diff options
| author |  Marien Fressinaud <dev@marienfressinaud.fr>
| 2013-06-15 14:46:37 +0200 |
|---|---|---|
| committer | Marien Fressinaud <dev@marienfressinaud.fr>
| 2013-06-15 14:46:37 +0200 |
| commit | 6d184ad1b8b84ab31e342f539844e0dc5738423b (patch) | |
| tree | 30f83a95825111c0e115e7ffdfafefd3d2713874 | |
| parent | edffec1d698f0c65f4f50a11e1f35e39fc5b8a42 (diff) | |
Fix issue #89 : meilleure vérification des champs de formulaires (géré par Minz)
| -rwxr-xr-x | app/models/RSSConfiguration.php | 4 | ||||
| -rw-r--r-- | lib/minz/Request.php | 7 |
2 files changed, 8 insertions, 3 deletions
diff --git a/app/models/RSSConfiguration.php b/app/models/RSSConfiguration.php index 50dbd2555..6ebc30e8e 100755 --- a/app/models/RSSConfiguration.php +++ b/app/models/RSSConfiguration.php @@ -85,7 +85,7 @@ class RSSConfiguration extends Model { $this->language = $value; } public function _postsPerPage ($value) { - if (is_int (intval ($value))) { + if (is_int (intval ($value)) && $value > 0) { $this->posts_per_page = $value; } else { $this->posts_per_page = 10; @@ -120,7 +120,7 @@ class RSSConfiguration extends Model { } } public function _oldEntries ($value) { - if (is_int (intval ($value))) { + if (is_int (intval ($value)) && $value > 0) { $this->old_entries = $value; } else { $this->old_entries = 3; diff --git a/lib/minz/Request.php b/lib/minz/Request.php index 507630b84..3463686bc 100644 --- a/lib/minz/Request.php +++ b/lib/minz/Request.php @@ -31,7 +31,12 @@ class Request { } public static function param ($key, $default = false) { if (isset (self::$params[$key])) { - return self::$params[$key]; + $p = self::$params[$key]; + if(is_array($p)) { + return array_map(htmlspecialchars, $p); + } else { + return htmlspecialchars($p); + } } else { return $default; } |