[pLog-svn] r6919 - plog/branches/lifetype-1.2/class/action/admin
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Wed Sep 9 19:33:19 EDT 2009
Author: jondaley
Date: 2009-09-09 19:33:19 -0400 (Wed, 09 Sep 2009)
New Revision: 6919
Modified:
plog/branches/lifetype-1.2/class/action/admin/adminnewpostaction.class.php
Log:
allow the bookmarklet to work. fixes #1292
Modified: plog/branches/lifetype-1.2/class/action/admin/adminnewpostaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminnewpostaction.class.php 2009-09-09 23:07:18 UTC (rev 6918)
+++ plog/branches/lifetype-1.2/class/action/admin/adminnewpostaction.class.php 2009-09-09 23:33:19 UTC (rev 6919)
@@ -4,6 +4,8 @@
lt_include( PLOG_CLASS_PATH."class/view/admin/adminnewpostview.class.php" );
lt_include( PLOG_CLASS_PATH."class/view/admin/admintemplatedview.class.php" );
lt_include( PLOG_CLASS_PATH."class/dao/articlecategories.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+ lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
/**
* \ingroup Action
@@ -22,6 +24,7 @@
function AdminNewPostAction( $actionInfo, $request )
{
$this->AdminAction( $actionInfo, $request );
+ $this->registerFieldValidator( "postText", new StringValidator( true ), true );
// security checks
$this->requirePermission( "add_post" );
@@ -51,6 +54,17 @@
$config =& Config::getConfig();
$this->_view->setValue( "globalArticleCategoryId", $config->getValue( "default_global_article_category_id", 0 ));
+ $postText = $this->_request->getValue( "postText" );
+
+ // check if javascript code is allowed in posts
+ $config =& Config::getConfig();
+ // Don't ever allow javascript when directing from the 'bookmarklet'
+ // or perhaps other hackers trying to exploit the poor lifetype user
+// if( !$config->getValue( "allow_javascript_blocks_in_posts", false ))
+ $postText = Textfilter::filterJavaScript( $postText );
+ $postText = trim(Textfilter::xhtmlize( $postText ));
+ $this->_view->setValue( "postText", $postText );
+
$this->setCommonData();
More information about the pLog-svn
mailing list