Fix overly permissive hostname validation, fix host check

`[\w\W]` matches EVERYTHING. Validation failed. Also remove `\d` as that `\w` is a superset of it. Also check that the host parameter is actually non-empty, otherwise `collectd_plugins` will happily return results as the directory `$CONFIG['datadir'] . '/' . ''` trivially exists...
author: Peter Wu 2014-07-21 00:11:24 +0200
committer: Peter Wu 2014-07-21 00:11:24 +0200
commit: da067f6df3064c019ae9c22432ccf99a08a84915 (patch)
tree: 03fd70b003ac5ef075bfe483f1325171ce5fe2a8
parent: Fix regex for strange datadirs (diff)
download: apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.zip
apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.tar.gz
apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.tar.bz2
apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.tar.xz
2 files changed, 3 insertions, 3 deletions
diff --git a/host.php b/host.php
index 97f4dae..a19aecc 100644
--- a/host.php
+++ b/host.php
@@ -15,7 +15,7 @@ printf("<fieldset id=\"%s\">", htmlentities($host));
 printf("<legend>%s</legend>", htmlentities($host));
-if (!$plugins = collectd_plugins($host)) {
+if (!strlen($host) || !$plugins = collectd_plugins($host)) {
        echo "Unknown host\n";
        return false;
 }
diff --git a/inc/functions.inc.php b/inc/functions.inc.php
index fed4b10..c32b3ef 100644
--- a/inc/functions.inc.php
+++ b/inc/functions.inc.php
@@ -11,7 +11,7 @@ function GET($index) {
 function validate_get($value, $type) {
        switch($type) {
                case 'host':
-                        if (!preg_match('/^[\d\w\W]+$/u', $value))
+                        if (!preg_match('/^[\w-.]+$/u', $value))
                                return NULL;
                break;
                case 'plugin':
@@ -22,7 +22,7 @@ function validate_get($value, $type) {
                break;
                case 'pinstance':
                case 'tinstance':
-                        if (!preg_match('/^[\d\w-]+$/u', $value))
+                        if (!preg_match('/^[\w-]+$/u', $value))
                                return NULL;
                break;
        }
author	Peter Wu	2014-07-21 00:11:24 +0200
committer	Peter Wu	2014-07-21 00:11:24 +0200
commit	da067f6df3064c019ae9c22432ccf99a08a84915 (patch)
tree	03fd70b003ac5ef075bfe483f1325171ce5fe2a8
parent	Fix regex for strange datadirs (diff)
download	apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.zip apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.tar.gz apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.tar.bz2 apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.tar.xz

diff --git a/host.php b/host.php index 97f4dae..a19aecc 100644 --- a/host.php +++ b/host.php
@@ -15,7 +15,7 @@ printf("<fieldset id=\"%s\">", htmlentities($host));
15	printf("<legend>%s</legend>", htmlentities($host));	15	printf("<legend>%s</legend>", htmlentities($host));
16		16
17		17
18	if (!$plugins = collectd_plugins($host)) {	18	if (!strlen($host) \|\| !$plugins = collectd_plugins($host)) {
19	echo "Unknown host\n";	19	echo "Unknown host\n";
20	return false;	20	return false;
21	}	21	}


diff --git a/inc/functions.inc.php b/inc/functions.inc.php index fed4b10..c32b3ef 100644 --- a/inc/functions.inc.php +++ b/inc/functions.inc.php
@@ -11,7 +11,7 @@ function GET($index) {
11	function validate_get($value, $type) {	11	function validate_get($value, $type) {
12	switch($type) {	12	switch($type) {
13	case 'host':	13	case 'host':
14	if (!preg_match('/^[\d\w\W]+$/u', $value))	14	if (!preg_match('/^[\w-.]+$/u', $value))
15	return NULL;	15	return NULL;
16	break;	16	break;
17	case 'plugin':	17	case 'plugin':
@@ -22,7 +22,7 @@ function validate_get($value, $type) {
22	break;	22	break;
23	case 'pinstance':	23	case 'pinstance':
24	case 'tinstance':	24	case 'tinstance':
25	if (!preg_match('/^[\d\w-]+$/u', $value))	25	if (!preg_match('/^[\w-]+$/u', $value))
26	return NULL;	26	return NULL;
27	break;	27	break;
28	}	28	}