aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ratatoeskr/backend.php2
-rw-r--r--ratatoeskr/sys/models.php21
2 files changed, 22 insertions, 1 deletions
diff --git a/ratatoeskr/backend.php b/ratatoeskr/backend.php
index 8cc174d..f9d5f4d 100644
--- a/ratatoeskr/backend.php
+++ b/ratatoeskr/backend.php
@@ -434,7 +434,7 @@ $backend_subactions = url_action_subactions(array(
if(!empty($_POST["newtagname"]))
{
- if((strpos(@$_POST["new_tag_name"], ",") !== False) or (strpos(@$_POST["new_tag_name"], " ") !== False))
+ if(!Tag::test_name(@$_POST["newtagname"]))
$ste->vars["error"] = $translation["invalid_tag_name"];
else
$newtag = $_POST["newtagname"];
diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php
index 95a500f..a20f726 100644
--- a/ratatoeskr/sys/models.php
+++ b/ratatoeskr/sys/models.php
@@ -1678,6 +1678,21 @@ class Tag extends BySQLRowEnabled
public $title;
/*
+ * Function: test_name
+ * Test, if a name is a valid tag name.
+ *
+ * Parameters:
+ * $name - Name to test.
+ *
+ * Returns:
+ * True, if the name is valid, False otherwise.
+ */
+ public static function test_name($name)
+ {
+ return (strpos($name, ",") === False) and (strpos($name, " ") === False);
+ }
+
+ /*
* Function: get_id
*/
public function get_id() { return $this->id; }
@@ -1701,6 +1716,9 @@ class Tag extends BySQLRowEnabled
*/
public static function create($name)
{
+ if(!self::test_name($name))
+ throw new InvalidDataError("invalid_tag_name");
+
try
{
$obj = self::by_name($name);
@@ -1818,6 +1836,9 @@ WHERE `b`.`tag` = '%d'" , $this->id);
*/
public function save()
{
+ if(!self::test_name($name))
+ throw new InvalidDataError("invalid_tag_name");
+
$result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_tags` WHERE `name` = '%s' AND `id` != %d", $this->name, $this->id);
$sqlrow = mysql_fetch_assoc($result);
if($sqlrow["n"] > 0)