[pLog-svn] r6507 - plog/branches/lifetype-1.2/class/action/admin

jondaley at devel.lifetype.net jondaley at devel.lifetype.net
Sat Jun 7 11:03:46 EDT 2008


Author: jondaley
Date: 2008-06-07 11:03:45 -0400 (Sat, 07 Jun 2008)
New Revision: 6507

Modified:
   plog/branches/lifetype-1.2/class/action/admin/adminaddarticlecategoryaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminaddarticlecategoryajaxaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminaddblogaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminaddbloguseraction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminaddcustomfieldaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminaddlinkaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminaddpostaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminaddresourceaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminadduseraction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminadminblogselectaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/admindeletetrackbackaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/admindoregisterblogaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/admineditglobalarticlecategoryaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/admineditlinkaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/admineditlinkcategoryaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/admineditpostaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminglobalsettingsaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminloginaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminmainaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminplugincenteraction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminpostmanagementcommonaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminresourcealbumsaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminsavedraftarticleajaxaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminsendtrackbacksaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdatearticlecategoryaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdateblogsettingsaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdatebloguseraction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdatecustomfieldaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdateeditblogaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdateglobalsettingsaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdatelinkaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdatepermissionaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdatepluginsettingsaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdatepostaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdateresourceaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdateresourcealbumaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdateuserprofileaction.class.php
   plog/branches/lifetype-1.2/class/action/admin/adminupdateusersettingsaction.class.php
Log:
lots of validation fixed.  For others who want to jump in, check out all the TODO marks.  This checkin is also not guaranteed to be stable, much testing is needed for each and every input, but I did most of the boring work, reading all 145 admin action files... (and you thought I was paying attention to you on the IRC chat today...

Modified: plog/branches/lifetype-1.2/class/action/admin/adminaddarticlecategoryaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminaddarticlecategoryaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminaddarticlecategoryaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -33,8 +33,11 @@
 			// register two validators
 			$this->registerFieldValidator( "categoryName", new StringValidator());
 			$this->registerFieldValidator( "categoryDescription", new StringValidator());
-			$this->registerFieldValidator( "categoryInMainPage", new EmptyValidator());
-			// and the view we should show in case there is a validation error
+			$this->registerFieldValidator( "categoryInMainPage", new IntegerValidator());
+
+                // TODO: validate properties and categoryUrl
+ 
+                // and the view we should show in case there is a validation error
 			$errorView = new AdminTemplatedView( $this->_blogInfo, "newpostcategory" );
 			$errorView->setErrorMessage( $this->_locale->tr("error_adding_article_category" ));			
 			$this->setValidationErrorView( $errorView );

Modified: plog/branches/lifetype-1.2/class/action/admin/adminaddarticlecategoryajaxaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminaddarticlecategoryajaxaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminaddarticlecategoryajaxaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -35,7 +35,7 @@
 	            $this->_view = new AdminXmlView( $this->_blogInfo, "response" );				
 	            $this->_view->setValue( "method", "addCategoryAjax" );
             	$this->_view->setValue( "success", "0" );
-            	$this->_view->setValue( "message", $this->_locale->tr("error_permission_required") );    	            
+            	$this->_view->setValue( "message", $this->_locale->tr("error_permission_required") );
                 return false;
             }
 
@@ -50,7 +50,7 @@
 	            $this->_view = new AdminXmlView( $this->_blogInfo, "response" );				
 	            $this->_view->setValue( "method", "addCategoryAjax" );
             	$this->_view->setValue( "success", "0" );
-            	$this->_view->setValue( "message", $this->_locale->tr("error_adding_article_category") );    	            
+            	$this->_view->setValue( "message", $this->_locale->tr("error_adding_article_category") );
                 return false;
             }
 

Modified: plog/branches/lifetype-1.2/class/action/admin/adminaddblogaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminaddblogaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminaddblogaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -50,7 +50,8 @@
 	        // fetch the validated data
         	$this->_blogName = Textfilter::filterAllHTML($this->_request->getValue( "blogName" ));
             $this->_ownerId  = $this->_request->getValue( "userId" );
-			$this->_blogProperties = $this->_request->getValue( "properties" );	        
+                // TODO: validate this
+			$this->_blogProperties = $this->_request->getValue( "properties" );
 			
             // check that the user really exists
             $users = new Users();

Modified: plog/branches/lifetype-1.2/class/action/admin/adminaddbloguseraction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminaddbloguseraction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminaddbloguseraction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -31,7 +31,7 @@
 			$this->registerFieldValidator( "newBlogUserName", new UsernameValidator());
 			
 			$this->_sendNotification = ($this->_request->getValue( "sendNotification" ) != "" );
-			
+
 			if( $this->_sendNotification ) {
 				$this->registerFieldValidator( "newBlogUserText", new StringValidator());
 			}

Modified: plog/branches/lifetype-1.2/class/action/admin/adminaddcustomfieldaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminaddcustomfieldaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminaddcustomfieldaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -31,9 +31,11 @@
 			$this->registerFieldValidator( "fieldName", new StringValidator());
 			$this->registerFieldValidator( "fieldDescription", new StringValidator());
 			$this->registerFieldValidator( "fieldType", new IntegerValidator());
-			$this->_form->registerField( "fieldSearchable" );
-			$this->_form->registerField( "fieldHidden" );
+			$this->registerFieldValidator( "fieldSearchable", new IntegerValidator() );
+			$this->registerFieldValidator( "fieldHidden", new IntegerValidator());
+                // TODO: not used?  Validate if it is
 			$this->_form->registerField( "fieldId" );
+                // TODO: validate this - maybe with ArrayValidator and third parameter set to true?
 			$this->_form->registerField( "fieldValues" );
 			$view = new AdminTemplatedView( $this->_blogInfo, "newcustomfield" );
 			$view->setErrorMessage( $this->_locale->tr("error_adding_custom_field"));

Modified: plog/branches/lifetype-1.2/class/action/admin/adminaddlinkaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminaddlinkaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminaddlinkaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -39,7 +39,7 @@
 			// linkRssFeed will only be validated if it is available in the form
 			$this->registerFieldValidator( "linkRssFeed", new HttpUrlValidator(), true );
 			$this->registerFieldValidator( "linkCategoryId", new IntegerValidator());
-			$this->registerFieldValidator( "linkDescription", new EmptyValidator());
+			$this->registerFieldValidator( "linkDescription", new StringValidator());
 			$view = new AdminNewLinkView( $this->_blogInfo );
 			$view->setErrorMessage( $this->_locale->tr("error_adding_link" ));
 			$this->setValidationErrorView( $view );

Modified: plog/branches/lifetype-1.2/class/action/admin/adminaddpostaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminaddpostaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminaddpostaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -112,6 +112,7 @@
 
 			$this->_postId = $this->_request->getValue( "postId" );
 
+                // TODO: are these used? if so, they need to be validated
             $this->_previewPost    = $this->_request->getValue( "previewPost" );
             $this->_addPost        = $this->_request->getValue( "addPost" );
 			$this->_saveDraft      = $this->_request->getValue( "isDraft" );

Modified: plog/branches/lifetype-1.2/class/action/admin/adminaddresourceaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminaddresourceaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminaddresourceaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -34,10 +34,14 @@
         function AdminAddResourceAction( $actionInfo, $request )
         {
         	$this->AdminAction( $actionInfo, $request );
-			
+
+                // TODO: what is the _1 is that right?  if so, we need to add an additional
+                // validator for resourceFile, otherwise, rename this one
 			$this->registerFieldValidator( "resourceFile_1", new ArrayValidator(), true);
 			$this->registerFieldValidator( "albumId", new IntegerValidator());			
+                // TODO: validate for later (stringValidator?, on the paranoid side of things)
 			$this->_destView    = $this->_request->getValue( "destView" );
+                // TODO: validate both of these
 			$this->_form->registerField( "resourceDescription" );
 			$this->_form->registerField( "destination" );
 			

Modified: plog/branches/lifetype-1.2/class/action/admin/adminadduseraction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminadduseraction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminadduseraction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -39,6 +39,7 @@
         	$this->registerFieldValidator( "newUserPassword", new PasswordValidator());
         	$this->registerFieldValidator( "userEmail", new EmailValidator());
 			$this->registerFieldValidator( "userStatus", new IntegerValidator());
+                // TODO: validate all of these
         	$this->registerField( "userFullName" );
         	$this->registerFieldValidator( "blogId", new IntegerValidator(), true );
 			$this->registerField( "blogName" );

Modified: plog/branches/lifetype-1.2/class/action/admin/adminadminblogselectaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminadminblogselectaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminadminblogselectaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -63,6 +63,7 @@
 			die();*/
 			
 			// check if there was any redirection
+            // TODO: validate
 			$this->_nextAction = $this->_request->getValue( "action" );
 
 			if ( $this->_nextAction ) {

Modified: plog/branches/lifetype-1.2/class/action/admin/admindeletetrackbackaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admindeletetrackbackaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/admindeletetrackbackaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -30,6 +30,7 @@
 			
 			$this->_mode = $actionInfo->getActionParamValue();
 			$this->registerFieldValidator( "articleId", new IntegerValidator());
+                // TODO: should we use the third parameter, rather than have a conditional validation?
 			if( $this->_mode == "deleteTrackback" )
 				$this->registerFieldValidator( "trackbackId", new IntegerValidator());
 			else 

Modified: plog/branches/lifetype-1.2/class/action/admin/admindoregisterblogaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admindoregisterblogaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/admindoregisterblogaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -29,6 +29,11 @@
             $this->registerFieldValidator( "blogLocale", new StringValidator());
 			$this->registerFieldValidator( "templateId", new StringValidator());
 			$this->registerFieldValidator( "blogCategory", new IntegerValidator());
+            if( Subdomains::getSubdomainsEnabled()) {
+                $this->registerFieldValidator( "blogSubDomain", new DomainValidator());
+                $this->registerFieldValidator( "blogMainDomain", new DomainValidator());
+            }       
+            
 			$this->setValidationErrorView( new AdminRegisterBlogView( $this->_userInfo ));
 		}
 

Modified: plog/branches/lifetype-1.2/class/action/admin/admineditglobalarticlecategoryaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admineditglobalarticlecategoryaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/admineditglobalarticlecategoryaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -34,6 +34,7 @@
 			
 			// stuff for the data validation
 			$this->registerFieldValidator( "categoryId", new IntegerValidator());
+                // TODO: validate or don't use
 			$this->_form->registerField( "categoryName" );
 			$this->_form->registerField( "categoryDescription" );
 			$errorView = new AdminGlobalArticleCategoriesListView( $this->_blogInfo );

Modified: plog/branches/lifetype-1.2/class/action/admin/admineditlinkaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admineditlinkaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/admineditlinkaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -28,6 +28,7 @@
 			// data validation stuff
 			$this->registerFieldValidator( "linkId", new IntegerValidator());
 			// we need to register the other fields or else the form validation will complain
+            // TODO: validate or don't use
 			$this->_form->registerField( "linkDescription" );
 			$this->_form->registerField( "linkName" );
 			$this->_form->registerField( "linkRssFeed" );

Modified: plog/branches/lifetype-1.2/class/action/admin/admineditlinkcategoryaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admineditlinkcategoryaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/admineditlinkcategoryaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -27,6 +27,7 @@
 			
 			// data validation
 			$this->registerFieldValidator( "categoryId", new IntegerValidator());
+                // TODO: this isn't used?  Or if it is, it should be validated
 			$this->_form->registerField( "categoryName" );
 			$view = new AdminLinkCategoriesListView( $this->_blogInfo );
 			$view->setErrorMessage( $this->_locale->tr("error_incorrect_link_category_id"));

Modified: plog/branches/lifetype-1.2/class/action/admin/admineditpostaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admineditpostaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/admineditpostaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -29,6 +29,7 @@
         	$this->registerFieldValidator( "postId", new IntegerValidator());
         	// if we don't register the fields below, the view will complain that they are
         	// not valid!
+            // TODO: we should validate these or not use them, right?
         	$this->registerField( "postTopic" );
         	$this->registerField( "postText" );
         	$this->registerField( "postCategories" );

Modified: plog/branches/lifetype-1.2/class/action/admin/adminglobalsettingsaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminglobalsettingsaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminglobalsettingsaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -22,6 +22,7 @@
         function perform()
         {
             // if no problem, continue
+            // TODO: validate this
             $show = $this->_request->getValue( "show" );
             $this->_view = new AdminGlobalSettingsListView( $this->_blogInfo, $show );
             $this->setCommonData();

Modified: plog/branches/lifetype-1.2/class/action/admin/adminloginaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminloginaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminloginaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -56,6 +56,7 @@
         	// get the parameters, which have already been validated
             $this->_userName     = Textfilter::filterAllHTML($this->_request->getValue( "userName" ));
             $this->_userPassword = $this->_request->getValue( "userPassword" );
+                // TODO: validate op
             $this->_op           = Textfilter::filterAllHTML($this->_request->getValue( "op" ));
 
 			// create a plugin manager

Modified: plog/branches/lifetype-1.2/class/action/admin/adminmainaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminmainaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminmainaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -2,6 +2,7 @@
 
 	lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
 	lt_include( PLOG_CLASS_PATH."class/dao/userpermissions.class.php" );
+	lt_include( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
 
     /**
      * \ingroup Action
@@ -21,6 +22,7 @@
         function AdminMainAction( $actionInfo, $request )
         {
         	$this->AdminAction( $actionInfo, $request );
+			$this->registerFieldValidator( "blogId", new IntegerValidator());
         }
 
         /**
@@ -108,7 +110,8 @@
 			// we don't have to worry about much more here, we can let the
 			// $this->_nextAction action take care of everytyhing now...
 			// If $this->_nextAction is null, we use "newPost" as default nextAction
-				        
+
+                // TODO: validate this
 	        $this->_nextAction = $this->_request->getValue( "action" );
 
 			if ( $this->_nextAction ) {

Modified: plog/branches/lifetype-1.2/class/action/admin/adminplugincenteraction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminplugincenteraction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminplugincenteraction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -42,7 +42,8 @@
         	// initialize the plugin manager and load the plugins
         	$pluginManager =& PluginManager::getPluginManager();
 
-			$doVersionCheck = $this->_request->getValue( "doVersionCheck", false );
+                // TODO: we have a checkbox-to-boolean validator/getter, maybe use that instead?
+			$doVersionCheck = $this->_request->getValue( "doVersionCheck", false ) ? true : false;
 
             // check if the plugin manager is enabled or not, since if it's not
             // there is no point in this feature...

Modified: plog/branches/lifetype-1.2/class/action/admin/adminpostmanagementcommonaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminpostmanagementcommonaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminpostmanagementcommonaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -47,11 +47,20 @@
 		function AdminPostManagementCommonAction( $actionInfo, $request ) 
 		{
 			$this->AdminAction( $actionInfo, $request );
+
+                // TODO: there should be validators here, rather than depending
+                // on the child classes to validate everything each time?
+                // Child classes call _fetchCommonData, which then gets
+                // unvalidated data
+                // Before removing this comment, check for all occurrences of
+                // _request in this file and make sure they are either validated
+                // here or in all child classes
 		}
 		
 		function _fetchPostDateInformation()
 		{
 
+                // TODO: this needs to be validated
             // fetch the timestamp that the post will have
           	$postDateTime = $this->_request->getValue( "postDateTime" );
             $dateTimeParts = explode(" ", $postDateTime);

Modified: plog/branches/lifetype-1.2/class/action/admin/adminresourcealbumsaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminresourcealbumsaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminresourcealbumsaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -2,6 +2,7 @@
 
 	lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
     lt_include( PLOG_CLASS_PATH."class/view/admin/adminresourcealbumslistview.class.php" );
+    lt_include( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
 
     /**
      * \ingroup Action
@@ -20,6 +21,7 @@
         function AdminResourceAlbumsAction( $actionInfo, $request )
         {
         	$this->AdminAction( $actionInfo, $request );
+			$this->registerFieldValidator( "albumId", new IntegerValidator());
         }
 
         /**

Modified: plog/branches/lifetype-1.2/class/action/admin/adminsavedraftarticleajaxaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminsavedraftarticleajaxaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminsavedraftarticleajaxaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -20,6 +20,7 @@
 			$this->AdminAction( $actionInfo, $request );
 		}
 
+            // TODO: using old validate method.  And, it doesn't actually do any validation??
 		function validate()
 		{
         	$this->_postText     = $this->_request->getValue( "postText" );

Modified: plog/branches/lifetype-1.2/class/action/admin/adminsendtrackbacksaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminsendtrackbacksaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminsendtrackbacksaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -33,6 +33,7 @@
 			$this->requirePermission( "add_post" );
         }
 
+            // TODO: using old methods - should be changed to new, right?
 		function validate()
 		{
 			// fetch the validated data

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdatearticlecategoryaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdatearticlecategoryaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdatearticlecategoryaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -37,7 +37,8 @@
 			$this->registerFieldValidator( "categoryName", new StringValidator());
 			$this->registerFieldValidator( "categoryId", new IntegerValidator());
 			$this->registerFieldValidator( "categoryDescription", new StringValidator());
-			$this->registerFieldValidator( "categoryInMainPage", new EmptyValidator());
+                // TODO: integer?
+			$this->registerFieldValidator( "categoryInMainPage", new IntegerValidator());
 			$errorView = new AdminTemplatedView( $this->_blogInfo, "editarticlecategory" );
 			$errorView->setErrorMessage( $this->_locale->tr("error_updating_article_category" ));
 			$this->setValidationErrorView( $errorView );

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdateblogsettingsaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdateblogsettingsaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdateblogsettingsaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -32,20 +32,22 @@
 			$val = new IntegerValidator();
 			$val->addRule( new IntRangeRule( 1, 99999999 ));
 			$this->registerFieldValidator( "blogMaxMainPageItems", $val );			
+			$this->registerFieldValidator( "blogNumCommentsPerPage", $val );
 			// the rest of validators, as normal...
 			$this->registerFieldValidator( "blogMaxRecentItems", new IntegerValidator());
 			$this->registerFieldValidator( "blogName",  new BlogNameValidator());
 			$this->registerFieldValidator( "blogLocale", new StringValidator());
 			$this->registerFieldValidator( "blogTemplate", new StringValidator());
 			$this->registerFieldValidator( "blogCategory", new IntegerValidator());
-			$this->registerFieldValidator( "blogNumCommentsPerPage", $val );
 			$this->registerFieldValidator( "blogArticlesOrder", new IntegerValidator());
+                // TODO: validate all of these
 			$this->registerField( "blogAbout" );
 			$this->registerField( "blogShowMoreEnabled" );
 			$this->registerField( "blogEnableHtmlarea" );
 			$this->registerField( "blogEnablePullDownMenu" );
 			$this->registerField( "blogCommentsEnabled" );
 			$this->registerField( "blogCommentsOrder" );
+			$this->registerField( "blogArticlesOrder" );
 			$this->registerField( "blogShowFuturePosts" );
 			$this->registerField( "blogFirstDayOfWeek" );
 			$this->registerField( "blogTimeOffset" );
@@ -56,8 +58,10 @@
 			$this->registerField( "blogShowInSummary" );
 			$this->registerField( "blogSendNotification" );
 			$this->registerField( "blogCommentOnlyRegisteredUsers" );
-			$this->registerField( "blogSubDomain" );
-			$this->registerField( "blogMainDomain" );
+            if( Subdomains::getSubdomainsEnabled()) {
+                $this->registerFieldValidator( "blogSubDomain", new DomainValidator());
+                $this->registerFieldValidator( "blogMainDomain", new DomainValidator());
+            }       
 			// set the view that we're going to use
 			$view = new AdminBlogSettingsView( $this->_blogInfo );
 			$view->setErrorMessage( $this->_locale->tr("error_updating_settings"));

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdatebloguseraction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdatebloguseraction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdatebloguseraction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -36,6 +36,7 @@
         function perform()
         {
 			// fetch the data, we already know it's valid and that we can trust it!
+            // TODO: I question the above comment - how do we know "perm" is valid?
 			$userId = $this->_request->getValue( "userId" );
 			$this->_perms = $this->_request->getValue( "perm" );			
 			

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdatecustomfieldaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdatecustomfieldaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdatecustomfieldaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -32,7 +32,8 @@
 			$this->registerFieldValidator( "fieldDescription", new StringValidator());
 			$this->registerFieldValidator( "fieldType", new IntegerValidator());
 			$this->registerFieldValidator( "fieldId", new IntegerValidator());
-			$this->_form->registerField( "fieldSearchable" );
+                // TODO: validate all of these
+            $this->_form->registerField( "fieldSearchable" );
 			$this->_form->registerField( "fieldHidden" );
 			$this->_form->registerField( "fieldValues" );
 			$this->setValidationErrorView( new AdminTemplatedView( $this->_blogInfo, "editcustomfield" ));			

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdateeditblogaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdateeditblogaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdateeditblogaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -46,12 +46,16 @@
 			$this->registerFieldValidator( "blogName", new BlogNameValidator());
 			$this->registerFieldValidator( "blogId", new IntegerValidator());
 			$this->registerFieldValidator( "blogStatus", new IntegerValidator());
+                // TODO: this is an int, right?
+			$this->registerFieldValidator( "blogOwner", new IntegerValidator());
 			$this->registerFieldValidator( "blogLocale", new StringValidator());
 			$this->registerFieldValidator( "blogTemplate", new StringValidator());
 			$this->registerFieldValidator( "blogResourcesQuota", new IntegerValidator(), true );
 			$this->registerFieldValidator( "userId", new IntegerValidator());
 			$this->registerFieldValidator( "userName", new UsernameValidator());
+                // TODO: validate this
 			$this->registerField( "blogTimeOffset" );
+                // TODO: validate "properties"
 			if( Subdomains::getSubdomainsEnabled()) {
 				$this->registerFieldValidator( "blogSubDomain", new DomainValidator());
 				$this->registerFieldValidator( "blogMainDomain", new DomainValidator());			

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdateglobalsettingsaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdateglobalsettingsaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdateglobalsettingsaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -2,6 +2,8 @@
 
 	lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
     lt_include( PLOG_CLASS_PATH."class/view/admin/adminglobalsettingslistview.class.php" );
+	lt_include( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+	lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
 
     /**
      * \ingroup Action
@@ -19,6 +21,10 @@
         	$this->AdminAction( $actionInfo, $request );
 
 			$this->requireAdminPermission( "update_global_settings" );
+
+                // TODO: no validator for "config"?
+			$this->registerFieldValidator( "blogId", new IntegerValidator());
+			$this->registerFieldValidator( "show", new StringValidator());
         }
 
         function validate()

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdatelinkaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdatelinkaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdatelinkaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -38,7 +38,7 @@
 			// linkRssFeed will only be validated if it is available in the form
 			$this->registerFieldValidator( "linkRssFeed", new HttpUrlValidator(), true );
 			$this->registerFieldValidator( "linkCategoryId", new IntegerValidator());
-			$this->registerFieldValidator( "linkDescription", new EmptyValidator());
+			$this->registerFieldValidator( "linkDescription", new StringValidator());
 			$this->registerFieldValidator( "linkId", new IntegerValidator());
 			$view = new AdminEditLinkView( $this->_blogInfo );
 			$view->setErrorMessage( $this->_locale->tr("error_updating_link" ));

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdatepermissionaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdatepermissionaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdatepermissionaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -23,8 +23,8 @@
 			$this->registerFieldValidator( "permissionName", new StringValidator());
 			$this->registerFieldValidator( "permissionDescription", new StringValidator());
 			$this->registerFieldValidator( "permissionId", new IntegerValidator());
-			$this->registerField( "corePermission" );
-			$this->registerField( "adminOnlyPermission" );			
+			$this->registerFieldValidator( "corePermission", new IntegerValidator() );
+			$this->registerFieldValidator( "adminOnlyPermission", new IntegerValidator() );			
 			// and the view we should show in case there is a validation error
 			$errorView = new AdminTemplatedView( $this->_blogInfo, "editpermission" );
 			$errorView->setErrorMessage( $this->_locale->tr("error_updating_permission" ));			

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdatepluginsettingsaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdatepluginsettingsaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdatepluginsettingsaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -56,6 +56,7 @@
 			}
 			
 			// "can override" fields
+            // TODO: what validator?
 			$this->registerField( "canOverride" );
 		}
 

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdatepostaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdatepostaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdatepostaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -42,6 +42,7 @@
 
         	$view = new AdminEditPostView( $this->_blogInfo );
 
+                // TODO: this needs to be validated, maybe validate each part after it is split?
             $dateTimeParts = explode(" ", $this->_request->getValue("postDateTime"));
             $dateParts = explode("/", $dateTimeParts[0] );
             $timeParts = explode(":",$dateTimeParts[1] );

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdateresourceaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdateresourceaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdateresourceaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -31,12 +31,17 @@
 			// data validation
 			$this->registerFieldValidator( "albumId", new IntegerValidator());
 			$this->registerFieldValidator( "resourceId", new IntegerValidator());
-			$this->registerField( "resourceDescription" );
+                // TODO: we previously silently stripped out HTML, still okay this way?
+			$this->registerFieldValidator( "resourceDescription", new StringValidator());
+
+                // TODO: this gets a string from the locale - we correctly check it below
+                // so this validator is on the paranoid side, and could be removed if it
+                // breaks something
+			$this->registerFieldValidator( "regenerate", new StringValidator());
+
 			$view = new AdminEditResourceView( $this->_blogInfo );
 			$view->setErrorMessage( $this->_locale->tr("error_updating_resource" ));
 			$this->setValidationErrorView( $view );
-
-                
         }
 		
 		function validate()

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdateresourcealbumaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdateresourcealbumaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdateresourcealbumaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -34,8 +34,8 @@
 			$this->registerFieldValidator( "albumId", new IntegerValidator());
 			$this->registerFieldValidator( "albumName", new StringValidator());
 			$this->registerFieldValidator( "parentId", new IntegerValidator());
-			$this->registerField( "albumDescription" );
-			$this->registerField( "showAlbum" );
+			$this->registerFieldValidator( "albumDescription", new StringValidator() );
+			$this->registerFieldValidator( "showAlbum", new IntegerValidator() );
 			$view = new AdminEditResourceAlbumView( $this->_blogInfo );
 			$view->setErrorMessage( $this->_locale->tr("error_updating_album" ));
 			$this->setValidationErrorView( $view );
@@ -50,7 +50,7 @@
         {
         	$this->_albumId = $this->_request->getValue( "albumId" );
         	$this->_parentId = $this->_request->getValue( "parentId" );
-            $this->_albumName = Textfilter::filterAllHTML($this->_request->getValue( "albumName" ));			
+            $this->_albumName = Textfilter::filterAllHTML($this->_request->getValue( "albumName" ));
             $this->_albumDescription = Textfilter::filterAllHTML($this->_request->getValue( "albumDescription" ));
             $this->_showAlbum = $this->_request->getValue( "showAlbum" );
             if( $this->_showAlbum == "" )

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdateuserprofileaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdateuserprofileaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdateuserprofileaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -33,13 +33,17 @@
         	$this->AdminAction( $actionInfo, $request );
 			
 			// data validation
-			$this->registerField( "userFullName" );
+			$this->registerFieldValidator( "userFullName", new StringValidator() );
 			$this->registerFieldValidator( "userEmail", new EmailValidator());
 			$this->registerFieldValidator( "userPictureId", new IntegerValidator());
-			$this->registerField( "userAbout" );
+			$this->registerFieldValidator( "userId", new IntegerValidator());
+			$this->registerFieldValidator( "userAbout", new StringValidator() );
+                // TODO: what validator?
 			$this->registerField( "properties" );
-			$this->registerField( "userIsSiteAdmin" );
+                // TODO: I am not sure if this is an integer
+			$this->registerFieldValidator( "userIsSiteAdmin", new IntegerValidator() );
 			$this->registerFieldValidator( "userName", new UsernameValidator());
+                // TODO: what validator?
 			$this->registerField( "userPermissions" );
 			$this->registerFieldValidator( "userProfilePassword", new PasswordValidator(), true );
 			$this->registerFieldValidator( "userStatus", new IntegerValidator());

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdateusersettingsaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminupdateusersettingsaction.class.php	2008-06-07 13:14:25 UTC (rev 6506)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdateusersettingsaction.class.php	2008-06-07 15:03:45 UTC (rev 6507)
@@ -28,10 +28,11 @@
         	$this->AdminAction( $actionInfo, $request );
 			
             $this->registerField( "confirmPassword" );
-			$this->registerField( "userFullName" );
+			$this->registerFieldValidator( "userFullName" new StringValidator() );
 			$this->registerFieldValidator( "userEmail", new EmailValidator());
 			$this->registerFieldValidator( "userPictureId", new IntegerValidator());
-			$this->registerField( "userAbout" );
+			$this->registerField( "userAbout", new StringValidator() );
+                // TODO: what validator can be used for properties?
 			$this->registerField( "properties" );
 			$this->registerField( "userSettingsPassword" );
 			$view = new AdminUserProfileView( $this->_blogInfo, $this->_userInfo );



More information about the pLog-svn mailing list