Sanitize ratings

This commit is contained in:
im-mi 2016-09-25 15:17:29 -04:00
parent d4fda00dd9
commit e6dd1b492c
1 changed files with 20 additions and 1 deletions

View File

@ -110,7 +110,10 @@ class Ratings extends Extension {
public function onImageInfoSet(ImageInfoSetEvent $event) {
if($this->can_rate() && isset($_POST["rating"])) {
send_event(new RatingSetEvent($event->image, $_POST['rating']));
$rating = $_POST["rating"];
if (Ratings::rating_is_valid($rating)) {
send_event(new RatingSetEvent($event->image, $rating));
}
}
}
@ -211,6 +214,22 @@ class Ratings extends Extension {
}
}
/**
* @param string $rating
* @return bool
*/
public static function rating_is_valid(/*string*/ $rating) {
switch($rating) {
case "s":
case "q":
case "e":
case "u":
return true;
default:
return false;
}
}
/**
* FIXME: this is a bit ugly and guessey, should have proper options
*