add in HTML tag mangling routines to protect the media metadata fields

[mir.git] / source / mircoders / media / MediaRequest.java

diff --git a/source/mircoders/media/MediaRequest.java b/source/mircoders/media/MediaRequest.java
index 104c388..a07bbd3 100755 (executable)
--- a/source/mircoders/media/MediaRequest.java
+++ b/source/mircoders/media/MediaRequest.java
@@ -55,7 +55,7 @@ import mir.media.*;
  *    appropriate media objects are set.
  *
  * @author mh
- * @version $Id: MediaRequest.java,v 1.10 2002/12/17 19:20:31 zapata Exp $
+ * @version $Id: MediaRequest.java,v 1.11 2002/12/23 03:38:32 mh Exp $
  *
  */
 
@@ -143,6 +143,21 @@ public class MediaRequest implements FileHandler
         _throwBadContentType(fileName, contentType);
       }
 
+      // call the routines that escape html
+      for (Iterator i=mediaValues.keySet().iterator(); i.hasNext(); ){
+        String k=(String)i.next();
+        String v=(String)mediaValues.get(k);
+        
+        if (k.equals("description")) {
+          String tmp = StringUtil.deleteForbiddenTags(v);
+          mediaValues.put(k,StringUtil.deleteHTMLTableTags(tmp));
+        } else {
+          //we don't want people fucking with the author/title, etc..
+          mediaValues.put(k,StringUtil.removeHTMLTags(v));
+        }
+        
+      }
+
       String mediaTitle = (String)mediaValues.get("media_title"+fileNum);
       if ( (mediaTitle == null) || (mediaTitle.length() == 0)) {
         //  uncomment the next line and comment out the exception throw