[pLog-svn] r6469 - plog/branches/lifetype-1.2/class/data/forms
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Sat May 24 12:38:24 EDT 2008
Author: jondaley
Date: 2008-05-24 12:38:24 -0400 (Sat, 24 May 2008)
New Revision: 6469
Modified:
plog/branches/lifetype-1.2/class/data/forms/formvalidator.class.php
Log:
I think this fixes XSS issues, at least as long as registerFieldValidator is appropriately set. Check the documentation http://wiki.lifetype.net/index.php/Forms_and_data_validation where the system was designed to display unvalidated data.
Modified: plog/branches/lifetype-1.2/class/data/forms/formvalidator.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/data/forms/formvalidator.class.php 2008-05-18 11:31:21 UTC (rev 6468)
+++ plog/branches/lifetype-1.2/class/data/forms/formvalidator.class.php 2008-05-24 16:38:24 UTC (rev 6469)
@@ -108,7 +108,8 @@
}
$this->_validationResults["$fieldName"] = $validationResult;
- $this->_fieldValues["$fieldName"] = $fieldValue;
+ if($validationResult)
+ $this->_fieldValues["$fieldName"] = $fieldValue;
// if one of the validations is false, then cancel the whole thing
$finalValidationResult = $finalValidationResult && $validationResult;
More information about the pLog-svn
mailing list