From da067f6df3064c019ae9c22432ccf99a08a84915 Mon Sep 17 00:00:00 2001
From: Peter Wu
Date: Mon, 21 Jul 2014 00:11:24 +0200
Subject: Fix overly permissive hostname validation, fix host check

`[\w\W]` matches EVERYTHING. Validation failed. Also remove `\d` as that
`\w` is a superset of it.

Also check that the host parameter is actually non-empty, otherwise
`collectd_plugins` will happily return results as the directory
`$CONFIG['datadir'] . '/' . ''` trivially exists...
---
 host.php              | 2 +-
 inc/functions.inc.php | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/host.php b/host.php
index 97f4dae..a19aecc 100644
--- a/host.php
+++ b/host.php
@@ -15,7 +15,7 @@ printf("<fieldset id=\"%s\">", htmlentities($host));
 printf("<legend>%s</legend>", htmlentities($host));
 
 
-if (!$plugins = collectd_plugins($host)) {
+if (!strlen($host) || !$plugins = collectd_plugins($host)) {
 	echo "Unknown host\n";
 	return false;
 }
diff --git a/inc/functions.inc.php b/inc/functions.inc.php
index fed4b10..c32b3ef 100644
--- a/inc/functions.inc.php
+++ b/inc/functions.inc.php
@@ -11,7 +11,7 @@ function GET($index) {
 function validate_get($value, $type) {
 	switch($type) {
 		case 'host':
-			if (!preg_match('/^[\d\w\W]+$/u', $value))
+			if (!preg_match('/^[\w-.]+$/u', $value))
 				return NULL;
 		break;
 		case 'plugin':
@@ -22,7 +22,7 @@ function validate_get($value, $type) {
 		break;
 		case 'pinstance':
 		case 'tinstance':
-			if (!preg_match('/^[\d\w-]+$/u', $value))
+			if (!preg_match('/^[\w-]+$/u', $value))
 				return NULL;
 		break;
 	}
-- 
cgit v1.1