Objet : devel-adl
Archives de la liste
- From: thomas AT lolut.utbm.info
- To: devel AT agendadulibre.org
- Subject: [Devel] r94 - trunk
- Date: Sat, 17 Sep 2005 18:44:08 +0200 (CEST)
- List-archive: <http://lolut.utbm.info/pipermail/devel>
- List-id: Developpement de l'Agenda du Libre <devel.agendadulibre.org>
Author: thomas
Date: 2005-09-17 18:44:06 +0200 (Sat, 17 Sep 2005)
New Revision: 94
Modified:
trunk/funcs.inc.php
trunk/ical.php
trunk/index.php
trunk/moderate.php
trunk/rss.php
trunk/showevent.php
Log:
Integration des patchs de verification des entrees proposes par David Mentre
Modified: trunk/funcs.inc.php
===================================================================
--- trunk/funcs.inc.php 2005-09-17 16:28:24 UTC (rev 93)
+++ trunk/funcs.inc.php 2005-09-17 16:44:06 UTC (rev 94)
@@ -459,6 +459,16 @@
return htmlspecialchars(stripslashes(strip_tags($str, $allowed_tags)));
}
+/* Function to safely get identifiers from forms */
+function get_safe_integer($name, $default)
+{
+ if (ereg("^[0-9]+$", $_GET[$name])) { // match only positive integers
+ return $_GET[$name];
+ } else {
+ return $default;
+ }
+}
+
function edit_event ($db, $title, $start, $end, $description,
$city, $region, $locality, $url, $contact,
$wants_preview = FALSE)
Modified: trunk/ical.php
===================================================================
--- trunk/ical.php 2005-09-17 16:28:24 UTC (rev 93)
+++ trunk/ical.php 2005-09-17 16:44:06 UTC (rev 94)
@@ -82,7 +82,9 @@
return $db->query ($sql);
}
-$list = get_events ($db, $_GET['region']);
+$region = get_safe_integer('region', 'all');
+
+$list = get_events ($db, $region);
if ($list == FALSE)
{
echo "Erreur lors de la r�cup�ration des �v�nements";
@@ -103,4 +105,4 @@
ical_end_calendar();
-?>
\ No newline at end of file
+?>
Modified: trunk/index.php
===================================================================
--- trunk/index.php 2005-09-17 16:28:24 UTC (rev 93)
+++ trunk/index.php 2005-09-17 16:44:06 UTC (rev 94)
@@ -37,8 +37,15 @@
*/
if($_GET['month'] && $_GET['year'])
{
- $month = $_GET['month'];
- $year = $_GET['year'];
+ if (ereg("^[0-9]{1,2}", $_GET['month']) // month is N or NN
+ && ereg("^[0-9]{4}", $_GET['year']) // year is NNNN
+ && 1 <= $_GET['month'] && $_GET['month'] <= 12) {
+ $month = $_GET['month'];
+ $year = $_GET['year'];
+ } else {
+ $year = date("Y");
+ $month = date("n");
+ }
}
else
{
Modified: trunk/moderate.php
===================================================================
--- trunk/moderate.php 2005-09-17 16:28:24 UTC (rev 93)
+++ trunk/moderate.php 2005-09-17 16:44:06 UTC (rev 94)
@@ -208,6 +208,7 @@
return $row->id;
}
+
$session = new session();
if (! $session->exists("agenda_libre_id"))
@@ -254,16 +255,18 @@
echo "<p><b>Important</b>: <a href=\"moderateinfos.php\">Recommandations sur
la mod�ration</a></p>";
+$id = get_safe_integer('id', 0);
+
/*
* Edit an event
*/
if ($_POST['__event_edit'])
{
- $event = fetch_event($db, $_GET['id']);
+ $event = fetch_event($db, $id);
if ($event)
{
- echo "<form action=\"?id=".$_GET['id']."\" method=\"post\">\n";
+ echo "<form action=\"?id=".$id."\" method=\"post\">\n";
edit_event ($db, $event->title,
strtotime($event->start_time),
strtotime($event->end_time),
@@ -285,7 +288,7 @@
*/
else if ($_POST['__event_save'])
{
- $ret = save_event ($db, $_GET['id'],
+ $ret = save_event ($db, $id,
$_POST['__event_title'],
mktime($_POST['__event_start_hour'],
$_POST['__event_start_minute'],
@@ -322,7 +325,7 @@
*/
else if ($_POST['__event_accept'])
{
- accept_event ($db, $_GET['id'], $session->value("agenda_libre_id"));
+ accept_event ($db, $id, $session->value("agenda_libre_id"));
}
/*
@@ -330,7 +333,7 @@
*/
else if ($_POST['__event_delete'])
{
- delete_event ($db, $_GET['id'], $session->value("agenda_libre_id"));
+ delete_event ($db, $id, $session->value("agenda_libre_id"));
}
/*
Modified: trunk/rss.php
===================================================================
--- trunk/rss.php 2005-09-17 16:28:24 UTC (rev 93)
+++ trunk/rss.php 2005-09-17 16:44:06 UTC (rev 94)
@@ -65,9 +65,11 @@
}
/* Fetch region name */
-if ($_GET['region'] != "all")
+$region_num = get_safe_integer('region', 'all');
+
+if ($region_num != "all")
{
- $ret = $db->query ("select name from regions where id=" . $_GET['region']);
+ $ret = $db->query ("select name from regions where id=" . $region_num);
if ($ret == FALSE)
{
echo "Erreur lors de la recherche de la r�gion";
@@ -98,7 +100,7 @@
echo " <rdf:Seq>\n";
/* Generate item list */
-$list = get_events ($db, $_GET['region']);
+$list = get_events ($db, $region_num);
if ($list == FALSE)
{
echo "Erreur lors de la r�cup�ration des �v�nements";
@@ -115,7 +117,7 @@
echo "</channel>\n\n\n";
/* Generate items */
-$list = get_events ($db, $_GET['region']);
+$list = get_events ($db, $region_num);
if ($list == FALSE)
{
echo "Erreur lors de la r�cup�ration des �v�nements";
Modified: trunk/showevent.php
===================================================================
--- trunk/showevent.php 2005-09-17 16:28:24 UTC (rev 93)
+++ trunk/showevent.php 2005-09-17 16:44:06 UTC (rev 94)
@@ -27,7 +27,7 @@
put_header("Agenda du Libre - Informations sur un �v�nement");
-$event = fetch_event ($db, $_GET['id']);
+$event = fetch_event ($db, get_safe_integer('id', 0));
if ($event)
{
- [Devel] r94 - trunk, thomas, 17/09/2005
Archives gérées par MHonArc 2.6.16.