forked from extern/egroupware
fixed server-side validation of url-email and taglist-email:
- PHP does NOT allow \x00 in regular expression - added PHP /u modifier for utf-8 - using now regular expression including start- / end-delemiter and modifiers, to have same regular expression (but above 2 exeptions) in PHP and javascript
This commit is contained in:
Ralf Becker
parent
da60fe1228
commit
b31befc23b
@ -96,7 +96,7 @@ class etemplate_widget_taglist extends etemplate_widget
|
|||||||
self::set_validation_error($form_name,lang("'%1' is NOT allowed ('%2')!",$val,implode("','",array_keys($allowed))),'');
|
self::set_validation_error($form_name,lang("'%1' is NOT allowed ('%2')!",$val,implode("','",array_keys($allowed))),'');
|
||||||
unset($value[$key]);
|
unset($value[$key]);
|
||||||
}
|
}
|
||||||
if($this->type == 'taglist-email' && !preg_match('/('.etemplate_widget_url::EMAIL_PREG.')?/iu',$val))
|
if($this->type == 'taglist-email' && !preg_match(etemplate_widget_url::EMAIL_PREG, $val))
|
||||||
{
|
{
|
||||||
self::set_validation_error($form_name,lang("'%1' has an invalid format",$val),'');
|
self::set_validation_error($form_name,lang("'%1' has an invalid format",$val),'');
|
||||||
}
|
}
|
||||||
|
|||||||
@ -31,9 +31,9 @@ class etemplate_widget_url extends etemplate_widget
|
|||||||
*
|
*
|
||||||
* About umlaut or IDN domains: we currently only allow German umlauts in domain part!
|
* About umlaut or IDN domains: we currently only allow German umlauts in domain part!
|
||||||
*
|
*
|
||||||
* Same preg is in et2_widget_url Javascript class!
|
* Same preg is in et2_widget_url Javascript class, but no \x00 allowed and /u modifier for utf8!
|
||||||
*/
|
*/
|
||||||
const EMAIL_PREG = "/^(([^\042',<][^,<]+|\042[^\042]+\042|\'[^\']+\'|)\s?<)?[^\x00-\x20()<>@,;:\042\[\]]+@([a-z0-9ÄÖÜäöüß](|[a-z0-9ÄÖÜäöüß_-]*[a-z0-9ÄÖÜäöüß])\.)+[a-z]{2,6}>?$/i";
|
const EMAIL_PREG = "/^(([^\042',<][^,<]+|\042[^\042]+\042|\'[^\']+\'|)\s?<)?[^\x01-\x20()<>@,;:\042\[\]]+@([a-z0-9ÄÖÜäöüß](|[a-z0-9ÄÖÜäöüß_-]*[a-z0-9ÄÖÜäöüß])\.)+[a-z]{2,6}>?$/iu";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Validate input
|
* Validate input
|
||||||
@ -78,7 +78,7 @@ class etemplate_widget_url extends etemplate_widget
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'url-email':
|
case 'url-email':
|
||||||
$this->attrs['preg'] = '/('.self::EMAIL_PREG.')?$/iu';
|
$this->attrs['preg'] = self::EMAIL_PREG;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -94,6 +94,7 @@ class etemplate_widget_url extends etemplate_widget
|
|||||||
switch($this->type)
|
switch($this->type)
|
||||||
{
|
{
|
||||||
default:
|
default:
|
||||||
|
//error_log("preg_match('{$this->attrs['preg']}', '$value')=".array2string(preg_match($this->attrs['preg'], $value)));
|
||||||
self::set_validation_error($form_name,lang("'%1' has an invalid format",$value)/*." !preg_match('$this->attrs[preg]', '$value')"*/,'');
|
self::set_validation_error($form_name,lang("'%1' has an invalid format",$value)/*." !preg_match('$this->attrs[preg]', '$value')"*/,'');
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user