[AppDB] Submitting Apps improvements

Paul van Schayck info at wwwdesign.tmfweb.nl
Tue Mar 16 03:48:10 CST 2004


Hey,

Submitting applications with empty fields was possible. 
Added a function to check the fields and return errors
if there were problems. So a cleaner queue list.

Regards,
Paul van Schayck

Changelog:
Check the submitted input on errors. Changed registered globals to $_REQUEST

Index: appdb/appsubmit.php
===================================================================
RCS file: /home/wine/appdb/appsubmit.php,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 appsubmit.php
--- appdb/appsubmit.php	15 Mar 2004 16:22:00 -0000	1.1.1.1
+++ appdb/appsubmit.php	16 Mar 2004 09:45:59 -0000
@@ -1,8 +1,60 @@
 <?
 
 /* code to Submit a new application */
-/*   last modified 06-06-01 by Jeremy Newman */
 
+// Check the input of a submitted form. And output with a list
+// of errors. (<ul></ul>)
+function checkInput( $fields )
+{
+	$errors = "";
+	
+	if( strlen($fields['queueName']) > 200 )
+	{
+		$errors .= "<li>Your application name is too long.</li>\n";
+	}
+	
+	if( empty( $fields['queueName']) )
+	{
+		$errors .= "<li>Please enter an application name.</li>\n";
+	}
+	
+	if( empty( $fields['queueVersion']) )
+	{
+		$errors .= "<li>Please enter an application version.</li>\n";
+	}
+	
+	if( empty( $fields['queueVendor']) )
+	{
+		$errors .= "<li>Please enter a vendor.</li>\n";
+	}
+
+	if( empty( $fields['queueDesc']) )
+	{
+		$errors .= "<li>Please enter a description of your application.</li>\n";
+	}
+
+	// Not empty and an invalid e-mail address
+	if( !empty( $fields['queueEmail']) AND !preg_match('/^[A-Za-z0-9\._-]+[@][A-Za-z0-9_-]+([.][A-Za-z0-9_-]+)+[A-Za-z]$/',$fields['queueEmail']) )
+	{
+		$errors .= "<li>Please enter a valid e-mail address.</li>\n";
+	}
+
+	// Not empty and an invalid url
+	$urlheck = @fopen( $fields['queueURL'] );
+	if( !empty($fields['queueURL']) AND !$urlheck )
+	{
+		$errors .= "<li>Please enter a correct and working URL.</li>\n";
+	}
+
+	if( empty($errors) )
+	{
+		return "";
+	}
+	else
+	{
+		return $errors;
+	}
+}

 include("path.php");
 require(BASE."include/"."incl.php");
@@ -11,27 +63,34 @@
 // set email field if logged in
 if ($current && loggedin())
 {
-    $email = $current->lookup_email($current->userid);
+    $_REQUEST['email'] = $current->lookup_email($current->userid);
 }

-//header
-apidb_header("Submit Application");
-
-
-if ($queueName)
+if ($_REQUEST['queueName'])
 {
 	// add to queue

+	// Check input and exit if we found errors
+	$errors = checkInput($_REQUEST);
+	if( !empty($errors) )
+	{
+		errorpage("We found the following errors:","<ul>$errors</ul><br>Please go back and correct them.");
+		exit;
+	}
+
+	// header
+	apidb_header("Submit Application");
+
 	//FIXME: need to get image upload in

 	$query = "INSERT INTO appQueue VALUES (null, '".
-			addslashes($queueName)."', '".
-			addslashes($queueVersion)."', '".
-			addslashes($queueVendor)."', '".
-            addslashes($queueDesc)."', '".
-			addslashes($queueEmail)."', '".
-			addslashes($queueURL)."', '".
-			addslashes($queueImage)."');";
+			addslashes($_REQUEST['queueName'])."', '".
+			addslashes($_REQUEST['queueVersion'])."', '".
+			addslashes($_REQUEST['queueVendor'])."', '".
+			addslashes($_REQUEST['queueDesc'])."', '".
+			addslashes($_REQUEST['queueEmail'])."', '".
+			addslashes($_REQUEST['queueURL'])."', '".
+			addslashes($_REQUEST['queueImage'])."');";

 	mysql_query($query);

@@ -50,6 +109,9 @@
 }
 else
 {
+	// header
+	apidb_header("Submit Application");
+
 	// show add to queue form

 	echo '<form name="newApp" action="appsubmit.php" method="post" enctype="multipart/form-data">',"\n";





More information about the wine-patches mailing list