From fb1b7e104b6dc672572a4467ff4337c50139a36e Mon Sep 17 00:00:00 2001 From: Kevin Chabowski Date: Fri, 8 Jun 2012 22:28:49 +0200 Subject: Tag::test_name implemented. --- ratatoeskr/backend.php | 2 +- ratatoeskr/sys/models.php | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/ratatoeskr/backend.php b/ratatoeskr/backend.php index 8cc174d..f9d5f4d 100644 --- a/ratatoeskr/backend.php +++ b/ratatoeskr/backend.php @@ -434,7 +434,7 @@ $backend_subactions = url_action_subactions(array( if(!empty($_POST["newtagname"])) { - if((strpos(@$_POST["new_tag_name"], ",") !== False) or (strpos(@$_POST["new_tag_name"], " ") !== False)) + if(!Tag::test_name(@$_POST["newtagname"])) $ste->vars["error"] = $translation["invalid_tag_name"]; else $newtag = $_POST["newtagname"]; diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php index 95a500f..a20f726 100644 --- a/ratatoeskr/sys/models.php +++ b/ratatoeskr/sys/models.php @@ -1677,6 +1677,21 @@ class Tag extends BySQLRowEnabled public $name; public $title; + /* + * Function: test_name + * Test, if a name is a valid tag name. + * + * Parameters: + * $name - Name to test. + * + * Returns: + * True, if the name is valid, False otherwise. + */ + public static function test_name($name) + { + return (strpos($name, ",") === False) and (strpos($name, " ") === False); + } + /* * Function: get_id */ @@ -1701,6 +1716,9 @@ class Tag extends BySQLRowEnabled */ public static function create($name) { + if(!self::test_name($name)) + throw new InvalidDataError("invalid_tag_name"); + try { $obj = self::by_name($name); @@ -1818,6 +1836,9 @@ WHERE `b`.`tag` = '%d'" , $this->id); */ public function save() { + if(!self::test_name($name)) + throw new InvalidDataError("invalid_tag_name"); + $result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_tags` WHERE `name` = '%s' AND `id` != %d", $this->name, $this->id); $sqlrow = mysql_fetch_assoc($result); if($sqlrow["n"] > 0) -- cgit v1.2.3-54-g00ecf