Masato Kikuhara
en-sf****@users*****
2005年 7月 18日 (月) 11:53:07 JST
Index: affelio/apps/diary/Diary.pm
diff -u affelio/apps/diary/Diary.pm:1.28 affelio/apps/diary/Diary.pm:1.29
--- affelio/apps/diary/Diary.pm:1.28 Tue Jul 12 06:05:15 2005
+++ affelio/apps/diary/Diary.pm Mon Jul 18 11:53:06 2005
@@ -702,6 +702,10 @@
sub saveUploadedImage {
use File::Basename;
my ($self, $filename, $id) = @_;
+
+ if ($filename !~ /^[a-zA-Z0-9\.\-\_]{1,32}$/) {
+ $self->errorExit("You can only use ascii character in your file name");
+ }
$id = $self->getColumn("SELECT MAX(id) FROM $self->{entry_table}") unless ($id);
@@ -843,6 +847,10 @@
$str =~ s/<a +href=(")?(s?https?:\/\/[-_.!~*'()a-zA-Z0-9;\/?:\@&=+\$,%#]+) *(")? *>/<a href="$2">/ig;
$str =~ s/""/"/g;
$str =~ s/(\r\n|\r|\n)/<br \/>/g;
+
+ while ($str =~ /(<(a|p|i|b|big|strong|small|em|u|blockquote)\b(?:(?!<\/\2>).)*(?:<\2>|$))/sigx) {
+ $self->errorExit("Error: You may mistype a tag or forget to close it.");
+ }
}
return $str;