[pLog-svn] r6919 - plog/branches/lifetype-1.2/class/action/admin

jondaley at devel.lifetype.net jondaley at devel.lifetype.net
Wed Sep 9 19:33:19 EDT 2009 

Author: jondaley
Date: 2009-09-09 19:33:19 -0400 (Wed, 09 Sep 2009)
New Revision: 6919

Modified:
   plog/branches/lifetype-1.2/class/action/admin/adminnewpostaction.class.php
Log:
allow the bookmarklet to work. fixes #1292

Modified: plog/branches/lifetype-1.2/class/action/admin/adminnewpostaction.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/action/admin/adminnewpostaction.class.php	2009-09-09 23:07:18 UTC (rev 6918)
+++ plog/branches/lifetype-1.2/class/action/admin/adminnewpostaction.class.php	2009-09-09 23:33:19 UTC (rev 6919)
@@ -4,6 +4,8 @@
     lt_include( PLOG_CLASS_PATH."class/view/admin/adminnewpostview.class.php" );
     lt_include( PLOG_CLASS_PATH."class/view/admin/admintemplatedview.class.php" );
     lt_include( PLOG_CLASS_PATH."class/dao/articlecategories.class.php" );    
+    lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
+	lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
 
     /**
      * \ingroup Action
@@ -22,6 +24,7 @@
         function AdminNewPostAction( $actionInfo, $request )
         {
         	$this->AdminAction( $actionInfo, $request );
+        	$this->registerFieldValidator( "postText", new StringValidator( true ), true );
 
 			// security checks
 			$this->requirePermission( "add_post" );
@@ -51,6 +54,17 @@
 			$config =& Config::getConfig();
 			$this->_view->setValue( "globalArticleCategoryId", $config->getValue( "default_global_article_category_id", 0 ));
 
+            $postText = $this->_request->getValue( "postText" );
+			
+			// check if javascript code is allowed in posts
+			$config =& Config::getConfig();
+                // Don't ever allow javascript when directing from the 'bookmarklet'
+                // or perhaps other hackers trying to exploit the poor lifetype user
+//			if( !$config->getValue( "allow_javascript_blocks_in_posts", false ))
+            $postText = Textfilter::filterJavaScript( $postText );
+        	$postText = trim(Textfilter::xhtmlize( $postText ));
+			$this->_view->setValue( "postText", $postText );
+
             $this->setCommonData();

More information about the pLog-svn mailing list