diff options
author | xue <> | 2006-05-03 18:40:21 +0000 |
---|---|---|
committer | xue <> | 2006-05-03 18:40:21 +0000 |
commit | 641826266aff9d816c8e61569be5ec9d67f7cc89 (patch) | |
tree | 43b5526271174fe2ab9ce537461e1646c59212c4 | |
parent | 4c2920064d561701016476b91ce28813e2368270 (diff) |
Fixed#151 - added sanity check GET parameters in constructUrl()
-rw-r--r-- | HISTORY | 1 | ||||
-rw-r--r-- | demos/quickstart/protected/application.xml | 1 | ||||
-rw-r--r-- | framework/Web/THttpRequest.php | 14 |
3 files changed, 12 insertions, 4 deletions
@@ -2,6 +2,7 @@ Version 3.0.1 June 1, 2006 ==========================
CHG: Ticket#153 - TAssetManager now ignores .svn directories (Qiang)
CHG: Ticket#154 - HTML comments are now parsed as regular template strings (Qiang)
+ENH: Ticket#151 - added sanity check GET parameters in constructUrl() (Qiang)
ENH: added sanity check to calling event handlers (Qiang)
Version 3.0.0 May 1, 2006
diff --git a/demos/quickstart/protected/application.xml b/demos/quickstart/protected/application.xml index cd6dd01e..18eed91e 100644 --- a/demos/quickstart/protected/application.xml +++ b/demos/quickstart/protected/application.xml @@ -10,6 +10,7 @@ <route class="TFileLogRoute" />
</module>
-->
+ <module class="THttpRequest" UrlFormat="Path" />
</modules>
<paths>
<using namespace="Application.controls.*" />
diff --git a/framework/Web/THttpRequest.php b/framework/Web/THttpRequest.php index 71237fa1..9b06076e 100644 --- a/framework/Web/THttpRequest.php +++ b/framework/Web/THttpRequest.php @@ -460,9 +460,12 @@ class THttpRequest extends TApplicationComponent implements IteratorAggregate,Ar {
$name=urlencode($name.'[]');
foreach($value as $v)
- $url.=$amp.$name.'='.$v;
+ {
+ if(($v=trim($v))!=='')
+ $url.=$amp.$name.'='.$v;
+ }
}
- else
+ else if(($value=trim($value))!=='')
$url.=$amp.urlencode($name).'='.urlencode($value);
}
}
@@ -473,9 +476,12 @@ class THttpRequest extends TApplicationComponent implements IteratorAggregate,Ar if(is_array($value))
{
foreach($value as $v)
- $url.=$amp.$name.'[]='.$v;
+ {
+ if(($v=trim($v))!=='')
+ $url.=$amp.$name.'[]='.$v;
+ }
}
- else
+ else if(($value=trim($value))!=='')
$url.=$amp.$name.'='.$value;
}
}
|