extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-26 16:48:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed server-side validation of url-email and taglist-email:

Browse Source 
- PHP does NOT allow \x00 in regular expression
- added PHP /u modifier for utf-8
- using now regular expression including start- / end-delemiter and modifiers, to have same regular expression (but above 2 exeptions) in PHP and javascript
This commit is contained in:
Ralf Becker 2014-01-17 17:26:22 +00:00
parent da60fe1228
commit b31befc23b
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etemplate/inc/class.etemplate_widget_taglist.inc.php
View File

@ -96,7 +96,7 @@ class etemplate_widget_taglist extends etemplate_widget
self::set_validation_error($form_name,lang("'%1' is NOT allowed ('%2')!",$val,implode("','",array_keys($allowed))),'');
unset($value[$key]);
}
if($this->type == 'taglist-email' && !preg_match('/('.etemplate_widget_url::EMAIL_PREG.')?/iu',$val))
if($this->type == 'taglist-email' && !preg_match(etemplate_widget_url::EMAIL_PREG, $val))
{
self::set_validation_error($form_name,lang("'%1' has an invalid format",$val),'');
}

7
etemplate/inc/class.etemplate_widget_url.inc.php
View File

@ -31,9 +31,9 @@ class etemplate_widget_url extends etemplate_widget
*
* About umlaut or IDN domains: we currently only allow German umlauts in domain part!
*
* Same preg is in et2_widget_url Javascript class!
* Same preg is in et2_widget_url Javascript class, but no \x00 allowed and /u modifier for utf8!
*/
const EMAIL_PREG = "/^(([^\042',<][^,<]+|\042[^\042]+\042|\'[^\']+\'|)\s?<)?[^\x00-\x20()<>@,;:\042\[\]]+@([a-z0-9ÄÖÜäöüß](|[a-z0-9ÄÖÜäöüß_-]*[a-z0-9ÄÖÜäöüß])\.)+[a-z]{2,6}>?$/i";
const EMAIL_PREG = "/^(([^\042',<][^,<]+|\042[^\042]+\042|\'[^\']+\'|)\s?<)?[^\x01-\x20()<>@,;:\042\[\]]+@([a-z0-9ÄÖÜäöüß](|[a-z0-9ÄÖÜäöüß_-]*[a-z0-9ÄÖÜäöüß])\.)+[a-z]{2,6}>?$/iu";
/**
* Validate input
@ -78,7 +78,7 @@ class etemplate_widget_url extends etemplate_widget
}
break;
case 'url-email':
$this->attrs['preg'] = '/('.self::EMAIL_PREG.')?$/iu';
$this->attrs['preg'] = self::EMAIL_PREG;
break;
}
}
@ -94,6 +94,7 @@ class etemplate_widget_url extends etemplate_widget
switch($this->type)
{
default:
//error_log("preg_match('{$this->attrs['preg']}', '$value')=".array2string(preg_match($this->attrs['preg'], $value)));
self::set_validation_error($form_name,lang("'%1' has an invalid format",$value)/*." !preg_match('$this->attrs[preg]', '$value')"*/,'');
break;
}