Update articlescontainer.class.php to allow using numbers at start of tag to be treated still as tag

[jasonabird]

Changed to use filter_var when available so tags/strings that start with a number are still evaluated false as an int vs showing as a full int and being treated as a user id.

Currently if a tag starts with a number it is treated as a user id due to have intval casts. As filter_var was added later than MODX min requirements, added conditional logic to maintain backwards compatibility but allow proper validation in future versions.

[jpdevries]

thanks for this @jasonabird

[jpdevries]

@jasonabird have you tested this? I believe this needs to have quotes around it?

if(function_exists('filter_var'))

[jasonabird]

I did test it on php 5.3 and 5.4 (don't remember subversion) as it was needed for a client that had the issue. I didn't test back to 5.1 though. Might not hurt to test a little more but wanted to contribute back the fix I applied that was breaking a tag.

On Jan 13, 2014, at 11:45, JP DeVries notifications@github.com wrote:

In core/components/articles/model/articles/articlescontainer.class.php:

@@ -322,7 +322,10 @@ public function getPostListingCall($placeholderPrefix = '') {
$where = array('class_key' => 'Article');
if (!empty($_REQUEST['arc_author'])) {
$userPk = $this->xpdo->sanitizeString($_REQUEST['arc_author']);

•        if (intval($userPk) == 0) {
  

•        if (function_exists(filter_var)) {
  

  @jasonabird have you tested this? I believe this needs to have quotes around it?

if(function_exists('filter_var'))
—
Reply to this email directly or view it on GitHub.

[jpdevries]

sounds good, i'd love to merge this but could you first wrap filter_var in quotes? even if it works as is, that param should be wrapped in single quotes
http://us1.php.net/function_exists

[jasonabird]

Looking at the docs again you are completely right. Updated the code and tested on the live site I did this for and still looks good. Thanks for your critical eye to catch that!