From a490bfcd4228c71278c5bbe5bb9a71782bbf7127 Mon Sep 17 00:00:00 2001
From: mh <mh>
Date: Fri, 13 Dec 2002 05:52:24 +0000
Subject: [PATCH] we need to remove unwanted html tags from here too, as
 MediaRequest see's the parameters before we clean them up.

---
 source/mircoders/media/MediaRequest.java | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/source/mircoders/media/MediaRequest.java b/source/mircoders/media/MediaRequest.java
index 780c8fad..46ab4b13 100755
--- a/source/mircoders/media/MediaRequest.java
+++ b/source/mircoders/media/MediaRequest.java
@@ -55,7 +55,7 @@ import mir.media.*;
  *    appropriate media objects are set.
  *
  * @author mh
- * @version $Id: MediaRequest.java,v 1.1.2.4 2002/11/29 06:31:35 mh Exp $
+ * @version $Id: MediaRequest.java,v 1.1.2.5 2002/12/13 05:52:24 mh Exp $
  *
  */
 
@@ -143,6 +143,21 @@ public class MediaRequest implements FileHandler
         _throwBadContentType(fileName, contentType);
       }
 
+      // call the routines that escape html
+      for (Iterator i=mediaValues.keySet().iterator(); i.hasNext(); ){
+        String k=(String)i.next();
+        String v=(String)mediaValues.get(k);
+        
+        if (k.equals("description")) {
+          String tmp = StringUtil.deleteForbiddenTags(v);
+          mediaValues.put(k,StringUtil.deleteHTMLTableTags(tmp));
+        } else {
+          //we don't want people fucking with the author/title, etc..
+          mediaValues.put(k,StringUtil.removeHTMLTags(v));
+        }
+        
+      }
+
       String mediaTitle = (String)mediaValues.get("media_title"+fileNum);
       if ( (mediaTitle == null) || (mediaTitle.length() == 0))
           throw new FileHandlerUserException("Missing field: media title "+mediaTitle+fileNum);
-- 
2.11.0