Sanitize ratings
This commit is contained in:
im-mi
parent
d4fda00dd9
commit
e6dd1b492c
1 changed files with 20 additions and 1 deletions
|
|
@ -110,7 +110,10 @@ class Ratings extends Extension {
|
|||
|
||||
public function onImageInfoSet(ImageInfoSetEvent $event) {
|
||||
if($this->can_rate() && isset($_POST["rating"])) {
|
||||
send_event(new RatingSetEvent($event->image, $_POST['rating']));
|
||||
$rating = $_POST["rating"];
|
||||
if (Ratings::rating_is_valid($rating)) {
|
||||
send_event(new RatingSetEvent($event->image, $rating));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -211,6 +214,22 @@ class Ratings extends Extension {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $rating
|
||||
* @return bool
|
||||
*/
|
||||
public static function rating_is_valid(/*string*/ $rating) {
|
||||
switch($rating) {
|
||||
case "s":
|
||||
case "q":
|
||||
case "e":
|
||||
case "u":
|
||||
return true;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* FIXME: this is a bit ugly and guessey, should have proper options
|
||||
*
|
||||
|
|
|
|||
Reference in a new issue