tonyair/silverstripe-blog
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-blog synced 2024-10-22 09:05:58 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX Fixed some potential security issues in BlogHolder page type

Browse Source
This commit is contained in:
Sean Harvey 2008-11-06 00:36:58 +00:00
parent c3c97201d4
commit 224fe02c3b
1 changed files with 16 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
code/BlogHolder.php
View File

@ -53,7 +53,7 @@ class BlogHolder extends Page {
return $fields; return $fields;
} }
/** /**
* Get entries in this blog. * Get entries in this blog.
* @param string limit A clause to insert into the limit clause. * @param string limit A clause to insert into the limit clause.
@ -66,9 +66,8 @@ class BlogHolder extends Page {
$dateCheck = ''; $dateCheck = '';
if($tag) { if($tag) {
$SQL_tag = addslashes($tag); $SQL_tag = Convert::raw2sql($tag);
$SQL_tag = str_replace(array("\\",'_','%',"'"), array("\\\\","\\_","\\%","\\'"), $tag); $tagCheck = "AND `BlogEntry`.Tags LIKE '%$SQL_tag%'";
$tagCheck = "AND `BlogEntry`.Tags LIKE '%$tag%'";
} }
if($date) { if($date) {
@ -95,9 +94,8 @@ class BlogHolder extends Page {
*/ */
function ShowTag() { function ShowTag() {
if(Director::urlParam('Action') == 'tag') { if(Director::urlParam('Action') == 'tag') {
return Director::urlParam('ID'); return Convert::raw2xml(Director::urlParam('ID'));
} }
return isset($_GET['tag']) ? $_GET['tag'] : false;
} }
/** /**
@ -111,10 +109,10 @@ class BlogHolder extends Page {
Requirements::javascript('blog/javascript/bbcodehelp.js'); Requirements::javascript('blog/javascript/bbcodehelp.js');
$id = 0; $id = 0;
if(Director::urlParam('ID')){ if(Director::urlParam('ID')) {
$id = Director::urlParam('ID'); $id = (int) Director::urlParam('ID');
} }
$codeparser = new BBCodeParser(); $codeparser = new BBCodeParser();
$membername = Member::currentMember() ? Member::currentMember()->getName() : ""; $membername = Member::currentMember() ? Member::currentMember()->getName() : "";
@ -140,10 +138,10 @@ class BlogHolder extends Page {
$form = new BlogEntry_Form($this, 'BlogEntryForm',$fields, $actions,$validator); $form = new BlogEntry_Form($this, 'BlogEntryForm',$fields, $actions,$validator);
if($id != 0){ if($id != 0) {
$form->loadNonBlankDataFrom(DataObject::get_by_id('BlogEntry',$id)); $form->loadNonBlankDataFrom(DataObject::get_by_id('BlogEntry', $id));
}else{ } else {
$form->loadNonBlankDataFrom(array("Author" => Cookie::get("BlogHolder_Name"))); $form->loadNonBlankDataFrom(array("Author" => Cookie::get("BlogHolder_Name")));
} }
return $form; return $form;
@ -152,7 +150,7 @@ class BlogHolder extends Page {
/** /**
* Check if url has "/post" * Check if url has "/post"
*/ */
function isPost(){ function isPost() {
return Director::urlParam('Action') == 'post'; return Director::urlParam('Action') == 'post';
} }
@ -160,7 +158,7 @@ class BlogHolder extends Page {
* Link for creating a new blog entry * Link for creating a new blog entry
*/ */
function postURL(){ function postURL(){
return $this->Link('post'); return $this->Link('post');
} }
/** /**
@ -224,16 +222,11 @@ class BlogHolder_Controller extends Page_Controller {
} }
function BlogEntries($limit = 10) { function BlogEntries($limit = 10) {
$start = isset($_GET['start']) ? (int)$_GET['start'] : 0; $start = isset($_GET['start']) ? (int) $_GET['start'] : 0;
$tag = ''; $tag = '';
$date = ''; $date = '';
if(isset($_GET['tag'])) { if(Director::urlParams()) {
$tag = $_GET['tag'];
}
if(Director::urlParams()){
if(Director::urlParam('Action') == 'tag') { if(Director::urlParam('Action') == 'tag') {
$tag = Director::urlParam('ID'); $tag = Director::urlParam('ID');
} else { } else {
@ -271,6 +264,7 @@ class BlogHolder_Controller extends Page_Controller {
return $output; return $output;
} }
function tag() { function tag() {
if($this->ShowTag()) { if($this->ShowTag()) {
return array( return array(