diff options
author | Andreas Unterkircher <unki@netshadow.at> | 2007-07-29 09:10:47 +0000 |
---|---|---|
committer | Andreas Unterkircher <unki@netshadow.at> | 2007-07-29 09:10:47 +0000 |
commit | 7f6d907624ab03de8a4044ae0ddcdad3a132f13c (patch) | |
tree | 374fdf3ff1252d1b5f9473b15082633604c0d298 | |
parent | 8223eed3290bc66d0a32b1706d20920a579176c4 (diff) |
issue60, if tags are provided in the calling URL they will now get verified
git-svn-id: file:///var/lib/svn/phpfspot/trunk@263 fa6a889d-dae6-447d-9e79-4ba9a3039384
-rw-r--r-- | phpfspot.class.php | 19 | ||||
-rw-r--r-- | rpc.php | 1 |
2 files changed, 17 insertions, 3 deletions
diff --git a/phpfspot.class.php b/phpfspot.class.php index 3d707a8..e500dbe 100644 --- a/phpfspot.class.php +++ b/phpfspot.class.php @@ -112,7 +112,7 @@ class PHPFSPOT { switch($_GET['mode']) { case 'showpi': if(isset($_GET['tags'])) { - $_SESSION['selected_tags'] = split(',', $_GET['tags']); + $_SESSION['selected_tags'] = $this->extractTags($_GET['tags']); } if(isset($_GET['from_date']) && $this->isValidDate($_GET['from_date'])) { $_SESSION['from_date'] = strtotime($_GET['from_date']); @@ -123,7 +123,7 @@ class PHPFSPOT { break; case 'showp': if(isset($_GET['tags'])) { - $_SESSION['selected_tags'] = split(',', $_GET['tags']); + $_SESSION['selected_tags'] = $this->extractTags($_GET['tags']); $_SESSION['start_action'] = 'showp'; } if(isset($_GET['id'])) { @@ -156,7 +156,6 @@ class PHPFSPOT { $this->tmpl->assign('content_page', 'welcome.tpl'); $this->tmpl->show("index.tpl"); - } // show() /** @@ -1796,6 +1795,20 @@ class PHPFSPOT { return strftime("%Y-%m-%d", $timestamp); } // ts2str() + private function extractTags($tags_str) + { + $not_validated = split(',', $_GET['tags']); + $validated = array(); + + foreach($not_validated as $tag) { + if(is_numeric($tag)) + array_push($validated, $tag); + } + + return $validated; + + } // extractTags() + } ?> @@ -106,6 +106,7 @@ class PHPFSPOT_RPC { break; case 'get_export': + /* $_GET['mode'] will be validated by getExport() */ $fspot->getExport($_GET['mode']); break; |