aboutsummaryrefslogtreecommitdiff
path: root/ratatoeskr
diff options
context:
space:
mode:
authorKevin Chabowski <kevin@kch42.de>2012-06-08 22:47:00 +0200
committerKevin Chabowski <kevin@kch42.de>2012-06-08 22:47:00 +0200
commit66ecc6db41cd4b7e06f0c953f3b5c88506765b06 (patch)
treeaf33f3cfd2b7e8be93e88e69a1288542ba1929be /ratatoeskr
parent89ca548864ca262f7d58f4ddfaf92fc08cb3dca9 (diff)
downloadratatoeskr-cms-66ecc6db41cd4b7e06f0c953f3b5c88506765b06.tar.gz
ratatoeskr-cms-66ecc6db41cd4b7e06f0c953f3b5c88506765b06.tar.bz2
ratatoeskr-cms-66ecc6db41cd4b7e06f0c953f3b5c88506765b06.zip
Section::test_name implemented.
Diffstat (limited to 'ratatoeskr')
-rw-r--r--ratatoeskr/backend.php2
-rw-r--r--ratatoeskr/sys/models.php29
2 files changed, 26 insertions, 5 deletions
diff --git a/ratatoeskr/backend.php b/ratatoeskr/backend.php
index a6cc6f3..ea79a6b 100644
--- a/ratatoeskr/backend.php
+++ b/ratatoeskr/backend.php
@@ -1112,7 +1112,7 @@ $backend_subactions = url_action_subactions(array(
{
if((preg_match("/^[a-zA-Z0-9\\-_\\.]+$/", $_POST["template"]) == 0) or (!is_file(SITE_BASE_PATH . "/ratatoeskr/templates/src/usertemplates/{$_POST['template']}")))
$ste->vars["error"] = $translation["unknown_template"];
- else if(preg_match("/^[a-zA-Z0-9\\-_]+$/", $_POST["section_name"]) == 0)
+ else if(!Section::test_name($_POST["section_name"]))
$ste->vars["error"] = $translation["invalid_section_name"];
else
{
diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php
index 4c18ffd..2dd48e5 100644
--- a/ratatoeskr/sys/models.php
+++ b/ratatoeskr/sys/models.php
@@ -1472,6 +1472,21 @@ class Section extends BySQLRowEnabled
}
/*
+ * Function: test_name
+ * Tests, if a name is a valid section name.
+ *
+ * Parameters:
+ * $name - The name to test.
+ *
+ * Returns:
+ * True, if the name is a valid section name, False otherwise.
+ */
+ public static function test_name($name)
+ {
+ return preg_match("/^[a-zA-Z0-9\\-_]+$/", $name) != 0;
+ }
+
+ /*
* Function: get_id
*/
public function get_id() { return $this->id; }
@@ -1484,10 +1499,13 @@ class Section extends BySQLRowEnabled
* $name - The name of the new section.
*
* Throws:
- * <AlreadyExistsError>
+ * <AlreadyExistsError>, <InvalidDataError>
*/
public static function create($name)
{
+ if(!self::test_name($name))
+ throw new InvalidDataError("invalid_section_name");
+
try
{
$obj = self::by_name($name);
@@ -1619,10 +1637,13 @@ class Section extends BySQLRowEnabled
* Function: save
*
* Throws:
- * <AlreadyExistsError>
+ * <AlreadyExistsError>, <InvalidDataError>
*/
public function save()
{
+ if(!self::test_name($name))
+ throw new InvalidDataError("invalid_section_name");
+
$result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_sections` WHERE `name` = '%s' AND `id` != %d", $this->name, $this->id);
$sqlrow = mysql_fetch_assoc($result);
if($sqlrow["n"] > 0)
@@ -1712,7 +1733,7 @@ class Tag extends BySQLRowEnabled
* $name - The name
*
* Throws:
- * <AlreadyExistsError>
+ * <AlreadyExistsError>, <InvalidDataError>
*/
public static function create($name)
{
@@ -1832,7 +1853,7 @@ WHERE `b`.`tag` = '%d'" , $this->id);
* Function: save
*
* Throws:
- * <AlreadyExistsError>
+ * <AlreadyExistsError>, <InvalidDataError>
*/
public function save()
{