diff options
author | Peter Wu | 2014-07-21 00:11:24 +0200 |
---|---|---|
committer | Peter Wu | 2014-07-21 00:11:24 +0200 |
commit | da067f6df3064c019ae9c22432ccf99a08a84915 (patch) | |
tree | 03fd70b003ac5ef075bfe483f1325171ce5fe2a8 /inc/functions.inc.php | |
parent | Fix regex for strange datadirs (diff) | |
download | apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.zip apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.tar.gz apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.tar.bz2 apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.tar.xz |
Fix overly permissive hostname validation, fix host check
`[\w\W]` matches EVERYTHING. Validation failed. Also remove `\d` as that
`\w` is a superset of it.
Also check that the host parameter is actually non-empty, otherwise
`collectd_plugins` will happily return results as the directory
`$CONFIG['datadir'] . '/' . ''` trivially exists...
Diffstat (limited to 'inc/functions.inc.php')
-rw-r--r-- | inc/functions.inc.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/inc/functions.inc.php b/inc/functions.inc.php index fed4b10..c32b3ef 100644 --- a/inc/functions.inc.php +++ b/inc/functions.inc.php | |||
@@ -11,7 +11,7 @@ function GET($index) { | |||
11 | function validate_get($value, $type) { | 11 | function validate_get($value, $type) { |
12 | switch($type) { | 12 | switch($type) { |
13 | case 'host': | 13 | case 'host': |
14 | if (!preg_match('/^[\d\w\W]+$/u', $value)) | 14 | if (!preg_match('/^[\w-.]+$/u', $value)) |
15 | return NULL; | 15 | return NULL; |
16 | break; | 16 | break; |
17 | case 'plugin': | 17 | case 'plugin': |
@@ -22,7 +22,7 @@ function validate_get($value, $type) { | |||
22 | break; | 22 | break; |
23 | case 'pinstance': | 23 | case 'pinstance': |
24 | case 'tinstance': | 24 | case 'tinstance': |
25 | if (!preg_match('/^[\d\w-]+$/u', $value)) | 25 | if (!preg_match('/^[\w-]+$/u', $value)) |
26 | return NULL; | 26 | return NULL; |
27 | break; | 27 | break; |
28 | } | 28 | } |