From c72729730c93facff3065ee53f747acfc4ad8c08 Mon Sep 17 00:00:00 2001
From: uid108615 <uid108615>
Date: Thu, 23 Oct 2003 19:31:17 +0000
Subject: [PATCH] return false if profile name is invalid, fixed regular
 expressions for profile names

---
 lam/lib/profiles.inc                     | 21 ++++++++++++---------
 lam/templates/profedit/profilecreate.php | 12 ++++++++++--
 2 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/lam/lib/profiles.inc b/lam/lib/profiles.inc
index ac6b3272..af10428a 100644
--- a/lam/lib/profiles.inc
+++ b/lam/lib/profiles.inc
@@ -86,7 +86,7 @@ function getHostProfiles() {
 // $profile: name of the profile (without .pru)
 // the return value is an account object
 function loadUserProfile($profile) {
-	if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit;
+	if (!eregi("^[0-9a-z_\\-]+$", $profile)) return false;
 	$acc = new account();
 	$file = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/config/profiles/users/" . $profile . ".pru";
 	if (is_file($file) == True) {
@@ -262,7 +262,7 @@ function loadUserProfile($profile) {
 // $profile: name of the group profile (without .prg)
 // the return value is an account object
 function loadGroupProfile($profile) {
-	if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit;
+	if (!eregi("^[0-9a-z_\\-]+$", $profile)) return false;
 	$acc = new account();
 	$file = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/config/profiles/groups/" . $profile . ".prg";
 	if (is_file($file) == True) {
@@ -329,7 +329,7 @@ function loadGroupProfile($profile) {
 // $profile: name of the host profile (without .prh)
 // the return value is an account object
 function loadHostProfile($profile) {
-	if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit;
+	if (!eregi("^[0-9a-z_\\-]+$", $profile)) return false;
 	$acc = new account();
 	$file = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/config/profiles/hosts/" . $profile . ".prh";
 	if (is_file($file) == True) {
@@ -386,7 +386,8 @@ function loadHostProfile($profile) {
 // $profile: name of the user profile (without .pru)
 // $account: account object which is saved
 function saveUserProfile($account, $profile) {
-	if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit;
+	// check profile name
+	if (!eregi("^[0-9a-z_\\-]+$", $profile)) return false;
 	if (!is_object($account)) {
 		StatusMessage("ERROR", "", _("saveUserProfile: account has wrong type!"));
 		exit;
@@ -457,7 +458,8 @@ function saveUserProfile($account, $profile) {
 // $profile: name of the group profile (without .prg)
 // $account: account object which is saved
 function saveGroupProfile($account, $profile) {
-	if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit;
+	// check profile name
+	if (!eregi("^[0-9a-z_\\-]+$", $profile)) return false;
 	if (!is_object($account)) {
 		StatusMessage("ERROR", "", _("saveGroupProfile: account has wrong type!"));
 		exit;
@@ -490,7 +492,8 @@ function saveGroupProfile($account, $profile) {
 // $profile: name of the host profile (without .prh)
 // $account: account object which is saved
 function saveHostProfile($account, $profile) {
-	if (!eregi("^[0-9a-z\\-_]+$", $profile)) exit;
+	// check profile name
+	if (!eregi("^[0-9a-z_\\-]+$", $profile)) return false;
 	if (!is_object($account)) {
 		StatusMessage ("ERROR", "", _("saveHostProfile: account has wrong type!"));
 		exit;
@@ -513,7 +516,7 @@ function saveHostProfile($account, $profile) {
 
 // deletes a user profile
 function delUserProfile($file) {
-	if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit;
+	if (!eregi("^[0-9a-z_\\-]+$", $profile)) exit;
 	$prof = substr(__FILE__, 0, strlen(__FILE__) - 16) . "config/profiles/users/".$file.".pru";
 	if (is_file($prof)) {
 		return @unlink($prof);
@@ -522,7 +525,7 @@ function delUserProfile($file) {
 
 // deletes a group profile
 function delGroupProfile($file) {
-	if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit;
+	if (!eregi("^[0-9a-z_\\-]+$", $profile)) exit;
 	$prof = substr(__FILE__, 0, strlen(__FILE__) - 16) . "config/profiles/groups/".$file.".prg";
 	if (is_file($prof)) {
 		return @unlink($prof);
@@ -531,7 +534,7 @@ function delGroupProfile($file) {
 
 // deletes a host profile
 function delHostProfile($file) {
-	if (!eregi("^([0-9]|[a-z]|-|_)*$", $profile)) exit;
+	if (!eregi("^[0-9a-z_\\-]+$", $profile)) exit;
 	$prof = substr(__FILE__, 0, strlen(__FILE__) - 16) . "config/profiles/hosts/".$file.".prh";
 	if (is_file($prof)) {
 		return @unlink($prof);
diff --git a/lam/templates/profedit/profilecreate.php b/lam/templates/profedit/profilecreate.php
index ba3bac33..2bffd766 100644
--- a/lam/templates/profedit/profilecreate.php
+++ b/lam/templates/profedit/profilecreate.php
@@ -271,7 +271,7 @@ if ($_GET['type'] == "user") {
 		}
 	}
 
-	if ($_POST['profname'] && eregi("^[0-9a-z\\-_]+$", $_POST['profname'])) {
+	if ($_POST['profname'] && eregi("^[0-9a-z_\\-]+$", $_POST['profname'])) {
 		$profname = $_POST['profname'];
 	}
 	else {
@@ -336,7 +336,7 @@ elseif ($_GET['type'] == "group") {
 		}
 	}
 
-	if ($_POST['profname'] && eregi("^[0-9a-z\\-_]+$", $_POST['profname'])) {
+	if ($_POST['profname'] && eregi("^[0-9a-z_\\-]+$", $_POST['profname'])) {
 		$profname = $_POST['profname'];
 	}
 	else {
@@ -375,6 +375,14 @@ elseif ($_GET['type'] == "host") {
 		echo ("<br><br><a href=\"javascript:history.back()\">" . _("Back to Profile Editor") . "</a>");
 		exit;
 	}
+	if ($_POST['profname'] && eregi("^[0-9a-z_\\-]+$", $_POST['profname'])) {
+		$profname = $_POST['profname'];
+	}
+	else {
+		StatusMessage("ERROR", _("Invalid profile name!"), $_POST['profname']);
+		echo ("<br><br><a href=\"javascript:history.back()\">" . _("Back to Profile Editor") . "</a>");
+		exit;
+	}
 	// save profile
 	if (saveHostProfile($acct, $profname)) {
 		echo StatusMessage("INFO", _("Profile was saved."), $profname);