[pLog-svn] r6475 - plog/branches/lifetype-1.2/class/action

jondaley at devel.lifetype.net jondaley at devel.lifetype.net
Sat May 24 15:15:45 EDT 2008 

Author: jondaley
Date: 2008-05-24 15:15:45 -0400 (Sat, 24 May 2008)
New Revision: 6475

Modified:
   plog/branches/lifetype-1.2/class/action/defaultaction.class.php
Log:
_searchTerms is a member variable.  Filter out html from optional searchTerms.  deny html in names

Modified: plog/branches/lifetype-1.2/class/action/defaultaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/defaultaction.class.php	2008-05-24 19:14:59 UTC (rev 6474)
+++ plog/branches/lifetype-1.2/class/action/defaultaction.class.php	2008-05-24 19:15:45 UTC (rev 6475)
@@ -6,6 +6,7 @@
 	lt_include( PLOG_CLASS_PATH."class/data/validator/usernamevalidator.class.php" );
 	lt_include( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );	
     lt_include( PLOG_CLASS_PATH."class/view/errorview.class.php" );
+    lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
 
     /**
      * \ingroup Action
@@ -23,13 +24,15 @@
 		var $_userId;
 		var $_userName;
 		var $_postAmount;
+        var $_searchTerms;
 
 		function DefaultAction( $actionInfo, $request )
         {
 			$this->BlogAction( $actionInfo, $request );
 			
+			$this->registerFieldValidator( "searchTerms", new StringValidator( true ), true );
 			$this->registerFieldValidator( "postCategoryId", new IntegerValidator(), true );
-			$this->registerFieldValidator( "postCategoryName", new StringValidator(), true );
+			$this->registerFieldValidator( "postCategoryName", new StringValidator( false ), true );
 			$this->registerFieldValidator( "userId", new IntegerValidator(), true );
 			$this->registerFieldValidator( "userName", new UsernameValidator(), true );
 			
@@ -56,7 +59,7 @@
 					
 			$this->_userId = $this->_request->getValue( 'userId', -1 );
 			$this->_userName = $this->_request->getValue( 'userName', '' );
-			$this->_searchTerms = $this->_request->getValue( 'searchTerms', '' );
+            $this->_searchTerms = $this->_request->getFilteredValue( "searchTerms", new HtmlFilter());
 
             return true;
         }

More information about the pLog-svn mailing list