james/fembooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Special chars in tags barf filter_var

Browse Source 
Due to how FILTER_SANITIZE_STRING works, if you had special chars in
your tags (eg. <3 or !) the string would be cut before the offending
character(s) and in worst case, result in no tags passing to the API
This commit is contained in:
Diftraku 2014-04-10 04:11:43 +03:00
parent fa5ad5b77d
commit 7ac61f4234
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ext/ouroboros_api/main.php
View File

@ -387,9 +387,11 @@ class OuroborosAPI extends Extension
// @TODO Should move the validation logic into OuroborosPost instead? // @TODO Should move the validation logic into OuroborosPost instead?
if ($user->can("create_image")) { if ($user->can("create_image")) {
$post = array( $post = array(
'tags' => !empty($_REQUEST['post']['tags']) ? filter_var( 'tags' => !empty($_REQUEST['post']['tags']) ? Tag::implode(
urldecode($_REQUEST['post']['tags']), array_map(
FILTER_SANITIZE_STRING array('Tag', 'sanitise'),
Tag::explode(urldecode($_REQUEST['post']['tags']))
)
) : 'tagme', ) : 'tagme',
'file' => !empty($_REQUEST['post']['file']) ? filter_var( 'file' => !empty($_REQUEST['post']['file']) ? filter_var(
$_REQUEST['post']['file'], $_REQUEST['post']['file'],