maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

secure userinput when adding/editing admins/customers

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2022-10-27 14:20:07 +02:00
parent afde51ecf6
commit 7cb5135725
2 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/Froxlor/Api/Commands/Admins.php
View File

@@ -245,7 +245,7 @@ class Admins extends ApiCommand implements ResourceEntity
$ipaddress = $this->getParam('ipaddress', true, -1);
// validation
$name = Validate::validate($name, 'name', '', '', [], true);
$name = Validate::validate($name, 'name', Validate::REGEX_DESC_TEXT, '', [], true);
$idna_convert = new IdnaWrapper();
$email = $idna_convert->encode(Validate::validate($email, 'email', '', '', [], true));
$def_language = Validate::validate($def_language, 'default language', '', '', [], true);
@@ -581,7 +581,7 @@ class Admins extends ApiCommand implements ResourceEntity
}
// validation
$name = Validate::validate($name, 'name', '', '', [], true);
$name = Validate::validate($name, 'name', Validate::REGEX_DESC_TEXT, '', [], true);
$idna_convert = new IdnaWrapper();
$email = $idna_convert->encode(Validate::validate($email, 'email', '', '', [], true));
$def_language = Validate::validate($def_language, 'default language', '', '', [], true);

20
lib/Froxlor/Api/Commands/Customers.php
View File

@@ -361,12 +361,12 @@ class Customers extends ApiCommand implements ResourceEntity
}
// validation
$name = Validate::validate($name, 'name', '', '', [], true);
$firstname = Validate::validate($firstname, 'first name', '', '', [], true);
$company = Validate::validate($company, 'company', '', '', [], true);
$street = Validate::validate($street, 'street', '', '', [], true);
$name = Validate::validate($name, 'name', Validate::REGEX_DESC_TEXT, '', [], true);
$firstname = Validate::validate($firstname, 'first name', Validate::REGEX_DESC_TEXT, '', [], true);
$company = Validate::validate($company, 'company', Validate::REGEX_DESC_TEXT, '', [], true);
$street = Validate::validate($street, 'street', Validate::REGEX_DESC_TEXT, '', [], true);
$zipcode = Validate::validate($zipcode, 'zipcode', '/^[0-9 \-A-Z]*$/', '', [], true);
$city = Validate::validate($city, 'city', '', '', [], true);
$city = Validate::validate($city, 'city', Validate::REGEX_DESC_TEXT, '', [], true);
$phone = Validate::validate($phone, 'phone', '/^[0-9\- \+\(\)\/]*$/', '', [], true);
$fax = Validate::validate($fax, 'fax', '/^[0-9\- \+\(\)\/]*$/', '', [], true);
$idna_convert = new IdnaWrapper();
@@ -1080,12 +1080,12 @@ class Customers extends ApiCommand implements ResourceEntity
// validation
if ($this->isAdmin()) {
$idna_convert = new IdnaWrapper();
$name = Validate::validate($name, 'name', '', '', [], true);
$firstname = Validate::validate($firstname, 'first name', '', '', [], true);
$company = Validate::validate($company, 'company', '', '', [], true);
$street = Validate::validate($street, 'street', '', '', [], true);
$name = Validate::validate($name, 'name', Validate::REGEX_DESC_TEXT, '', [], true);
$firstname = Validate::validate($firstname, 'first name', Validate::REGEX_DESC_TEXT, '', [], true);
$company = Validate::validate($company, 'company', Validate::REGEX_DESC_TEXT, '', [], true);
$street = Validate::validate($street, 'street', Validate::REGEX_DESC_TEXT, '', [], true);
$zipcode = Validate::validate($zipcode, 'zipcode', '/^[0-9 \-A-Z]*$/', '', [], true);
$city = Validate::validate($city, 'city', '', '', [], true);
$city = Validate::validate($city, 'city', Validate::REGEX_DESC_TEXT, '', [], true);
$phone = Validate::validate($phone, 'phone', '/^[0-9\- \+\(\)\/]*$/', '', [], true);
$fax = Validate::validate($fax, 'fax', '/^[0-9\- \+\(\)\/]*$/', '', [], true);
$email = $idna_convert->encode(Validate::validate($email, 'email', '', '', [], true));