Merge from CVS (Bug # 9005).

author Michael J. Rubinsky <mrubinsk@horde.org>

Sun, 9 May 2010 17:06:46 +0000 (13:06 -0400)

committer Michael J. Rubinsky <mrubinsk@horde.org>

Sun, 9 May 2010 17:06:46 +0000 (13:06 -0400)
author Michael J. Rubinsky <mrubinsk@horde.org>
Sun, 9 May 2010 17:06:46 +0000 (13:06 -0400)
committer Michael J. Rubinsky <mrubinsk@horde.org>
Sun, 9 May 2010 17:06:46 +0000 (13:06 -0400)
diff --git a/ansel/docs/CHANGES b/ansel/docs/CHANGES

index 415d33c..7e63781 100644 (file)
--- a/ansel/docs/CHANGES
+++ b/ansel/docs/CHANGES
@@ -10,6 +10,7 @@ v2.0-git
  v1.1.2-cvs
  ----------
  
+[mjr] Enforce the same allowed characters for tags as slugs (Bug #9005).
  [mjr] Fix clicking on image edit actions causes logout when not using cookies.
  [mjr] Fix adding a face name from the gallery faces view (Bug #9002).
  
diff --git a/ansel/lib/Tags.php b/ansel/lib/Tags.php

index cd186b7..7f40ae6 100644 (file)
--- a/ansel/lib/Tags.php
+++ b/ansel/lib/Tags.php
@@ -39,6 +39,9 @@ class Ansel_Tags {
          $insert = $GLOBALS['ansel_db']->prepare('INSERT INTO ansel_tags (tag_id, tag_name) VALUES(?, ?)');
          foreach ($tags as $tag) {
              if (!empty($tag)) {
+                if (!preg_match("/^[a-zA-Z0-9%_+.!*',()~-]*$/", $tag)) {
+                    return PEAR::raiseError(_("Invalid characters in tag"));
+                }
                  $tag = Horde_String::lower(trim($tag));
                  $sql = $GLOBALS['ansel_db']->prepare('SELECT tag_id FROM ansel_tags WHERE tag_name = ?');
                  $result = $sql->execute(Horde_String::convertCharset($tag, Horde_Nls::getCharset(), $GLOBALS['conf']['sql']['charset']));
author	Michael J. Rubinsky <mrubinsk@horde.org>
	Sun, 9 May 2010 17:06:46 +0000 (13:06 -0400)
committer	Michael J. Rubinsky <mrubinsk@horde.org>
	Sun, 9 May 2010 17:06:46 +0000 (13:06 -0400)
ansel/docs/CHANGES		patch \| blob \| history
ansel/lib/Tags.php		patch \| blob \| history