Module: tools Branch: master Commit: f2025b7ccbc06e57180926c337b2ac82a42c741d URL: http://source.winehq.org/git/tools.git/?a=commit;h=f2025b7ccbc06e57180926c33...
Author: Mikolaj Zalewski mikolajz@tygrys.dom Date: Wed Feb 13 20:06:21 2008 +0100
validate input data
---
php/lib.php | 21 +++++++++++++++++++++ php/resfile.php | 2 +- php/resource.php | 6 +++--- 3 files changed, 25 insertions(+), 4 deletions(-)
diff --git a/php/lib.php b/php/lib.php index e5e68b7..8b6a95e 100644 --- a/php/lib.php +++ b/php/lib.php @@ -12,6 +12,27 @@ function validate_lang($id) return $lang; }
+function validate_type($type) +{ + if (!preg_match("/^[0-9]+$/", $type)) + die("Invalid type"); + return $type; +} + +function validate_resfile($resfile) +{ + if (!preg_match("*^[a-zA-Z0-9/.-_]+$*", $resfile)) + die("Invalid resource file"); + return $resfile; +} + +function validate_id($id) +{ + if (!preg_match("/^[a-zA-Z0-9_]+$/", $id)) + die("Invalid resource file"); + return $id; +} + function get_lang_name($id) { global $DATAROOT; diff --git a/php/resfile.php b/php/resfile.php index 6685c50..facf721 100644 --- a/php/resfile.php +++ b/php/resfile.php @@ -3,7 +3,7 @@ include("config.php"); include("lib.php");
$lang = validate_lang($_REQUEST['lang']); -$resfile = $_REQUEST['resfile']; +$resfile = validate_resfile($_REQUEST['resfile']);
$file = fopen("$DATAROOT/langs/$lang", "r"); $msgs = array(); diff --git a/php/resource.php b/php/resource.php index 5c7cbba..2d9602d 100644 --- a/php/resource.php +++ b/php/resource.php @@ -3,9 +3,9 @@ include("config.php"); include("lib.php");
$lang = validate_lang($_REQUEST['lang']); -$resfile = $_REQUEST['resfile']; -$type = $_REQUEST['type']; -$id = $_REQUEST['id']; +$resfile = validate_resfile($_REQUEST['resfile']); +$type = validate_type($_REQUEST['type']); +$id = validate_id($_REQUEST['id']);
$norm_fn = preg_replace("/[^A-Za-z0-9]/", "-", $resfile); $file = fopen("$DATAROOT/dumps/$norm_fn/$lang-$type-$id", "r");
-
Alexandre Julliard