From 9004d87b6d4f00bccb96aba4a311f74616b07f62 Mon Sep 17 00:00:00 2001
From: mh <mh>
Date: Mon, 23 Dec 2002 03:38:32 +0000
Subject: [PATCH] add in HTML tag mangling routines to protect the media
 metadata fields

---
 source/mircoders/media/MediaRequest.java | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/source/mircoders/media/MediaRequest.java b/source/mircoders/media/MediaRequest.java
index 104c3888..a07bbd34 100755
--- a/source/mircoders/media/MediaRequest.java
+++ b/source/mircoders/media/MediaRequest.java
@@ -55,7 +55,7 @@ import mir.media.*;
  *    appropriate media objects are set.
  *
  * @author mh
- * @version $Id: MediaRequest.java,v 1.10 2002/12/17 19:20:31 zapata Exp $
+ * @version $Id: MediaRequest.java,v 1.11 2002/12/23 03:38:32 mh Exp $
  *
  */
 
@@ -143,6 +143,21 @@ public class MediaRequest implements FileHandler
         _throwBadContentType(fileName, contentType);
       }
 
+      // call the routines that escape html
+      for (Iterator i=mediaValues.keySet().iterator(); i.hasNext(); ){
+        String k=(String)i.next();
+        String v=(String)mediaValues.get(k);
+        
+        if (k.equals("description")) {
+          String tmp = StringUtil.deleteForbiddenTags(v);
+          mediaValues.put(k,StringUtil.deleteHTMLTableTags(tmp));
+        } else {
+          //we don't want people fucking with the author/title, etc..
+          mediaValues.put(k,StringUtil.removeHTMLTags(v));
+        }
+        
+      }
+
       String mediaTitle = (String)mediaValues.get("media_title"+fileNum);
       if ( (mediaTitle == null) || (mediaTitle.length() == 0)) {
         //  uncomment the next line and comment out the exception throw
-- 
2.11.0