From 89ca548864ca262f7d58f4ddfaf92fc08cb3dca9 Mon Sep 17 00:00:00 2001
From: Kevin Chabowski <kevin@kch42.de>
Date: Fri, 8 Jun 2012 22:39:03 +0200
Subject: Article::test_status implemented

---
 ratatoeskr/backend.php    |  2 +-
 ratatoeskr/sys/models.php | 20 +++++++++++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/ratatoeskr/backend.php b/ratatoeskr/backend.php
index f9d5f4d..a6cc6f3 100644
--- a/ratatoeskr/backend.php
+++ b/ratatoeskr/backend.php
@@ -178,7 +178,7 @@ $backend_subactions = url_action_subactions(array(
 					$fail_reasons[] = $translation["invalid_urlname"];
 				else
 					$inputs["urlname"] = $_POST["urlname"];
-				if((@$_POST["article_status"] < 0) or (@$_POST["article_status"] > 3))
+				if(!Article::test_status(@$_POST["article_status"]))
 					$fail_reasons[] = $translation["invalid_article_status"];
 				else
 					$inputs["article_status"] = (int) $_POST["article_status"];
diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php
index a20f726..4c18ffd 100644
--- a/ratatoeskr/sys/models.php
+++ b/ratatoeskr/sys/models.php
@@ -2372,6 +2372,21 @@ class Article extends BySQLRowEnabled
 		return (bool) preg_match('/^[a-zA-Z0-9-_]+$/', $urlname);
 	}
 	
+	/*
+	 * Function: test_status
+	 * Test, if a status is valid.
+	 * 
+	 * Parameters:
+	 * 	$status - Status value to test.
+	 * 
+	 * Returns:
+	 * 	True, if the status is a valid status value, False otherwise.
+	 */
+	public static function test_status($status)
+	{
+		return is_numeric($status) and ($status >= 0) and ($status <= 3);
+	}
+	
 	/*
 	 * Constructor: create
 	 * Create a new Article object.
@@ -2675,7 +2690,10 @@ WHERE " . implode(" AND ", $subqueries) . " $sorting");
 	public function save()
 	{
 		if(!self::test_urlname($this->urlname))
-			throw new DoesNotExistError("invalid_urlname");
+			throw new InvalidDataError("invalid_urlname");
+		
+		if(!self::test_status($this->status))
+			throw new InvalidDataError("invalid_article_status");
 			
 		$result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_articles` WHERE `urlname` = '%s' AND `id` != %d", $this->urlname, $this->id);
 		$sqlrow = mysql_fetch_assoc($result);
-- 
cgit v1.2.3-54-g00ecf