diff options
| author | Andreas Unterkircher <unki@netshadow.at> | 2007-07-29 09:01:40 +0000 |
|---|---|---|
| committer | Andreas Unterkircher <unki@netshadow.at> | 2007-07-29 09:01:40 +0000 |
| commit | 8223eed3290bc66d0a32b1706d20920a579176c4 (patch) | |
| tree | 409f9e4dc69cd421afc9e3f9dc1224adee4fbbbf /phpfspot.class.php | |
| parent | a1dbbbd01af8cb154d694fefc0527bbee0c6f05c (diff) | |
issue60, input validation for provided dates via RPC or $_GET
git-svn-id: file:///var/lib/svn/phpfspot/trunk@262 fa6a889d-dae6-447d-9e79-4ba9a3039384
Diffstat (limited to 'phpfspot.class.php')
| -rw-r--r-- | phpfspot.class.php | 69 |
1 files changed, 51 insertions, 18 deletions
diff --git a/phpfspot.class.php b/phpfspot.class.php index 9d3f548..3d707a8 100644 --- a/phpfspot.class.php +++ b/phpfspot.class.php @@ -114,11 +114,11 @@ class PHPFSPOT { if(isset($_GET['tags'])) { $_SESSION['selected_tags'] = split(',', $_GET['tags']); } - if(isset($_GET['from_date'])) { - $_SESSION['from_date'] = $_GET['from_date']; + if(isset($_GET['from_date']) && $this->isValidDate($_GET['from_date'])) { + $_SESSION['from_date'] = strtotime($_GET['from_date']); } - if(isset($_GET['to_date'])) { - $_SESSION['to_date'] = $_GET['to_date']; + if(isset($_GET['to_date']) && $this->isValidDate($_GET['to_date'])) { + $_SESSION['to_date'] = strtotime($_GET['to_date']); } break; case 'showp': @@ -130,11 +130,11 @@ class PHPFSPOT { $_SESSION['current_photo'] = $_GET['id']; $_SESSION['start_action'] = 'showp'; } - if(isset($_GET['from_date'])) { - $_SESSION['from_date'] = $_GET['from_date']; + if(isset($_GET['from_date']) && $this->isValidDate($_GET['from_date'])) { + $_SESSION['from_date'] = strtotime($_GET['from_date']); } - if(isset($_GET['to_date'])) { - $_SESSION['to_date'] = $_GET['to_date']; + if(isset($_GET['to_date']) && $this->isValidDate($_GET['to_date'])) { + $_SESSION['to_date'] = strtotime($_GET['to_date']); } break; case 'export': @@ -148,7 +148,7 @@ class PHPFSPOT { } if(isset($_SESSION['from_date']) && isset($_SESSION['to_date'])) - $this->tmpl->assign('date_search_enabled', true); + $this->tmpl->assign('date_search_enabled', true); $this->tmpl->assign('from_date', $this->get_calendar('from')); $this->tmpl->assign('to_date', $this->get_calendar('to')); @@ -330,7 +330,7 @@ class PHPFSPOT { $extern_link.= "&tags=". $current_tags; } if(isset($_SESSION['from_date']) && isset($_SESSION['to_date'])) { - $extern_link.= "&from_date=". $_SESSION['from_date'] ."&to_date=". $_SESSION['to_date']; + $extern_link.= "&from_date=". $this->ts2str($_SESSION['from_date']) ."&to_date=". $this->ts2str($_SESSION['to_date']); } $this->tmpl->assign('extern_link', $extern_link); @@ -567,8 +567,8 @@ class PHPFSPOT { $matched_photos = Array(); if(isset($_SESSION['from_date']) && isset($_SESSION['to_date'])) { - $from_date = strtotime($_SESSION['from_date'] ." 00:00:00"); - $to_date = strtotime($_SESSION['to_date'] ." 23:59:59"); + $from_date = $_SESSION['from_date']; + $to_date = $_SESSION['to_date']; $additional_where_cond = " p.time>='". $from_date ."' AND @@ -783,8 +783,8 @@ class PHPFSPOT { $this->tmpl->assign('searchfor', $_SESSION['searchfor']); if(isset($_SESSION['from_date']) && isset($_SESSION['to_date'])) { - $this->tmpl->assign('from_date', $_SESSION['from_date']); - $this->tmpl->assign('to_date', $_SESSION['to_date']); + $this->tmpl->assign('from_date', $this->ts2str($_SESSION['from_date'])); + $this->tmpl->assign('to_date', $this->ts2str($_SESSION['to_date'])); } if(isset($_SESSION['selected_tags']) && !empty($_SESSION['selected_tags'])) { @@ -876,7 +876,7 @@ class PHPFSPOT { $extern_link.= "&tags=". $current_tags; } if(isset($_SESSION['from_date']) && isset($_SESSION['to_date'])) { - $extern_link.= "&from_date=". $_SESSION['from_date'] ."&to_date=". $_SESSION['to_date']; + $extern_link.= "&from_date=". $this->ts2str($_SESSION['from_date']) ."&to_date=". $this->ts2str($_SESSION['to_date']); } $export_link = "index.php?mode=export"; @@ -1213,12 +1213,18 @@ class PHPFSPOT { * getPhotoSelection() will then only return the matching * photos. */ - public function startSearch($searchfor, $from, $to, $sort_order) + public function startSearch($searchfor, $sort_order, $from = 0, $to = 0) { $_SESSION['searchfor'] = $searchfor; - $_SESSION['from_date'] = $from; - $_SESSION['to_date'] = $to; $_SESSION['sort_order'] = $sort_order; + if($from != 0) + $_SESSION['from_date'] = strtotime($from); + else + unset($_SESSION['from_date']); + if($to != 0) + $_SESSION['to_date'] = strtotime($to); + else + unset($_SESSION['to_date']); if($searchfor != "") { /* new search, reset the current selected tags */ @@ -1228,6 +1234,7 @@ class PHPFSPOT { array_push($_SESSION['selected_tags'], $tag); } } + } // startSearch() /** @@ -1763,6 +1770,32 @@ class PHPFSPOT { } // get_random_photo() + /** + * validates provided date + * + * this function validates if the provided date + * contains a valid date and will return true + * if it is. + */ + public function isValidDate($date_str) + { + $timestamp = strtotime($date_str); + + if(is_numeric($timestamp)) + return true; + + return false; + + } // isValidDate() + + /** + * timestamp to string conversion + */ + private function ts2str($timestamp) + { + return strftime("%Y-%m-%d", $timestamp); + } // ts2str() + } ?> |