we need to remove unwanted html tags from here too, as MediaRequest see's the paramet...

author mh <mh>

Fri, 13 Dec 2002 05:52:24 +0000 (05:52 +0000)

committer mh <mh>

Fri, 13 Dec 2002 05:52:24 +0000 (05:52 +0000)
author mh <mh>
Fri, 13 Dec 2002 05:52:24 +0000 (05:52 +0000)
committer mh <mh>
Fri, 13 Dec 2002 05:52:24 +0000 (05:52 +0000)
diff --git a/source/mircoders/media/MediaRequest.java b/source/mircoders/media/MediaRequest.java

index 780c8fa..46ab4b1 100755 (executable)
--- a/source/mircoders/media/MediaRequest.java
+++ b/source/mircoders/media/MediaRequest.java
@@ -55,7 +55,7 @@ import mir.media.*;
   *    appropriate media objects are set.
   *
   * @author mh
- * @version $Id: MediaRequest.java,v 1.1.2.4 2002/11/29 06:31:35 mh Exp $
+ * @version $Id: MediaRequest.java,v 1.1.2.5 2002/12/13 05:52:24 mh Exp $
   *
   */
  
@@ -143,6 +143,21 @@ public class MediaRequest implements FileHandler
          _throwBadContentType(fileName, contentType);
        }
  
+      // call the routines that escape html
+      for (Iterator i=mediaValues.keySet().iterator(); i.hasNext(); ){
+        String k=(String)i.next();
+        String v=(String)mediaValues.get(k);
+        
+        if (k.equals("description")) {
+          String tmp = StringUtil.deleteForbiddenTags(v);
+          mediaValues.put(k,StringUtil.deleteHTMLTableTags(tmp));
+        } else {
+          //we don't want people fucking with the author/title, etc..
+          mediaValues.put(k,StringUtil.removeHTMLTags(v));
+        }
+        
+      }
+
        String mediaTitle = (String)mediaValues.get("media_title"+fileNum);
        if ( (mediaTitle == null) || (mediaTitle.length() == 0))
            throw new FileHandlerUserException("Missing field: media title "+mediaTitle+fileNum);
author	mh <mh>
	Fri, 13 Dec 2002 05:52:24 +0000 (05:52 +0000)
committer	mh <mh>
	Fri, 13 Dec 2002 05:52:24 +0000 (05:52 +0000)