added a classname form control for validating classnames and do taint checking

This commit is contained in:
JT Smith 2006-05-10 23:01:15 +00:00
parent a1a920cfea
commit 21fedb9051
5 changed files with 109 additions and 15 deletions

View file

@ -42,7 +42,7 @@ sub www_formAssetTree {
my $ancestors = $base->getLineage(["self","ancestors"],{returnObjects=>1});
foreach my $ancestor (@{$ancestors}) {
my $url = $ancestor->getUrl("op=formAssetTree;formId=".$session->form->process("formId"));
$url .= ";classLimiter=".$session->form->process("classLimiter") if ($session->form->process("classLimiter"));
$url .= ";classLimiter=".$session->form->process("classLimiter","className") if ($session->form->process("classLimiter","className"));
push(@crumb,'<a href="'.$url.'" class="crumb">'.$ancestor->get("menuTitle").'</a>');
}
my $output = '
@ -79,7 +79,7 @@ sub www_formAssetTree {
<div class="crumbTrail">'.join(" &gt; ", @crumb)."</div><br />\n";
my $children = $base->getLineage(["children"],{returnObjects=>1});
my $i18n = WebGUI::International->new($session);
my $limit = $session->form->process("classLimiter");
my $limit = $session->form->process("classLimiter","className");
foreach my $child (@{$children}) {
next unless $child->canView;
if ($limit eq "" || $child->get("className") =~ /^$limit/) {
@ -90,7 +90,7 @@ sub www_formAssetTree {
$output .= '<span class="selectLink">['.$i18n->get("select").']</span> ';
}
my $url = $child->getUrl("op=formAssetTree;formId=".$session->form->process("formId"));
$url .= ";classLimiter=".$session->form->process("classLimiter") if ($session->form->process("classLimiter"));
$url .= ";classLimiter=".$session->form->process("classLimiter","className") if ($session->form->process("classLimiter","className"));
$output .= '<a href="'.$url.'" class="traverse">'.$child->get("menuTitle").'</a>'."<br />\n";
}
$output .= '</div></body></html>';

View file

@ -264,8 +264,8 @@ sub www_editWorkflowActivity {
my $session = shift;
return $session->privilege->insufficient() unless ($session->user->isInGroup("pbgroup000000000000015"));
my $activity = '';
if ($session->form->get("className")) {
$activity = WebGUI::Workflow::Activity->newByPropertyHashRef($session, {activityId=>"new",className=>$session->form->get("className")});
if ($session->form->process("className","className")) {
$activity = WebGUI::Workflow::Activity->newByPropertyHashRef($session, {activityId=>"new",className=>$session->form->process("className","className")});
} else {
$activity = WebGUI::Workflow::Activity->new($session, $session->form->get("activityId"));
}
@ -296,7 +296,7 @@ sub www_editWorkflowActivitySave {
my $activityId = $session->form->get("activityId");
my $activity = '';
if ($activityId eq "new") {
$activity = $workflow->addActivity($session->form->get("className"));
$activity = $workflow->addActivity($session->form->process("className","className"));
} else {
$activity = $workflow->getActivity($activityId);
}