Mercurial > hg > fapweb
changeset 707:2dc533ae3afd
Fix compo data validation by adding boolean for checking full data when
updating, etc.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Mon, 10 Nov 2014 23:26:48 +0200 |
| parents | a91a91b8160e |
| children | 114b77baf1c2 |
| files | admajax.php |
| diffstat | 1 files changed, 11 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/admajax.php Mon Nov 10 21:28:36 2014 +0200 +++ b/admajax.php Mon Nov 10 23:26:48 2014 +0200 @@ -52,7 +52,7 @@ } -function stValidateRequestEntryData(&$compo_id) +function stValidateRequestEntryData(&$compo_id, $full) { $res = TRUE; @@ -75,6 +75,13 @@ stChkRequestItemFail("compo_id", $compo_id, $res, array(CHK_TYPE, VT_INT, "Invalid compo ID.")); + if ($full) + { + stChkRequestItemFail("notes", $fake, $res, + array(CHK_TYPE, VT_TEXT, "Invalid data."), + array(CHK_LTEQ, VT_STR, SET_LEN_ENTRY_NOTES, "Entry notes too long.")); + } + return $res; } @@ -1503,7 +1510,7 @@ stExecSQLCond($sql, "OK, attendee added."); } else - if ($type == "entry" && stValidateRequestEntryData($fake)) + if ($type == "entry" && stValidateRequestEntryData($fake, FALSE)) { if (stFetchSQLColumn(stPrepareSQL("SELECT id FROM compos WHERE id=%D", "compo_id")) === FALSE) { @@ -1604,7 +1611,7 @@ } } else - if ($type == "entry" && stValidateRequestEntryData($compo_id)) + if ($type == "entry" && stValidateRequestEntryData($compo_id, TRUE)) { if (stFetchSQLColumn("SELECT id FROM compos WHERE id=".$compo_id) === FALSE) { @@ -1619,6 +1626,7 @@ "author" => "S", "filename" => "S", "info" => "Q", + "notes" => "Q", "compo_id" => "D", ));