issue60, if tags are provided in the calling URL they will now get verified

author Andreas Unterkircher <unki@netshadow.at>

Sun, 29 Jul 2007 09:10:47 +0000 (09:10 +0000)

committer Andreas Unterkircher <unki@netshadow.at>

Sun, 29 Jul 2007 09:10:47 +0000 (09:10 +0000)
author Andreas Unterkircher <unki@netshadow.at>
Sun, 29 Jul 2007 09:10:47 +0000 (09:10 +0000)
committer Andreas Unterkircher <unki@netshadow.at>
Sun, 29 Jul 2007 09:10:47 +0000 (09:10 +0000)
diff --git a/phpfspot.class.php b/phpfspot.class.php

index 3d707a82fb7137142608091c9a4a627fbc914f29..e500dbe41c09dd427ca872202c51a672f4ea8adb 100644 (file)
--- a/phpfspot.class.php
+++ b/phpfspot.class.php
@@ -112,7 +112,7 @@ class PHPFSPOT {
        switch($_GET['mode']) {
           case 'showpi':
              if(isset($_GET['tags'])) {
        switch($_GET['mode']) {
           case 'showpi':
              if(isset($_GET['tags'])) {
-               $_SESSION['selected_tags'] = split(',', $_GET['tags']);
+               $_SESSION['selected_tags'] = $this->extractTags($_GET['tags']);
              }
              if(isset($_GET['from_date']) && $this->isValidDate($_GET['from_date'])) {
                 $_SESSION['from_date'] = strtotime($_GET['from_date']);
              }
              if(isset($_GET['from_date']) && $this->isValidDate($_GET['from_date'])) {
                 $_SESSION['from_date'] = strtotime($_GET['from_date']);
@@ -123,7 +123,7 @@ class PHPFSPOT {
              break;
           case 'showp':
              if(isset($_GET['tags'])) {
              break;
           case 'showp':
              if(isset($_GET['tags'])) {
-               $_SESSION['selected_tags'] = split(',', $_GET['tags']);
+               $_SESSION['selected_tags'] = $this->extractTags($_GET['tags']);
                 $_SESSION['start_action'] = 'showp';
              }
              if(isset($_GET['id'])) {
                 $_SESSION['start_action'] = 'showp';
              }
              if(isset($_GET['id'])) {
@@ -156,7 +156,6 @@ class PHPFSPOT {
        $this->tmpl->assign('content_page', 'welcome.tpl');
        $this->tmpl->show("index.tpl");
  
        $this->tmpl->assign('content_page', 'welcome.tpl');
        $this->tmpl->show("index.tpl");
  
-
     } // show()
  
     /**
     } // show()
  
     /**
@@ -1796,6 +1795,20 @@ class PHPFSPOT {
        return strftime("%Y-%m-%d", $timestamp);
     } // ts2str()
  
        return strftime("%Y-%m-%d", $timestamp);
     } // ts2str()
  
+   private function extractTags($tags_str)
+   {
+      $not_validated = split(',', $_GET['tags']);
+      $validated = array();
+
+      foreach($not_validated as $tag) {
+         if(is_numeric($tag))
+            array_push($validated, $tag);
+      }
+   
+      return $validated;
+   
+   } // extractTags()
+
  }
  
  ?>
  }
  
  ?>
diff --git a/rpc.php b/rpc.php

index 39e2b7726efa606ba11637d5b8359916ac962ba6..bdb7004ad6de1d6a03ec68c1760077517aa8e67d 100644 (file)
--- a/rpc.php
+++ b/rpc.php
@@ -106,6 +106,7 @@ class PHPFSPOT_RPC {
              break;
  
           case 'get_export':
              break;
  
           case 'get_export':
+            /* $_GET['mode'] will be validated by getExport() */
              $fspot->getExport($_GET['mode']);
              break;
  
              $fspot->getExport($_GET['mode']);
              break;
author	Andreas Unterkircher <unki@netshadow.at>
	Sun, 29 Jul 2007 09:10:47 +0000 (09:10 +0000)
committer	Andreas Unterkircher <unki@netshadow.at>
	Sun, 29 Jul 2007 09:10:47 +0000 (09:10 +0000)
phpfspot.class.php		patch \| blob \| history
rpc.php		patch \| blob \| history