summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Unterkircher <unki@netshadow.at>2007-07-29 09:10:47 +0000
committerAndreas Unterkircher <unki@netshadow.at>2007-07-29 09:10:47 +0000
commit7f6d907624ab03de8a4044ae0ddcdad3a132f13c (patch)
tree374fdf3ff1252d1b5f9473b15082633604c0d298
parent8223eed3290bc66d0a32b1706d20920a579176c4 (diff)
issue60, if tags are provided in the calling URL they will now get verified
git-svn-id: file:///var/lib/svn/phpfspot/trunk@263 fa6a889d-dae6-447d-9e79-4ba9a3039384
-rw-r--r--phpfspot.class.php19
-rw-r--r--rpc.php1
2 files changed, 17 insertions, 3 deletions
diff --git a/phpfspot.class.php b/phpfspot.class.php
index 3d707a8..e500dbe 100644
--- a/phpfspot.class.php
+++ b/phpfspot.class.php
@@ -112,7 +112,7 @@ class PHPFSPOT {
switch($_GET['mode']) {
case 'showpi':
if(isset($_GET['tags'])) {
- $_SESSION['selected_tags'] = split(',', $_GET['tags']);
+ $_SESSION['selected_tags'] = $this->extractTags($_GET['tags']);
}
if(isset($_GET['from_date']) && $this->isValidDate($_GET['from_date'])) {
$_SESSION['from_date'] = strtotime($_GET['from_date']);
@@ -123,7 +123,7 @@ class PHPFSPOT {
break;
case 'showp':
if(isset($_GET['tags'])) {
- $_SESSION['selected_tags'] = split(',', $_GET['tags']);
+ $_SESSION['selected_tags'] = $this->extractTags($_GET['tags']);
$_SESSION['start_action'] = 'showp';
}
if(isset($_GET['id'])) {
@@ -156,7 +156,6 @@ class PHPFSPOT {
$this->tmpl->assign('content_page', 'welcome.tpl');
$this->tmpl->show("index.tpl");
-
} // show()
/**
@@ -1796,6 +1795,20 @@ class PHPFSPOT {
return strftime("%Y-%m-%d", $timestamp);
} // ts2str()
+ private function extractTags($tags_str)
+ {
+ $not_validated = split(',', $_GET['tags']);
+ $validated = array();
+
+ foreach($not_validated as $tag) {
+ if(is_numeric($tag))
+ array_push($validated, $tag);
+ }
+
+ return $validated;
+
+ } // extractTags()
+
}
?>
diff --git a/rpc.php b/rpc.php
index 39e2b77..bdb7004 100644
--- a/rpc.php
+++ b/rpc.php
@@ -106,6 +106,7 @@ class PHPFSPOT_RPC {
break;
case 'get_export':
+ /* $_GET['mode'] will be validated by getExport() */
$fspot->getExport($_GET['mode']);
break;