diff options
Diffstat (limited to 'ratatoeskr')
-rw-r--r-- | ratatoeskr/backend.php | 2 | ||||
-rw-r--r-- | ratatoeskr/sys/models.php | 20 |
2 files changed, 20 insertions, 2 deletions
diff --git a/ratatoeskr/backend.php b/ratatoeskr/backend.php index f9d5f4d..a6cc6f3 100644 --- a/ratatoeskr/backend.php +++ b/ratatoeskr/backend.php @@ -178,7 +178,7 @@ $backend_subactions = url_action_subactions(array( $fail_reasons[] = $translation["invalid_urlname"]; else $inputs["urlname"] = $_POST["urlname"]; - if((@$_POST["article_status"] < 0) or (@$_POST["article_status"] > 3)) + if(!Article::test_status(@$_POST["article_status"])) $fail_reasons[] = $translation["invalid_article_status"]; else $inputs["article_status"] = (int) $_POST["article_status"]; diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php index a20f726..4c18ffd 100644 --- a/ratatoeskr/sys/models.php +++ b/ratatoeskr/sys/models.php @@ -2373,6 +2373,21 @@ class Article extends BySQLRowEnabled } /* + * Function: test_status + * Test, if a status is valid. + * + * Parameters: + * $status - Status value to test. + * + * Returns: + * True, if the status is a valid status value, False otherwise. + */ + public static function test_status($status) + { + return is_numeric($status) and ($status >= 0) and ($status <= 3); + } + + /* * Constructor: create * Create a new Article object. * @@ -2675,7 +2690,10 @@ WHERE " . implode(" AND ", $subqueries) . " $sorting"); public function save() { if(!self::test_urlname($this->urlname)) - throw new DoesNotExistError("invalid_urlname"); + throw new InvalidDataError("invalid_urlname"); + + if(!self::test_status($this->status)) + throw new InvalidDataError("invalid_article_status"); $result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_articles` WHERE `urlname` = '%s' AND `id` != %d", $this->urlname, $this->id); $sqlrow = mysql_fetch_assoc($result); |