![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] http://bugs.dwscoalition.org/show_bug.cgi?id=2430
[commit: http://hg.dwscoalition.org/dw-free/rev/c7987f8efeb2]
http://bugs.dwscoalition.org/show_bug.cgi?id=2430
Sanitize inputs to invite distribution form.
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
kareila.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=2430
Sanitize inputs to invite distribution form.
Patch by
kareila.Files modified:
- htdocs/admin/invites/distribute.bml
- htdocs/admin/invites/distribute.bml.text
--------------------------------------------------------------------------------
diff -r 3bafbb3c1779 -r c7987f8efeb2 htdocs/admin/invites/distribute.bml
--- a/htdocs/admin/invites/distribute.bml Thu Jul 29 06:13:37 2010 +0000
+++ b/htdocs/admin/invites/distribute.bml Thu Jul 29 06:29:16 2010 +0000
@@ -45,6 +45,17 @@ body<=
my $selected_user_class = $POST{user_class};
my $reason = $POST{reason};
+ # sanitize the number of invites
+ $num_invites_requested =~ s/[^0-9]//g;
+ $num_invites_requested += 0;
+
+ return LJ::error_list( $ML{ '.error.noinvites' } ) unless $num_invites_requested;
+
+ # sanitize selected user class
+ my $class_names = DW::BusinessRules::InviteCodes::user_classes();
+ return LJ::error_list( LJ::Lang::ml( '.error.nosuchclass', { class => $selected_user_class } ) )
+ unless exists $class_names->{$selected_user_class};
+
my $sclient = LJ::theschwartz()
or return LJ::error_list( $ML{'error.noschwartz'} );
$sclient->insert('DW::Worker::DistributeInvites',
diff -r 3bafbb3c1779 -r c7987f8efeb2 htdocs/admin/invites/distribute.bml.text
--- a/htdocs/admin/invites/distribute.bml.text Thu Jul 29 06:13:37 2010 +0000
+++ b/htdocs/admin/invites/distribute.bml.text Thu Jul 29 06:29:16 2010 +0000
@@ -1,6 +1,10 @@
.btn.distribute=Distribute
.error.cantinsertjob=Unable to start TheSchwartz job for invite codes distribution.
+
+.error.nosuchclass=The selection class "[[class]]" does not exist.
+
+.error.noinvites=Cannot distribute 0 invites!
.field.distribute.label=Distribute to:
--------------------------------------------------------------------------------
no subject