[pLog-svn] r6534 - plog/branches/lifetype-1.2/class/action/admin
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Mon Jun 9 12:50:52 EDT 2008
Author: jondaley
Date: 2008-06-09 12:50:52 -0400 (Mon, 09 Jun 2008)
New Revision: 6534
Modified:
plog/branches/lifetype-1.2/class/action/admin/adminsendtrackbacksaction.class.php
Log:
commented potentially insecure model
Modified: plog/branches/lifetype-1.2/class/action/admin/adminsendtrackbacksaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminsendtrackbacksaction.class.php 2008-06-09 16:45:34 UTC (rev 6533)
+++ plog/branches/lifetype-1.2/class/action/admin/adminsendtrackbacksaction.class.php 2008-06-09 16:50:52 UTC (rev 6534)
@@ -48,6 +48,11 @@
// fetch the validated data
$this->_postId = $this->_request->getValue( "postId" );
+ // fetch the un-validated data. TODO: is this safe?
+ $this->_postLinks = $this->_request->getValue( "postLink" );
+ $this->_trackbackLinks = $this->_request->getValue( "trackbackLink" );
+
+
// Need to do validation here because we need one of the validations to pass
$val = new ArrayValidator( new HttpUrlValidator() );
if( !$val->validate( $this->_postLinks ) && !$val->validate( $this->_trackbackLinks ) ) {
@@ -58,10 +63,6 @@
return false;
}
- // fetch the validated data
- $this->_postLinks = $this->_request->getValue( "postLink" );
- $this->_trackbackLinks = $this->_request->getValue( "trackbackLink" );
-
return true;
}
More information about the pLog-svn
mailing list