On 5/31/07, Enlightenment CVS <[EMAIL PROTECTED]> wrote:
>
> Enlightenment CVS committal
>
> Author : mej
> Project : web
> Module : www
>
> Dir : web/www/p/news
>
>
> Modified Files:
> class.news.php latestnews.php
>
>
> Log Message:
> Wed May 30 20:03:24 2007 Michael Jennings (mej)
>
> Clean up Inc's mess.
> ----------------------------------------------------------------------
>
> ===================================================================
> RCS file: /cvs/e/web/www/p/news/class.news.php,v
> retrieving revision 1.2
> retrieving revision 1.3
> diff -u -3 -r1.2 -r1.3
> --- class.news.php 27 May 2007 13:00:16 -0000 1.2
> +++ class.news.php 31 May 2007 00:03:25 -0000 1.3
> @@ -5,10 +5,14 @@
> var $list = array();
> var $dirnews;
> var $limit = 0;
> + var $lang = "en";
>
> function __construct() {
> $i = 0;
> - $this->dirnews = "p/news/".$_GET['l'];
> + if (isset($_GET['l']) && (strlen($_GET['l']) == 2)) {
> + $this->lang = $_GET['l'];
> + }
> + $this->dirnews = "p/news/" . $this->lang;
This isn't a lot better either,
Sure it helps against people reading files off the server, but it doesn't
help against someone passing any random two character value for "l"
I think the correct way to do this is to have a language class that does
language checking and falls back to a default value on errors, and that can
be used across the whole code of the site
I will try to prepare a patch for that in the next 8 hours if I have some
free time at work.
--
Chady 'Leviathan' Kassouf
http://chady.net/
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
