From 1dda842bb80414c6d373e7fb41c63d4d31e035b6 Mon Sep 17 00:00:00 2001 From: Kevin Chabowski Date: Fri, 8 Jun 2012 22:52:39 +0200 Subject: Style::test_name implemented. --- ratatoeskr/backend.php | 2 +- ratatoeskr/sys/models.php | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/ratatoeskr/backend.php b/ratatoeskr/backend.php index ea79a6b..be03fc7 100644 --- a/ratatoeskr/backend.php +++ b/ratatoeskr/backend.php @@ -1059,7 +1059,7 @@ $backend_subactions = url_action_subactions(array( /* A write request? */ if(isset($_POST["save_style"])) { - if(preg_match("/^[a-zA-Z0-9\\-_\\.]+$/", $_POST["style_name"]) == 1) + if(Style::test_name($_POST["style_name"])) { $ste->vars["style_name"] = $_POST["style_name"]; $ste->vars["style_code"] = $_POST["style_code"]; diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php index 2dd48e5..44367dd 100644 --- a/ratatoeskr/sys/models.php +++ b/ratatoeskr/sys/models.php @@ -1129,6 +1129,21 @@ class Style extends BySQLRowEnabled $this->code = $sqlrow["code"]; } + /* + * Function: test_name + * Test, if a name is a valid Style name. + * + * Parameters: + * $name - The name to test + * + * Returns: + * True, if the name is a valid style name, False if not. + */ + public static function test_name($name) + { + return preg_match("/^[a-zA-Z0-9\\-_\\.]+$/", $name) == 1; + } + /* * Function: get_id */ @@ -1146,6 +1161,9 @@ class Style extends BySQLRowEnabled */ public static function create($name) { + if(!self::test_name($name)) + throw new InvalidDataError("invalid_style_name"); + try { self::by_name($name); @@ -1231,6 +1249,9 @@ class Style extends BySQLRowEnabled */ public function save() { + if(!self::test_name($name)) + throw new InvalidDataError("invalid_style_name"); + $result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_styles` WHERE `name` = '%s' AND `id` != %d", $this->name, $this->id); $sqlrow = mysql_fetch_assoc($result); if($sqlrow["n"] > 0) -- cgit v1.2.3-70-g09d2