[pLog-svn] r6489 - in plog/branches/lifetype-1.2/class: action data/filter
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Thu May 29 10:08:50 EDT 2008
Author: jondaley
Date: 2008-05-29 10:08:50 -0400 (Thu, 29 May 2008)
New Revision: 6489
Added:
plog/branches/lifetype-1.2/class/data/filter/javascriptfilter.class.php
Modified:
plog/branches/lifetype-1.2/class/action/addcommentaction.class.php
Log:
We shouldn't allow javascript in comments
Modified: plog/branches/lifetype-1.2/class/action/addcommentaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/addcommentaction.class.php 2008-05-29 14:08:24 UTC (rev 6488)
+++ plog/branches/lifetype-1.2/class/action/addcommentaction.class.php 2008-05-29 14:08:50 UTC (rev 6489)
@@ -12,6 +12,7 @@
lt_include( PLOG_CLASS_PATH."class/data/validator/httpurlvalidator.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/filter/htmlfilter.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/filter/javascriptfilter.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/filter/urlconverter.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/filter/allowedhtmlfilter.class.php" );
lt_include( PLOG_CLASS_PATH."class/data/filter/xhtmlizefilter.class.php" );
@@ -58,7 +59,8 @@
$this->_request->registerFilter( "userUrl", $f );
$f = new AllowedHtmlFilter();
- $f->addFilter( new XhtmlizeFilter());
+ $f->addFilter( new JavascriptFilter());
+ $f->addFilter( new XhtmlizeFilter());
$this->_request->registerFilter( "commentText", $f );
// change the validation mode of the form
Added: plog/branches/lifetype-1.2/class/data/filter/javascriptfilter.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/data/filter/javascriptfilter.class.php (rev 0)
+++ plog/branches/lifetype-1.2/class/data/filter/javascriptfilter.class.php 2008-05-29 14:08:50 UTC (rev 6489)
@@ -0,0 +1,25 @@
+<?php
+
+ lt_include( PLOG_CLASS_PATH."class/data/filter/filterbase.class.php" );
+
+ /**
+ * \ingroup Filter
+ *
+ * This class extends the FilterBase interface to filter all Javascript
+ * code in the given string
+ */
+ class JavascriptFilter extends FilterBase
+ {
+ /**
+ * Filters out all Javascript code
+ *
+ * @param data
+ * @return The input string without Javascript code
+ */
+ function filter( $data )
+ {
+ lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
+ return( parent::filter( Textfilter::filterJavascript( $data )));
+ }
+ }
+?>
\ No newline at end of file
More information about the pLog-svn
mailing list