* appropriate media objects are set.
*
* @author mh
- * @version $Id: MediaRequest.java,v 1.10 2002/12/17 19:20:31 zapata Exp $
+ * @version $Id: MediaRequest.java,v 1.11 2002/12/23 03:38:32 mh Exp $
*
*/
_throwBadContentType(fileName, contentType);
}
+ // call the routines that escape html
+ for (Iterator i=mediaValues.keySet().iterator(); i.hasNext(); ){
+ String k=(String)i.next();
+ String v=(String)mediaValues.get(k);
+
+ if (k.equals("description")) {
+ String tmp = StringUtil.deleteForbiddenTags(v);
+ mediaValues.put(k,StringUtil.deleteHTMLTableTags(tmp));
+ } else {
+ //we don't want people fucking with the author/title, etc..
+ mediaValues.put(k,StringUtil.removeHTMLTags(v));
+ }
+
+ }
+
String mediaTitle = (String)mediaValues.get("media_title"+fileNum);
if ( (mediaTitle == null) || (mediaTitle.length() == 0)) {
// uncomment the next line and comment out the exception throw