diff options
author | Kevin Chabowski <kevin@kch42.de> | 2012-06-08 21:27:55 +0200 |
---|---|---|
committer | Kevin Chabowski <kevin@kch42.de> | 2012-06-08 21:27:55 +0200 |
commit | 11c872b1d8cd4cd905e2184f698af71862602d0b (patch) | |
tree | 5f01dd8b5d2abc3fcf1ddb78fc0a1aa992ac7ee2 | |
parent | 4bbacf8eff3d9433142250fe4b31c018010c1cc1 (diff) | |
download | ratatoeskr-cms-11c872b1d8cd4cd905e2184f698af71862602d0b.tar.gz ratatoeskr-cms-11c872b1d8cd4cd905e2184f698af71862602d0b.tar.bz2 ratatoeskr-cms-11c872b1d8cd4cd905e2184f698af71862602d0b.zip |
Article::test_urlname implemented.
-rw-r--r-- | ratatoeskr/backend.php | 2 | ||||
-rw-r--r-- | ratatoeskr/sys/models.php | 23 |
2 files changed, 23 insertions, 2 deletions
diff --git a/ratatoeskr/backend.php b/ratatoeskr/backend.php index 3670137..8cc174d 100644 --- a/ratatoeskr/backend.php +++ b/ratatoeskr/backend.php @@ -174,7 +174,7 @@ $backend_subactions = url_action_subactions(array( if(isset($_POST["save_article"])) { - if(!preg_match('/^[a-zA-Z0-9-_]+$/', @$_POST["urlname"])) + if(!Article::test_urlname($_POST["urlname"])) $fail_reasons[] = $translation["invalid_urlname"]; else $inputs["urlname"] = $_POST["urlname"]; diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php index 3cda168..5d6ee66 100644 --- a/ratatoeskr/sys/models.php +++ b/ratatoeskr/sys/models.php @@ -74,6 +74,13 @@ class AlreadyExistsError extends Exception { } */ class NotAllowedError extends Exception { } +/* + * Class: InvalidDataError + * Exception that will be thrown, if a object with invalid data (e.g. urlname in this form not allowed) should have been saved / created. + * Unless something else is said at a function, the exception message is a translation key. + */ +class InvalidDataError extends Exception { } + abstract class BySQLRowEnabled { protected function __construct() { } @@ -2329,6 +2336,11 @@ class Article extends BySQLRowEnabled */ public function get_id() { return $this->id; } + private static function test_urlname($urlname) + { + return (bool) preg_match('/^[a-zA-Z0-9-_]+$/', $urlname); + } + /* * Constructor: create * Create a new Article object. @@ -2337,12 +2349,15 @@ class Article extends BySQLRowEnabled * urlname - A unique URL name * * Throws: - * <AlreadyExistsError> + * <AlreadyExistsError>, <InvalidDataError> */ public static function create($urlname) { global $ratatoeskr_settings; + if(!self::test_urlname($urlname)) + throw new InvalidDataError("invalid_urlname"); + try { self::by_urlname($urlname); @@ -2622,9 +2637,15 @@ WHERE " . implode(" AND ", $subqueries) . " $sorting"); /* * Function: save + * + * Throws: + * <AlreadyExistsError>, <InvalidDataError> */ public function save() { + if(!self::test_urlname($this->urlname)) + throw new DoesNotExistError("invalid_urlname"); + $result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_articles` WHERE `urlname` = '%s' AND `id` != %d", $this->urlname, $this->id); $sqlrow = mysql_fetch_assoc($result); if($sqlrow["n"] > 0) |