Changeset 3219 for trunk/lib/MT/CMS

Show
Ignore:
Timestamp:
12/03/08 07:58:25 (16 months ago)
Author:
fumiakiy
Message:

Merging the latest of fireball branch to trunk. svn merge -r3095:3215 http://code.sixapart.com/svn/movabletype/branches/fireball . (two conflicts resolved; MT.pm, mt.php and mt-check.cgi merged manually.)

Location:
trunk/lib/MT/CMS
Files:
6 modified

Legend:

Unmodified
Added
Removed

  • trunk/lib/MT/CMS/Blog.pm

    r3098 r3219  
    10081008            or return $app->error($app->translate('Can\'t load entry #[_1].', $entry_id)); 
    10091009        $param{build_type_name} = 
    1010           $app->translate( "[_1] '[_2]'", $entry->class_label, $entry->title ); 
     1010          $app->translate( "[_1] '[_2]'", $entry->class_label, MT::Util::encode_html($entry->title) ); 
    10111011        $param{is_entry} = 1; 
    10121012        $param{entry_id} = $entry_id; 

  • trunk/lib/MT/CMS/Dashboard.pm

    r3082 r3219  
    22 
    33use strict; 
    4 use MT::Util qw( epoch2ts ); 
     4use MT::Util qw( epoch2ts encode_html ); 
    55 
    66sub dashboard { 
     
    137137        $param->{last_post_id}      = $last_post->id; 
    138138        $param->{last_post_blog_id} = $last_post->blog_id; 
    139         $param->{last_post_blog_name} = $last_post->blog->name; 
     139        $param->{last_post_blog_name} = encode_html($last_post->blog->name); 
    140140        $param->{last_post_ts}      = $last_post->authored_on; 
    141141    } 

  • trunk/lib/MT/CMS/Entry.pm

    r3098 r3219  
    189189    my $cats = $q->param('category_ids'); 
    190190    if ( defined $cats ) { 
    191         if ( my @cats = split /,/, $cats ) { 
     191        if ( my @cats = grep { $_ =~ /^\d+/ } split /,/, $cats ) { 
    192192            $cat_id = $cats[0]; 
    193193            %places = map { $_ => 1 } @cats; 
     
    19301930    my $script = qq!javascript:d=document;w=window;t='';if(d.selection)t=d.selection.createRange().text;else{if(d.getSelection)t=d.getSelection();else{if(w.getSelection)t=w.getSelection()}}void(w.open('$uri&title='+encodeURIComponent(d.title)+'&text='+encodeURIComponent(d.location.href)+encodeURIComponent('<br/><br/>')+encodeURIComponent(t),'_blank','scrollbars=yes,status=yes,resizable=yes,location=yes'))!; 
    19311931    # Translate the phrase here to avoid ActivePerl DLL bug. 
    1932     $app->translate('<a href="[_1]">QuickPost to [_2]</a> - Drag this link to your browser\'s toolbar then click it when you are on a site you want to blog about.', encode_html($script), $blog->name); 
     1932    $app->translate('<a href="[_1]">QuickPost to [_2]</a> - Drag this link to your browser\'s toolbar then click it when you are on a site you want to blog about.', encode_html($script), encode_html($blog->name)); 
    19331933} 
    19341934 

  • trunk/lib/MT/CMS/Search.pm

    r2890 r3219  
    394394    my %param = %$list_pref; 
    395395    my $limit = $q->param('limit') || 125;    # FIXME: mt.cfg setting? 
     396    $limit =~ s/\D//g; 
    396397    my $matches; 
    397398    $date_col = $api->{date_column} || 'created_on'; 

  • trunk/lib/MT/CMS/Tools.pm

    r3098 r3219  
    622622    my @tsnow    = gmtime(time); 
    623623    my $metadata = { 
    624         backup_by => $app->user->name . '(ID: ' . $app->user->id . ')', 
     624        backup_by => MT::Util::encode_xml($app->user->name, 1) . '(ID: ' . $app->user->id . ')', 
    625625        backup_on => sprintf( 
    626626            "%04d-%02d-%02dT%02d:%02d:%02d", 

  • trunk/lib/MT/CMS/User.pm

    r3039 r3219  
    15661566        return $eh->error( $app->translate("User requires username") ) 
    15671567          if ( !$name ); 
     1568 
     1569        if ( $name =~ m/([<>])/) { 
     1570            return $eh->error( $app->translate("[_1] contains an invalid character: [_2]", $app->translate("Username"), encode_html( $1 ) ) ); 
     1571        } 
    15681572    } 
    15691573 
     
    15761580        return $eh->error( $app->translate("User requires display name") ) 
    15771581          if ( !length( $nickname ) ); 
     1582 
     1583        if ( $nickname =~ m/([<>])/) { 
     1584            return $eh->error( $app->translate("[_1] contains an invalid character: [_2]", $app->translate("Display Name"), encode_html( $1 ) ) ); 
     1585        } 
    15781586    } 
    15791587 
     
    16141622          if ( !$app->param('hint') ); 
    16151623    } 
     1624    my $email = $app->param('email'); 
    16161625    return $eh->error( 
    16171626        MT->translate("Email Address is required for password recovery") ) 
    1618       unless $app->param('email'); 
     1627      unless $email; 
     1628    if ( $email =~ m/([<>])/) { 
     1629        return $eh->error( $app->translate("[_1] contains an invalid character: [_2]", $app->translate("Email Address"), encode_html( $1 ) ) ); 
     1630    } 
     1631 
    16191632    if ( $app->param('url') ) { 
    16201633        my $url = $app->param('url'); 
    1621         return $eh->error( MT->translate("Website URL is invalid") ) 
    1622           unless is_url($url); 
     1634        return $eh->error( MT->translate("URL is invalid.") ) 
     1635          if !is_url($url) || ($url =~ m/[<>]/); 
    16231636    } 
    16241637    1;