aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKevin Chabowski <kevin@kch42.de>2012-06-08 22:39:03 +0200
committerKevin Chabowski <kevin@kch42.de>2012-06-08 22:39:03 +0200
commit89ca548864ca262f7d58f4ddfaf92fc08cb3dca9 (patch)
treeecac2f359e0306a17ad3010b434c7a232a761071
parentfb1b7e104b6dc672572a4467ff4337c50139a36e (diff)
downloadratatoeskr-cms-89ca548864ca262f7d58f4ddfaf92fc08cb3dca9.tar.gz
ratatoeskr-cms-89ca548864ca262f7d58f4ddfaf92fc08cb3dca9.tar.bz2
ratatoeskr-cms-89ca548864ca262f7d58f4ddfaf92fc08cb3dca9.zip
Article::test_status implemented
-rw-r--r--ratatoeskr/backend.php2
-rw-r--r--ratatoeskr/sys/models.php20
2 files changed, 20 insertions, 2 deletions
diff --git a/ratatoeskr/backend.php b/ratatoeskr/backend.php
index f9d5f4d..a6cc6f3 100644
--- a/ratatoeskr/backend.php
+++ b/ratatoeskr/backend.php
@@ -178,7 +178,7 @@ $backend_subactions = url_action_subactions(array(
$fail_reasons[] = $translation["invalid_urlname"];
else
$inputs["urlname"] = $_POST["urlname"];
- if((@$_POST["article_status"] < 0) or (@$_POST["article_status"] > 3))
+ if(!Article::test_status(@$_POST["article_status"]))
$fail_reasons[] = $translation["invalid_article_status"];
else
$inputs["article_status"] = (int) $_POST["article_status"];
diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php
index a20f726..4c18ffd 100644
--- a/ratatoeskr/sys/models.php
+++ b/ratatoeskr/sys/models.php
@@ -2373,6 +2373,21 @@ class Article extends BySQLRowEnabled
}
/*
+ * Function: test_status
+ * Test, if a status is valid.
+ *
+ * Parameters:
+ * $status - Status value to test.
+ *
+ * Returns:
+ * True, if the status is a valid status value, False otherwise.
+ */
+ public static function test_status($status)
+ {
+ return is_numeric($status) and ($status >= 0) and ($status <= 3);
+ }
+
+ /*
* Constructor: create
* Create a new Article object.
*
@@ -2675,7 +2690,10 @@ WHERE " . implode(" AND ", $subqueries) . " $sorting");
public function save()
{
if(!self::test_urlname($this->urlname))
- throw new DoesNotExistError("invalid_urlname");
+ throw new InvalidDataError("invalid_urlname");
+
+ if(!self::test_status($this->status))
+ throw new InvalidDataError("invalid_article_status");
$result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_articles` WHERE `urlname` = '%s' AND `id` != %d", $this->urlname, $this->id);
$sqlrow = mysql_fetch_assoc($result);