[pLog-svn] r6489 - in plog/branches/lifetype-1.2/class: action data/filter

jondaley at devel.lifetype.net jondaley at devel.lifetype.net
Thu May 29 10:08:50 EDT 2008


Author: jondaley
Date: 2008-05-29 10:08:50 -0400 (Thu, 29 May 2008)
New Revision: 6489

Added:
   plog/branches/lifetype-1.2/class/data/filter/javascriptfilter.class.php
Modified:
   plog/branches/lifetype-1.2/class/action/addcommentaction.class.php
Log:
We shouldn't allow javascript in comments

Modified: plog/branches/lifetype-1.2/class/action/addcommentaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/addcommentaction.class.php	2008-05-29 14:08:24 UTC (rev 6488)
+++ plog/branches/lifetype-1.2/class/action/addcommentaction.class.php	2008-05-29 14:08:50 UTC (rev 6489)
@@ -12,6 +12,7 @@
     lt_include( PLOG_CLASS_PATH."class/data/validator/httpurlvalidator.class.php" );    
     lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
     lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
+    lt_include( PLOG_CLASS_PATH."class/data/filter/javascriptfilter.class.php" );
     lt_include( PLOG_CLASS_PATH."class/data/filter/urlconverter.class.php" );
     lt_include( PLOG_CLASS_PATH."class/data/filter/allowedhtmlfilter.class.php" );
     lt_include( PLOG_CLASS_PATH."class/data/filter/xhtmlizefilter.class.php" );
@@ -58,7 +59,8 @@
 			$this->_request->registerFilter( "userUrl", $f );
 
 			$f = new AllowedHtmlFilter();
-			$f->addFilter( new XhtmlizeFilter());			
+			$f->addFilter( new JavascriptFilter());
+			$f->addFilter( new XhtmlizeFilter());
 			$this->_request->registerFilter( "commentText", $f );			
 
 			// change the validation mode of the form

Added: plog/branches/lifetype-1.2/class/data/filter/javascriptfilter.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/data/filter/javascriptfilter.class.php	                        (rev 0)
+++ plog/branches/lifetype-1.2/class/data/filter/javascriptfilter.class.php	2008-05-29 14:08:50 UTC (rev 6489)
@@ -0,0 +1,25 @@
+<?php
+
+	lt_include( PLOG_CLASS_PATH."class/data/filter/filterbase.class.php" );
+
+	/**
+	 * \ingroup Filter
+	 *
+	 * This class extends the FilterBase interface to filter all Javascript
+	 * code in the given string
+	 */
+	class JavascriptFilter extends FilterBase
+	{
+		/**
+		 * Filters out all Javascript code
+		 *
+		 * @param data
+		 * @return The input string without Javascript code
+		 */
+		function filter( $data )
+		{
+			lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
+			return( parent::filter( Textfilter::filterJavascript( $data )));
+		}	
+	}
+?>
\ No newline at end of file



More information about the pLog-svn mailing list