public void attach(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc {
String mediaIdParam = aRequest.getParameter("mid");
String articleId = aRequest.getParameter("articleid");
-
if (articleId == null || mediaIdParam==null)
throw new ServletModuleExc("smod content :: attach :: articleid/mid missing");
-
+ // check if mediaIdParam and articleid are correct integers
+ try
+ {
+ Integer.parseInt(mediaIdParam);
+ Integer.parseInt(articleId);
+ }
+ catch(NumberFormatException e)
+ {
+ throw new ServletModuleExc("smod content :: attach :: invalid articleid/mid");
+ }
+
if (!MirGlobal.accessControl().article().mayEditArticle(ServletHelper.getUser(aRequest), articleId))
throw new ServletModuleExc("Article has been locked");
HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
EntityAdapterModel model = MirGlobal.localizer().dataModel().adapterModel();
- Map article;
+ Object article;
URLBuilder urlBuilder = new URLBuilder();
urlBuilder.setValue("module", "Content");
else {
List fields = DatabaseContent.getInstance().getFieldNames();
responseData.put("new", Boolean.TRUE);
- article = new HashMap();
+ Map emptyArticle = new HashMap();
Iterator i = fields.iterator();
while (i.hasNext()) {
- article.put(i.next(), null);
+ emptyArticle.put(i.next(), null);
}
- article.put("to_topics", null);
+ emptyArticle.put("to_topics", null);
- MirGlobal.localizer().adminInterface().initializeArticle(article);
+ MirGlobal.localizer().adminInterface().initializeArticle(emptyArticle);
+ article = emptyArticle;
responseData.put("mayEdit", Boolean.TRUE);
responseData.put("mayLock", Boolean.FALSE);
responseData.put("mayForceLock", Boolean.FALSE);
responseData.put("mayUnlock", Boolean.FALSE);
+
}
responseData.put("article", article);