[pLog-svn] r6436 - in plog/branches/lifetype-1.2/class: action/admin view/admin
mark at devel.lifetype.net
mark at devel.lifetype.net
Sun May 4 03:15:44 EDT 2008
Author: mark
Date: 2008-05-04 03:15:43 -0400 (Sun, 04 May 2008)
New Revision: 6436
Modified:
plog/branches/lifetype-1.2/class/action/admin/adminblogcategoriesaction.class.php
plog/branches/lifetype-1.2/class/action/admin/admineditcommentsaction.class.php
plog/branches/lifetype-1.2/class/action/admin/admineditglobalarticlecategoriesaction.class.php
plog/branches/lifetype-1.2/class/action/admin/admineditlinkcategoriesaction.class.php
plog/branches/lifetype-1.2/class/action/admin/admineditlinksaction.class.php
plog/branches/lifetype-1.2/class/action/admin/admineditpostsaction.class.php
plog/branches/lifetype-1.2/class/action/admin/adminresourcesaction.class.php
plog/branches/lifetype-1.2/class/view/admin/adminarticlecategorieslistview.class.php
plog/branches/lifetype-1.2/class/view/admin/adminsiteblogslistview.class.php
plog/branches/lifetype-1.2/class/view/admin/adminsiteuserslistview.class.php
Log:
Fixed XSS XSS Vulnerabilities
reported here: http://www.securityfocus.com/archive/1/491550
Although, I don't think it is serious to us.
Modified: plog/branches/lifetype-1.2/class/action/admin/adminblogcategoriesaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminblogcategoriesaction.class.php 2008-05-03 13:30:14 UTC (rev 6435)
+++ plog/branches/lifetype-1.2/class/action/admin/adminblogcategoriesaction.class.php 2008-05-04 07:15:43 UTC (rev 6436)
@@ -2,6 +2,7 @@
lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
lt_include( PLOG_CLASS_PATH."class/view/admin/adminblogcategorieslistview.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
class AdminBlogCategoriesAction extends AdminAction
{
@@ -15,7 +16,7 @@
function perform()
{
- $searchTerms = $this->_request->getValue( "searchTerms" );
+ $searchTerms = $this->_request->getFilteredValue( "searchTerms", new HtmlFilter());
$this->_view = new AdminBlogCategoriesListView( $this->_blogInfo, Array( "searchTerms" => $searchTerms ));
$this->setCommonData();
}
Modified: plog/branches/lifetype-1.2/class/action/admin/admineditcommentsaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admineditcommentsaction.class.php 2008-05-03 13:30:14 UTC (rev 6435)
+++ plog/branches/lifetype-1.2/class/action/admin/admineditcommentsaction.class.php 2008-05-04 07:15:43 UTC (rev 6436)
@@ -4,7 +4,7 @@
lt_include( PLOG_CLASS_PATH."class/view/admin/adminarticlecommentslistview.class.php" );
lt_include( PLOG_CLASS_PATH."class/view/admin/adminpostslistview.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
- lt_include( PLOG_CLASS_PATH."class/data/filter/htmlspecialcharsfilter.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
/**
* \ingroup Action
@@ -45,10 +45,8 @@
// get the validated parameters from the request
$articleId = $this->_request->getValue( "articleId" );
$showStatus = $this->_request->getValue( "showStatus" );
- $searchTerms = $this->_request->getvalue( "searchTerms" );
+ $searchTerms = $this->_request->getFilteredValue( "searchTerms", new HtmlFilter());
- $f = new HtmlSpecialCharsFilter();
-
if( $articleId && $articleId > 0 ) {
$articles = new Articles();
$article = $articles->getBlogArticle( $articleId, $this->_blogInfo->getId());
@@ -59,13 +57,13 @@
else
$this->_view = new $this->_viewClass( $this->_blogInfo, Array( "article" => $article,
"showStatus" => $showStatus,
- "searchTerms" => $f->filter( $searchTerms )));
+ "searchTerms" => $searchTerms ));
}
else {
// if there is no article id, then we will show all comments from all posts...
$this->_view = new $this->_viewClass( $this->_blogInfo, Array( "article" => null,
"showStatus" => $showStatus,
- "searchTerms" => $f->filter( $searchTerms )));
+ "searchTerms" => $searchTerms ));
}
$this->setCommonData();
Modified: plog/branches/lifetype-1.2/class/action/admin/admineditglobalarticlecategoriesaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admineditglobalarticlecategoriesaction.class.php 2008-05-03 13:30:14 UTC (rev 6435)
+++ plog/branches/lifetype-1.2/class/action/admin/admineditglobalarticlecategoriesaction.class.php 2008-05-04 07:15:43 UTC (rev 6436)
@@ -1,11 +1,12 @@
<?php
- /**
- * GLobal artical Category files added by Ameng(Ameng.vVlogger.com) 2005-06-20
- * version 1.0
- * Changed from original article category.
- */
- lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
- lt_include( PLOG_CLASS_PATH."class/view/admin/adminglobalarticlecategorieslistview.class.php" );
+ /**
+ * GLobal artical Category files added by Ameng(Ameng.vVlogger.com) 2005-06-20
+ * version 1.0
+ * Changed from original article category.
+ */
+ lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/view/admin/adminglobalarticlecategorieslistview.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
/**
* \ingroup Action
@@ -24,7 +25,7 @@
{
$this->AdminAction( $actionInfo, $request );
- $this->_searchTerms = $this->_request->getValue( "searchTerms" );
+ $this->_searchTerms = $this->_request->getFilteredValue( "searchTerms", new HtmlFilter());
$this->requireAdminPermission( "view_global_categories" );
}
Modified: plog/branches/lifetype-1.2/class/action/admin/admineditlinkcategoriesaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admineditlinkcategoriesaction.class.php 2008-05-03 13:30:14 UTC (rev 6435)
+++ plog/branches/lifetype-1.2/class/action/admin/admineditlinkcategoriesaction.class.php 2008-05-04 07:15:43 UTC (rev 6436)
@@ -2,6 +2,7 @@
lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
lt_include( PLOG_CLASS_PATH."class/view/admin/adminlinkcategorieslistview.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
/**
* \ingroup Action
@@ -27,7 +28,7 @@
function perform()
{
// get all the link categories
- $searchTerms = $this->_request->getValue( "searchTerms" );
+ $searchTerms = $this->_request->getFilteredValue( "searchTerms", new HtmlFilter());
$this->_view = new AdminLinkCategoriesListView( $this->_blogInfo, Array( "searchTerms" => $searchTerms ) );
$this->setCommonData();
Modified: plog/branches/lifetype-1.2/class/action/admin/admineditlinksaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admineditlinksaction.class.php 2008-05-03 13:30:14 UTC (rev 6435)
+++ plog/branches/lifetype-1.2/class/action/admin/admineditlinksaction.class.php 2008-05-04 07:15:43 UTC (rev 6436)
@@ -3,6 +3,7 @@
lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/view/admin/adminlinkslistview.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
/**
* \ingroup Action
@@ -44,7 +45,7 @@
{
// get the id of the category we'd like to load
$this->_categoryId = $this->_request->getValue( "showCategory" );
- $this->_searchTerms = $this->_request->getValue( "searchTerms" );
+ $this->_searchTerms = $this->_request->getFilteredValue( "searchTerms", new HtmlFilter());
// and create the view with all the parameters we'll need
$this->_view = new AdminLinksListView( $this->_blogInfo, Array( "showCategory" => $this->_categoryId,
Modified: plog/branches/lifetype-1.2/class/action/admin/admineditpostsaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/admineditpostsaction.class.php 2008-05-03 13:30:14 UTC (rev 6435)
+++ plog/branches/lifetype-1.2/class/action/admin/admineditpostsaction.class.php 2008-05-04 07:15:43 UTC (rev 6436)
@@ -3,6 +3,7 @@
lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
lt_include( PLOG_CLASS_PATH."class/view/admin/adminpostslistview.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
/**
* \ingroup Action
@@ -60,13 +61,14 @@
*/
function perform()
{
+ $this->_searchTerms = $this->_request->getFilteredValue( "searchTerms", new HtmlFilter());
// create the view with the right parameters...
$this->_view = new AdminPostsListView( $this->_blogInfo,
Array( "showCategory" => $this->_request->getValue( "showCategory" ),
"showStatus" => $this->_request->getValue( "showStatus" ),
"showUser" => $this->_request->getValue( "showUser" ),
"showMonth" => $this->_request->getValue( "showMonth" ),
- "searchTerms" => $this->_request->getValue( "searchTerms" )));
+ "searchTerms" => $this->_searchTerms ));
$this->setCommonData();
// better to return true if everything fine
Modified: plog/branches/lifetype-1.2/class/action/admin/adminresourcesaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminresourcesaction.class.php 2008-05-03 13:30:14 UTC (rev 6435)
+++ plog/branches/lifetype-1.2/class/action/admin/adminresourcesaction.class.php 2008-05-04 07:15:43 UTC (rev 6436)
@@ -5,6 +5,7 @@
lt_include( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/view/admin/adminerrorview.class.php" );
lt_include( PLOG_CLASS_PATH."class/gallery/dao/galleryresourcestorage.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
/**
* \ingroup Action
@@ -60,7 +61,7 @@
function perform()
{
$this->_albumId = $this->_request->getValue( "albumId", 0 );
- $this->_searchTerms = $this->_request->getValue( "searchTerms" );
+ $this->_searchTerms = $this->_request->getFilteredValue( "searchTerms", new HtmlFilter());
$errorMessage = $this->checkFolders();
if( $errorMessage ) {
Modified: plog/branches/lifetype-1.2/class/view/admin/adminarticlecategorieslistview.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/view/admin/adminarticlecategorieslistview.class.php 2008-05-03 13:30:14 UTC (rev 6435)
+++ plog/branches/lifetype-1.2/class/view/admin/adminarticlecategorieslistview.class.php 2008-05-04 07:15:43 UTC (rev 6436)
@@ -3,6 +3,7 @@
lt_include( PLOG_CLASS_PATH."class/view/admin/admintemplatedview.class.php" );
lt_include( PLOG_CLASS_PATH."class/dao/articlecategories.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/pager/pager.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
/**
* \ingroup View
@@ -36,7 +37,7 @@
// get the page too
$this->_page = $this->getCurrentPageFromRequest();
- $this->_searchTerms = HttpVars::getRequestValue( "searchTerms" );
+ $this->_searchTerms = $this->_request->getFilteredValue( "searchTerms", new HtmlFilter());
// retrieve the categories in an paged fashion
$totalCategories = $categories->getBlogNumCategories( $this->_blogInfo->getId(), true, $this->_searchTerms );
Modified: plog/branches/lifetype-1.2/class/view/admin/adminsiteblogslistview.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/view/admin/adminsiteblogslistview.class.php 2008-05-03 13:30:14 UTC (rev 6435)
+++ plog/branches/lifetype-1.2/class/view/admin/adminsiteblogslistview.class.php 2008-05-04 07:15:43 UTC (rev 6436)
@@ -3,6 +3,7 @@
lt_include( PLOG_CLASS_PATH."class/view/admin/admintemplatedview.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/pager/pager.class.php" );
lt_include( PLOG_CLASS_PATH."class/dao/blogs.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
/**
* \ingroup View
@@ -54,7 +55,7 @@
// we need to get all the blogs
// get the data itself
$this->_status = $this->getStatusFromRequest();
- $this->_searchTerms = HttpVars::getRequestValue( "searchTerms" );
+ $this->_searchTerms = $this->_request->getFilteredValue( "searchTerms", new HtmlFilter());
$blogs = new Blogs();
$siteBlogs = $blogs->getAllBlogs( $this->_status, ALL_BLOG_CATEGORIES, $this->_searchTerms, $this->_page, DEFAULT_ITEMS_PER_PAGE );
// print("search terms = ".$this->_searchTerms);
Modified: plog/branches/lifetype-1.2/class/view/admin/adminsiteuserslistview.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/view/admin/adminsiteuserslistview.class.php 2008-05-03 13:30:14 UTC (rev 6435)
+++ plog/branches/lifetype-1.2/class/view/admin/adminsiteuserslistview.class.php 2008-05-04 07:15:43 UTC (rev 6436)
@@ -3,7 +3,8 @@
lt_include( PLOG_CLASS_PATH."class/view/admin/admintemplatedview.class.php" );
lt_include( PLOG_CLASS_PATH."class/dao/users.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/pager/pager.class.php" );
- lt_include( PLOG_CLASS_PATH."class/dao/userstatus.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/dao/userstatus.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
/**
* \ingroup View
@@ -63,7 +64,7 @@
// get the current page
$this->_page = $this->getCurrentPageFromRequest();
$this->_status = $this->getStatusFromRequest();
- $this->_searchTerms = HttpVars::getRequestValue( "searchTerms");
+ $this->_searchTerms = $this->_request->getFilteredValue( "searchTerms", new HtmlFilter());
// get the users of the blog
$users = new Users();
More information about the pLog-svn
mailing list