# HG changeset patch # User Matti Hamalainen # Date 1416467956 -7200 # Node ID 3b973041f6bbbc6e24e764a30640eb034bcbeb0e # Parent 3622720909c40e121d497cdfe8d56a5544a3ebdf Few fixes to entry data validation. diff -r 3622720909c4 -r 3b973041f6bb admajax.php --- a/admajax.php Thu Nov 20 09:03:33 2014 +0200 +++ b/admajax.php Thu Nov 20 09:19:16 2014 +0200 @@ -82,15 +82,23 @@ array(CHK_TYPE, VT_TEXT, "Invalid data."), array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_INFO, "Entry info too long.")); - stChkRequestItemFail("preview_type", $fake, $res, - array(CHK_TYPE, VT_INT, "Invalid data."), - array(CHK_RANGE, VT_INT, array(EPREV_NONE, EPREV_AUDIO), "Invalid preview type value.")); + if ($full) + { + stChkRequestItemFail("preview_type", $fake, $res, + array(CHK_TYPE, VT_INT, "Invalid data."), + array(CHK_RANGE, VT_INT, array(EPREV_NONE, EPREV_AUDIO), "Invalid preview type value.")); + } break; case COMPO_POINTS: + stChkRequestItemFail("evalue", $fake, $res, + array(CHK_TYPE, VT_INT, "Invalid points, must be a integer.")); + break; + case COMPO_ASSIGN: stChkRequestItemFail("evalue", $fake, $res, - array(CHK_TYPE, VT_INT, "Invalid evalue.")); + array(CHK_TYPE, VT_INT, "Invalid position, must be a integer."), + array(CHK_GTEQ, VT_INT, 1, "Invalid position, must be > 0.")); break; } @@ -1581,7 +1589,7 @@ if (($compo = stFetchSQL(stPrepareSQL("SELECT * FROM compos WHERE id=%D", "compo_id"))) === FALSE) stError("No such compo ID."); else - if (stValidateRequestEntryData($cfake, TRUE, $compo["ctype"])) + if (stValidateRequestEntryData($cfake, FALSE, $compo["ctype"])) { switch ($compo["ctype"]) {