[pLog-svn] today's notes about validation

Jon Daley plogworld at jon.limedaley.com
Sat May 24 15:24:14 EDT 2008


I have looked through the public facing actions and they are all set, with 
the below exceptions/things to look into further.

I am done for today, but the admin side needs to be done as well as the 
views for public and admin.  It is possible/likely that the current admin 
code will have some issues in some places where html is being filtered out 
incorrectly.  I'll find it in the next couple days if someone else doesn't 
beat me to the task of going through all of the admin actions.

   templateaction: passes whole request to view

   searchengine searches drafts too when not using fulltext

   blogaction needs to validate the blogId,blogname,userid,username,blogdomain fields

   addcommentaction uses HttpVars::getRequest() need to look into that
           more.  allows html, need to verify the filters are getting rid
           of javascript, etc.  I believe they are.

   adminaddresourcealbumaction: Why was _form->registerField used?


More information about the pLog-svn mailing list