diff options
| author | Kevin Chabowski <kevin@kch42.de> | 2012-06-08 22:47:00 +0200 |
|---|---|---|
| committer | Kevin Chabowski <kevin@kch42.de> | 2012-06-08 22:47:00 +0200 |
| commit | 66ecc6db41cd4b7e06f0c953f3b5c88506765b06 (patch) | |
| tree | af33f3cfd2b7e8be93e88e69a1288542ba1929be /ratatoeskr | |
| parent | 89ca548864ca262f7d58f4ddfaf92fc08cb3dca9 (diff) | |
| download | ratatoeskr-cms-66ecc6db41cd4b7e06f0c953f3b5c88506765b06.tar.gz ratatoeskr-cms-66ecc6db41cd4b7e06f0c953f3b5c88506765b06.tar.bz2 ratatoeskr-cms-66ecc6db41cd4b7e06f0c953f3b5c88506765b06.zip | |
Section::test_name implemented.
Diffstat (limited to 'ratatoeskr')
| -rw-r--r-- | ratatoeskr/backend.php | 2 | ||||
| -rw-r--r-- | ratatoeskr/sys/models.php | 29 |
2 files changed, 26 insertions, 5 deletions
diff --git a/ratatoeskr/backend.php b/ratatoeskr/backend.php index a6cc6f3..ea79a6b 100644 --- a/ratatoeskr/backend.php +++ b/ratatoeskr/backend.php @@ -1112,7 +1112,7 @@ $backend_subactions = url_action_subactions(array( { if((preg_match("/^[a-zA-Z0-9\\-_\\.]+$/", $_POST["template"]) == 0) or (!is_file(SITE_BASE_PATH . "/ratatoeskr/templates/src/usertemplates/{$_POST['template']}"))) $ste->vars["error"] = $translation["unknown_template"]; - else if(preg_match("/^[a-zA-Z0-9\\-_]+$/", $_POST["section_name"]) == 0) + else if(!Section::test_name($_POST["section_name"])) $ste->vars["error"] = $translation["invalid_section_name"]; else { diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php index 4c18ffd..2dd48e5 100644 --- a/ratatoeskr/sys/models.php +++ b/ratatoeskr/sys/models.php @@ -1472,6 +1472,21 @@ class Section extends BySQLRowEnabled } /* + * Function: test_name + * Tests, if a name is a valid section name. + * + * Parameters: + * $name - The name to test. + * + * Returns: + * True, if the name is a valid section name, False otherwise. + */ + public static function test_name($name) + { + return preg_match("/^[a-zA-Z0-9\\-_]+$/", $name) != 0; + } + + /* * Function: get_id */ public function get_id() { return $this->id; } @@ -1484,10 +1499,13 @@ class Section extends BySQLRowEnabled * $name - The name of the new section. * * Throws: - * <AlreadyExistsError> + * <AlreadyExistsError>, <InvalidDataError> */ public static function create($name) { + if(!self::test_name($name)) + throw new InvalidDataError("invalid_section_name"); + try { $obj = self::by_name($name); @@ -1619,10 +1637,13 @@ class Section extends BySQLRowEnabled * Function: save * * Throws: - * <AlreadyExistsError> + * <AlreadyExistsError>, <InvalidDataError> */ public function save() { + if(!self::test_name($name)) + throw new InvalidDataError("invalid_section_name"); + $result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_sections` WHERE `name` = '%s' AND `id` != %d", $this->name, $this->id); $sqlrow = mysql_fetch_assoc($result); if($sqlrow["n"] > 0) @@ -1712,7 +1733,7 @@ class Tag extends BySQLRowEnabled * $name - The name * * Throws: - * <AlreadyExistsError> + * <AlreadyExistsError>, <InvalidDataError> */ public static function create($name) { @@ -1832,7 +1853,7 @@ WHERE `b`.`tag` = '%d'" , $this->id); * Function: save * * Throws: - * <AlreadyExistsError> + * <AlreadyExistsError>, <InvalidDataError> */ public function save() { |