* appropriate media objects are set.
*
* @author mh
- * @version $Id: MediaRequest.java,v 1.1.2.4 2002/11/29 06:31:35 mh Exp $
+ * @version $Id: MediaRequest.java,v 1.1.2.5 2002/12/13 05:52:24 mh Exp $
*
*/
_throwBadContentType(fileName, contentType);
}
+ // call the routines that escape html
+ for (Iterator i=mediaValues.keySet().iterator(); i.hasNext(); ){
+ String k=(String)i.next();
+ String v=(String)mediaValues.get(k);
+
+ if (k.equals("description")) {
+ String tmp = StringUtil.deleteForbiddenTags(v);
+ mediaValues.put(k,StringUtil.deleteHTMLTableTags(tmp));
+ } else {
+ //we don't want people fucking with the author/title, etc..
+ mediaValues.put(k,StringUtil.removeHTMLTags(v));
+ }
+
+ }
+
String mediaTitle = (String)mediaValues.get("media_title"+fileNum);
if ( (mediaTitle == null) || (mediaTitle.length() == 0))
throw new FileHandlerUserException("Missing field: media title "+mediaTitle+fileNum);