[pLog-svn] r6474 - plog/branches/lifetype-1.2/class/action
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Sat May 24 15:14:59 EDT 2008
Author: jondaley
Date: 2008-05-24 15:14:59 -0400 (Sat, 24 May 2008)
New Revision: 6474
Modified:
plog/branches/lifetype-1.2/class/action/viewarticletrackbacksaction.class.php
Log:
validate date field. deny html in names
Modified: plog/branches/lifetype-1.2/class/action/viewarticletrackbacksaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/viewarticletrackbacksaction.class.php 2008-05-24 19:14:31 UTC (rev 6473)
+++ plog/branches/lifetype-1.2/class/action/viewarticletrackbacksaction.class.php 2008-05-24 19:14:59 UTC (rev 6474)
@@ -29,9 +29,9 @@
$this->BlogAction( $actionInfo, $request );
$this->registerFieldValidator( "articleId", new IntegerValidator(), true );
- $this->registerFieldValidator( "articleName", new StringValidator(), true );
+ $this->registerFieldValidator( "articleName", new StringValidator( false ), true );
$this->registerFieldValidator( "postCategoryId", new IntegerValidator(), true );
- $this->registerFieldValidator( "postCategoryName", new StringValidator(), true );
+ $this->registerFieldValidator( "postCategoryName", new StringValidator( false ), true );
$this->registerFieldValidator( "userId", new IntegerValidator(), true );
$this->registerFieldValidator( "userName", new UsernameValidator(), true );
@@ -49,7 +49,10 @@
$this->_categoryName = $this->_request->getValue( "postCategoryName" );
$this->_userId = $this->_request->getValue( "userId", -1 );
$this->_userName = $this->_request->getValue( "userName" );
- $this->_date = $this->_request->getValue( "Date", -1 );
+ $this->_date = $this->_request->getValue( "Date" );
+ $val = new IntegerValidator();
+ if( !$val->validate( $this->_date ) )
+ $this->_date = -1;
// Caculate the correct article date period
$adjustedDates = $this->_getCorrectedDatePeriod( $this->_date );
More information about the pLog-svn
mailing list