diff options
| author | Peter Wu | 2014-07-21 00:11:24 +0200 |
|---|---|---|
| committer | Peter Wu | 2014-07-21 00:11:24 +0200 |
| commit | da067f6df3064c019ae9c22432ccf99a08a84915 (patch) | |
| tree | 03fd70b003ac5ef075bfe483f1325171ce5fe2a8 /inc | |
| parent | Fix regex for strange datadirs (diff) | |
| download | apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.zip apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.tar.gz apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.tar.bz2 apt-panopticon_cgp-da067f6df3064c019ae9c22432ccf99a08a84915.tar.xz | |
Fix overly permissive hostname validation, fix host check
`[\w\W]` matches EVERYTHING. Validation failed. Also remove `\d` as that
`\w` is a superset of it.
Also check that the host parameter is actually non-empty, otherwise
`collectd_plugins` will happily return results as the directory
`$CONFIG['datadir'] . '/' . ''` trivially exists...
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/functions.inc.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/inc/functions.inc.php b/inc/functions.inc.php index fed4b10..c32b3ef 100644 --- a/inc/functions.inc.php +++ b/inc/functions.inc.php | |||
| @@ -11,7 +11,7 @@ function GET($index) { | |||
| 11 | function validate_get($value, $type) { | 11 | function validate_get($value, $type) { |
| 12 | switch($type) { | 12 | switch($type) { |
| 13 | case 'host': | 13 | case 'host': |
| 14 | if (!preg_match('/^[\d\w\W]+$/u', $value)) | 14 | if (!preg_match('/^[\w-.]+$/u', $value)) |
| 15 | return NULL; | 15 | return NULL; |
| 16 | break; | 16 | break; |
| 17 | case 'plugin': | 17 | case 'plugin': |
| @@ -22,7 +22,7 @@ function validate_get($value, $type) { | |||
| 22 | break; | 22 | break; |
| 23 | case 'pinstance': | 23 | case 'pinstance': |
| 24 | case 'tinstance': | 24 | case 'tinstance': |
| 25 | if (!preg_match('/^[\d\w-]+$/u', $value)) | 25 | if (!preg_match('/^[\w-]+$/u', $value)) |
| 26 | return NULL; | 26 | return NULL; |
| 27 | break; | 27 | break; |
| 28 | } | 28 | } |