/adminu
>> pdatecommentaction.class.php
>> Log:
>> we need to manually filter the ids since we are grabbing them
>> in the constructor.  a 'real' Filter() would be better, but
>> 1.2 doesn't have very many filters available.  We'll need to
>> add them in 2.0
>>
>> Modified:
>> plugins/branches/lifetype-1.2/editcomments/class/action/adminu
>> pdatecommentaction.class.php
>> ===================================================================
>> ---
>> plugins/branches/lifetype-1.2/editcomments/class/action/adminu
>> pdatecommentaction.class.php	2008-06-05 10:49:33 UTC (rev 6502)
>> +++
>> plugins/branches/lifetype-1.2/editcomments/class/action/adminu
>> pdatecommentaction.class.php	2008-06-05 10:51:52 UTC (rev 6503)
>> @@ -36,7 +36,8 @@
>>
>>              // articleId is needed, even on a cancel operation
>>          $this->registerFieldValidator("articleId", new
>> IntegerValidator());
>> -        $this->_articleId = $this->_request->getValue( "articleId" );
>> +            // should use a filter instead
>> +        $this->_articleId = preg_replace("/[^0-9]/", "",
>> + $this->_request->getValue( "articleId" ));
>>
>>          if($this->_op == "updateComment"){
>>              $this->registerFieldValidator("commentId", new
>> IntegerValidator()); @@ -48,8 +49,9 @@
>>              $this->registerFieldValidator("authorUrl", new
>> HttpUrlValidator(), true);
>>              $this->registerFieldValidator("commentDateTime",
>> new StringValidator(false));
>>              $this->registerFieldValidator("commentIp", new
>> StringValidator(false));
>> -
>> -            $this->_commentId =
>> $this->_request->getValue("commentId");
>> +
>> +                // should use a filter instead
>> +            $this->_commentId = preg_replace("/[^0-9]/", "",
>> + $this->_request->getValue("commentId"));
>>              $view = new
>> AdminEditCommentView($this->_blogInfo, $this->_commentId);
>>
>>              $view->setErrorMessage(
>> $this->_locale->tr("pluginEditCommentsInvalidData"));
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>

-- 
Jon Daley
http://jon.limedaley.com
~~
If everything is coming your way then you're in the wrong lane.
-- Anonymous

More information about the pLog-svn mailing list