[pLog-svn] r6503 -plugins/branches/lifetype-1.2/editcomments/class/action

Jon Daley plogworld at jon.limedaley.com
Thu Jun 5 07:09:55 EDT 2008 

 	I won't ever use a cast to do that.  preg_replace is less 
ambiguous about what characters are allowed.

On Thu, 5 Jun 2008, Mark Wu wrote:

> If it is a constructer, then use casting (int) articleId will be better.
>
> Mark
>
>> -----Original Message-----
>> From: plog-svn-bounces at devel.lifetype.net
>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Jon Daley
>> Sent: Thursday, June 05, 2008 7:00 PM
>> To: LifeType Developer List
>> Subject: Re: [pLog-svn] r6503
>> -plugins/branches/lifetype-1.2/editcomments/class/action
>>
>>  	How do you suggest we reject it in the constructor?
>>
>> On Thu, 5 Jun 2008, Mark Wu wrote:
>>
>>> Why we  need to filter it??
>>>
>>> If articleId is not integer, we should reject the request
>> instead of
>>> filter it....
>>>
>>> Mark
>>>
>>>> -----Original Message-----
>>>> From: plog-svn-bounces at devel.lifetype.net
>>>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of
>>>> jondaley at devel.lifetype.net
>>>> Sent: Thursday, June 05, 2008 6:52 PM
>>>> To: plog-svn at devel.lifetype.net
>>>> Subject: [pLog-svn] r6503
>>>> -plugins/branches/lifetype-1.2/editcomments/class/action
>>>>
>>>> Author: jondaley
>>>> Date: 2008-06-05 06:51:52 -0400 (Thu, 05 Jun 2008) New
>> Revision: 6503
>>>>
>>>> Modified:
>>>>
>>>> plugins/branches/lifetype-1.2/editcomments/class/action/adminu
>>>> pdatecommentaction.class.php
>>>> Log:
>>>> we need to manually filter the ids since we are grabbing
>> them in the
>>>> constructor.  a 'real' Filter() would be better, but
>>>> 1.2 doesn't have very many filters available.  We'll need
>> to add them
>>>> in 2.0
>>>>
>>>> Modified:
>>>> plugins/branches/lifetype-1.2/editcomments/class/action/adminu
>>>> pdatecommentaction.class.php
>>>> ===================================================================
>>>> ---
>>>> plugins/branches/lifetype-1.2/editcomments/class/action/adminu
>>>> pdatecommentaction.class.php	2008-06-05 10:49:33 UTC
>> (rev 6502)
>>>> +++
>>>> plugins/branches/lifetype-1.2/editcomments/class/action/adminu
>>>> pdatecommentaction.class.php	2008-06-05 10:51:52 UTC
>> (rev 6503)
>>>> @@ -36,7 +36,8 @@
>>>>
>>>>              // articleId is needed, even on a cancel operation
>>>>          $this->registerFieldValidator("articleId", new
>>>> IntegerValidator());
>>>> -        $this->_articleId = $this->_request->getValue(
>> "articleId" );
>>>> +            // should use a filter instead
>>>> +        $this->_articleId = preg_replace("/[^0-9]/", "",
>>>> + $this->_request->getValue( "articleId" ));
>>>>
>>>>          if($this->_op == "updateComment"){
>>>>              $this->registerFieldValidator("commentId", new
>>>> IntegerValidator()); @@ -48,8 +49,9 @@
>>>>              $this->registerFieldValidator("authorUrl", new
>>>> HttpUrlValidator(), true);
>>>>              $this->registerFieldValidator("commentDateTime",
>>>> new StringValidator(false));
>>>>              $this->registerFieldValidator("commentIp", new
>>>> StringValidator(false));
>>>> -
>>>> -            $this->_commentId =
>>>> $this->_request->getValue("commentId");
>>>> +
>>>> +                // should use a filter instead
>>>> +            $this->_commentId = preg_replace("/[^0-9]/", "",
>>>> + $this->_request->getValue("commentId"));
>>>>              $view = new
>>>> AdminEditCommentView($this->_blogInfo, $this->_commentId);
>>>>
>>>>              $view->setErrorMessage(
>>>> $this->_locale->tr("pluginEditCommentsInvalidData"));
>>>>
>>>> _______________________________________________
>>>> pLog-svn mailing list
>>>> pLog-svn at devel.lifetype.net
>>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>
>>> _______________________________________________
>>> pLog-svn mailing list
>>> pLog-svn at devel.lifetype.net
>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>
>>
>> --
>> Jon Daley
>> http://jon.limedaley.com
>> ~~
>> If everything is coming your way then you're in the wrong lane.
>> -- Anonymous
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>

-- 
Jon Daley
http://jon.limedaley.com
~~
No matter where you go,
there you are.
-- Buckaroo Bonzai

More information about the pLog-svn mailing list