additional checks
This commit is contained in:
Roland Gruber
parent
90b83be7c8
commit
e61324a599
|
|
@ -289,9 +289,13 @@ class LAMConfig {
|
|||
/**
|
||||
* Loads preferences from config file
|
||||
*
|
||||
* @param integer $file Index number in config file array
|
||||
* @param String $file file name without ".conf" (e.g. lam)
|
||||
*/
|
||||
function __construct($file = 0) {
|
||||
function __construct($file) {
|
||||
if (empty($file) || !preg_match("/^[a-z0-9_-]+$/i", $file)) {
|
||||
logNewMessage('ERROR', 'Invalid config file name: ' . $file);
|
||||
die();
|
||||
}
|
||||
// load first profile if none is given
|
||||
if (!is_string($file)) {
|
||||
$profiles = getConfigProfiles();
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ function checkClientIP() {
|
|||
$grantAccess = false;
|
||||
for ($i = 0; $i < sizeof($allowedHosts); $i++) {
|
||||
$host = $allowedHosts[$i];
|
||||
$ipRegex = '/^[0-9\\.\\*]+$/';
|
||||
$ipRegex = '/^[0-9a-z\\.:\\*]+$/i';
|
||||
if (!preg_match($ipRegex, $host)) continue;
|
||||
$hostRegex = str_replace(".", "\\.", $host);
|
||||
$hostRegex = '/^' . str_replace("*", ".*", $hostRegex) . '$/';
|
||||
|
|
|
|||
|
|
@ -434,10 +434,10 @@ function checkInput() {
|
|||
if (isLAMProVersion()) {
|
||||
$conf->setAccessLevel($_POST['accessLevel']);
|
||||
if (!$conf->setLamProMailFrom($_POST['pwdResetMail_from'])) {
|
||||
$errors[] = array("ERROR", _("From address for password mails is invalid."), $_POST['pwdResetMail_from']);
|
||||
$errors[] = array("ERROR", _("From address for password mails is invalid."), htmlspecialchars($_POST['pwdResetMail_from']));
|
||||
}
|
||||
if (!$conf->setLamProMailReplyTo($_POST['pwdResetMail_replyTo'])) {
|
||||
$errors[] = array("ERROR", _("Reply-to address for password mails is invalid."), $_POST['pwdResetMail_replyTo']);
|
||||
$errors[] = array("ERROR", _("Reply-to address for password mails is invalid."), htmlspecialchars($_POST['pwdResetMail_replyTo']));
|
||||
}
|
||||
$conf->setLamProMailSubject($_POST['pwdResetMail_subject']);
|
||||
if (isset($_POST['pwdResetMail_isHTML']) && ($_POST['pwdResetMail_isHTML'] == 'on')) {
|
||||
|
|
|
|||
|
|
@ -90,9 +90,9 @@ if (isset($_POST['submit'])) {
|
|||
continue;
|
||||
}
|
||||
// check each line
|
||||
$ipRegex = '/^[0-9\\.\\*]+$/';
|
||||
$ipRegex = '/^[0-9a-f\\.:\\*]+$/i';
|
||||
if (!preg_match($ipRegex, $allowedHostsList[$i]) || (strlen($allowedHostsList[$i]) > 15)) {
|
||||
$errors[] = sprintf(_("The IP address %s is invalid!"), str_replace('%', '%%', $allowedHostsList[$i]));
|
||||
$errors[] = sprintf(_("The IP address %s is invalid!"), htmlspecialchars(str_replace('%', '%%', $allowedHostsList[$i])));
|
||||
}
|
||||
}
|
||||
$allowedHosts = implode(",", $allowedHostsList);
|
||||
|
|
|
|||
|
|
@ -109,22 +109,28 @@ if (isset($_POST['action'])) {
|
|||
}
|
||||
// set new profile password
|
||||
elseif ($_POST['action'] == "setpass") {
|
||||
if ($_POST['setpassword'] && $_POST['setpassword2'] && ($_POST['setpassword'] == $_POST['setpassword2'])) {
|
||||
$config = new LAMConfig($_POST['setprofile']);
|
||||
$config->set_Passwd($_POST['setpassword']);
|
||||
$config->save();
|
||||
$config = null;
|
||||
$msg = _("New password set successfully.");
|
||||
if (preg_match("/^[a-z0-9_-]+$/i", $_POST['setprofile'])) {
|
||||
if ($_POST['setpassword'] && $_POST['setpassword2'] && ($_POST['setpassword'] == $_POST['setpassword2'])) {
|
||||
$config = new LAMConfig($_POST['setprofile']);
|
||||
$config->set_Passwd($_POST['setpassword']);
|
||||
$config->save();
|
||||
$config = null;
|
||||
$msg = _("New password set successfully.");
|
||||
}
|
||||
else $error = _("Profile passwords are different or empty!");
|
||||
}
|
||||
else $error = _("Profile passwords are different or empty!");
|
||||
else $error = _("Profile name is invalid!");
|
||||
}
|
||||
// set default profile
|
||||
elseif ($_POST['action'] == "setdefault") {
|
||||
$configMain = new LAMCfgMain();
|
||||
$configMain->default = $_POST['defaultfilename'];
|
||||
$configMain->save();
|
||||
$configMain = null;
|
||||
$msg = _("New default profile set successfully.");
|
||||
if (preg_match("/^[a-z0-9_-]+$/i", $_POST['defaultfilename'])) {
|
||||
$configMain = new LAMCfgMain();
|
||||
$configMain->default = $_POST['defaultfilename'];
|
||||
$configMain->save();
|
||||
$configMain = null;
|
||||
$msg = _("New default profile set successfully.");
|
||||
}
|
||||
else $error = _("Profile name is invalid!");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue