Mercurial > hg > fapweb
changeset 215:bfd480370a70
More work on input validation.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Sun, 17 Nov 2013 22:17:11 +0200 |
parents | 36423e8ab765 |
children | bcc3c4696b3e |
files | admajax.php admin.php |
diffstat | 2 files changed, 16 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/admajax.php Sun Nov 17 22:01:40 2013 +0200 +++ b/admajax.php Sun Nov 17 22:17:11 2013 +0200 @@ -53,7 +53,7 @@ ) && stChkRequestItem("info", $fake, array(CHK_TYPE, VT_TEXT, "Invalid data."), - array(CHK_ISLT, VT_STR, SET_LEN_INFO, "Entry info too long.") + array(CHK_ISLT, VT_STR, SET_LEN_ENTRY_INFO, "Entry info too long.") ) && stChkRequestItem("compo_id", $compo_id, array(CHK_TYPE, VT_INT, "Invalid compo ID.") @@ -231,7 +231,7 @@ "<form>\n". " <table class=\"misc\">\n". " <tr>\n". - " <th colspan=\"5\">#".$id." - ".chentities($compo["name"])."</th>\n". + " <th colspan=\"6\">#".$id." - ".chentities($compo["name"])."</th>\n". " </tr>\n". " <tr>\n". " <th style=\"width:4%;\">ID#</th>\n". @@ -239,6 +239,7 @@ " <th>Title</th>\n". " <th>Author(s)</th>\n". " <th>Filename</th>\n". + " <th>Info</th>\n". " <th>Actions</th>\n". " </tr>\n"; @@ -249,13 +250,14 @@ " <tr id=\"entry".$eid."\">\n". " <td>".$eid."</td>\n". " <td>".($entry["show_id"] > 0 ? $entry["show_id"] : "-")."</td>\n". - " <td>".stGetFormTextInput(30, 64, "name", $eid, "en", $entry["name"])."</td>\n". - " <td>".stGetFormTextInput(30, 64, "author", $eid, "en", $entry["author"])."</td>\n". - " <td>".stGetFormTextInput(20, 64, "filename", $eid, "en", $entry["filename"])."</td>\n". + " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_NAME, "name", $eid, "en", $entry["name"])."</td>\n". + " <td>".stGetFormTextInput(15, SET_LEN_ENTRY_AUTHOR, "author", $eid, "en", $entry["author"])."</td>\n". + " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_FILENAME, "filename", $eid, "en", $entry["filename"])."</td>\n". + " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_INFO, "info", $eid, "en", $entry["info"])."</td>\n". " <td>". - stGetFormButtonInput("delete", $eid, $prefix, " Del ", "deleteEntry(".$eid.")"). + stGetFormButtonInput("delete", $eid, $prefix, "Del", "deleteEntry(".$eid.")"). stGetFormTextInput(3, 3, "compo_id", $eid, "en", $id). - stGetFormButtonInput("update", $eid, $prefix, " Upd ", "updateEntry(".$eid.")"). + stGetFormButtonInput("update", $eid, $prefix, "Upd", "updateEntry(".$eid.")"). "</td>\n". " </tr>\n"; } @@ -265,10 +267,11 @@ " <tr>\n". " <td></td>\n". " <td></td>\n". - " <td>".stGetFormTextInput(30, 64, "name", $id, "ne", "")."</td>\n". - " <td>".stGetFormTextInput(30, 64, "author", $id, "ne", "")."</td>\n". - " <td>".stGetFormTextInput(20, 64, "filename", $id, "ne", "")."</td>\n". - " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n". + " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_NAME, "name", $id, "ne", "")."</td>\n". + " <td>".stGetFormTextInput(15, SET_LEN_ENTRY_AUTHOR, "author", $id, "ne", "")."</td>\n". + " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_FILENAME, "filename", $id, "ne", "")."</td>\n". + " <td>".stGetFormTextInput(20, SET_LEN_ENTRY_INFO, "info", $id, "ne", "")."</td>\n". + " <td>".stGetFormButtonInput("add", $id, $prefix, "Add new", "addEntry(".$id.")")."</td>\n". " </tr>\n". " </table>\n". "</form>\n";
--- a/admin.php Sun Nov 17 22:01:40 2013 +0200 +++ b/admin.php Sun Nov 17 22:17:11 2013 +0200 @@ -314,7 +314,7 @@ function addEntry(id) { - var args = makePostArgs({"name":1, "author":1, "filename":0}, "ne", id); + var args = makePostArgs({"name":1, "author":1, "filename":0, "info":0}, "ne", id); var msuccess = function(txt) { @@ -329,7 +329,7 @@ function updateEntry(id) { - var args = makePostArgs({"name":1, "author":1, "filename":0, "compo_id":2}, "en", id); + var args = makePostArgs({"name":1, "author":1, "filename":0, "info":0, "compo_id":2}, "en", id); var msuccess = function(txt) {