[Mrbs-commits] SF.net SVN: mrbs:[1118] mrbs/trunk/web/edit_entry_handler.php

Thu, 18 Jun 2009 14:54:33 -0700 

Revision: 1118
          http://mrbs.svn.sourceforge.net/mrbs/?rev=1118&view=rev
Author:   cimorrison
Date:     2009-06-18 21:54:26 +0000 (Thu, 18 Jun 2009)

Log Message:
-----------
Truncated the name field to the maximum length as a precaution.   Although the 
MAXLENGTH attribute is used in the <input> tag, this can sometimes be ignored 
by the browser, for example by Firefox when autocompletion is used.  The user 
could also edit the HTML and remove the MAXLENGTH attribute.    Passing an 
oversize string to some databases (eg some versions of PostgreSQL) results in 
an SQL error, rather than silent truncation of the string.

Modified Paths:
--------------
    mrbs/trunk/web/edit_entry_handler.php

Modified: mrbs/trunk/web/edit_entry_handler.php
===================================================================
--- mrbs/trunk/web/edit_entry_handler.php       2009-06-17 14:48:40 UTC (rev 
1117)
+++ mrbs/trunk/web/edit_entry_handler.php       2009-06-18 21:54:26 UTC (rev 
1118)
@@ -39,6 +39,15 @@
 $rep_num_weeks = get_form_var('rep_num_weeks', 'int');
 $private = get_form_var('private', 'string'); // bool, actually
 
+// Truncate the name field to the maximum length as a precaution.
+// Although the MAXLENGTH attribute is used in the <input> tag, this can
+// sometimes be ignored by the browser, for example by Firefox when 
+// autocompletion is used.  The user could also edit the HTML and remove
+// the MAXLENGTH attribute.    Passing an oversize string to some
+// databases (eg some versions of PostgreSQL) results in an SQL error,
+// rather than silent truncation of the string.
+$name = substr($name, 0, ENTRY_NAME_LENGTH);
+
 if (empty($area))
 {
   if (empty($rooms[0]))


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits

Reply via email to