From bd69bd88b942435a4cc43ac229275432351fc7ad Mon Sep 17 00:00:00 2001
From: shish <shish@7f39781d-f577-437e-ae19-be835c7a54ca>
Date: Sun, 28 Oct 2007 17:40:58 +0000
Subject: [PATCH] input validation for bulk tag replace (no spaces)

git-svn-id: file:///home/shish/svn/shimmie2/trunk@594 7f39781d-f577-437e-ae19-be835c7a54ca
---
 ext/tag_edit/main.php | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/ext/tag_edit/main.php b/ext/tag_edit/main.php
index db0e0ce1..cd80e2ea 100644
--- a/ext/tag_edit/main.php
+++ b/ext/tag_edit/main.php
@@ -25,10 +25,18 @@ class TagEdit extends Extension {
 			else if($event->get_arg(0) == "replace") {
 				global $user;
 				if($user->is_admin() && isset($_POST['search']) && isset($_POST['replace'])) {
+					$search = $_POST['search'];
+					$replace = $_POST['replace'];
 					global $page;
-					$this->mass_tag_edit($_POST['search'], $_POST['replace']);
-					$page->set_mode("redirect");
-					$page->set_redirect(make_link("admin"));
+					if(strpos($search, " ") === false && strpos($replace, " ") === false) {
+						$this->mass_tag_edit($search, $replace);
+						$page->set_mode("redirect");
+						$page->set_redirect(make_link("admin"));
+					}
+					else {
+						$this->theme->display_error($page, "Search &amp; Replace Error",
+							"Bulk replace can only do single tags -- don't use spaces!");
+					}
 				}
 			}
 		}