From da067f6df3064c019ae9c22432ccf99a08a84915 Mon Sep 17 00:00:00 2001
From: Peter Wu
Date: Mon, 21 Jul 2014 00:11:24 +0200
Subject: Fix overly permissive hostname validation, fix host check

`[\w\W]` matches EVERYTHING. Validation failed. Also remove `\d` as that
`\w` is a superset of it.

Also check that the host parameter is actually non-empty, otherwise
`collectd_plugins` will happily return results as the directory
`$CONFIG['datadir'] . '/' . ''` trivially exists...
---
 inc/functions.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'inc')

diff --git a/inc/functions.inc.php b/inc/functions.inc.php
index fed4b10..c32b3ef 100644
--- a/inc/functions.inc.php
+++ b/inc/functions.inc.php
@@ -11,7 +11,7 @@ function GET($index) {
 function validate_get($value, $type) {
 	switch($type) {
 		case 'host':
-			if (!preg_match('/^[\d\w\W]+$/u', $value))
+			if (!preg_match('/^[\w-.]+$/u', $value))
 				return NULL;
 		break;
 		case 'plugin':
@@ -22,7 +22,7 @@ function validate_get($value, $type) {
 		break;
 		case 'pinstance':
 		case 'tinstance':
-			if (!preg_match('/^[\d\w-]+$/u', $value))
+			if (!preg_match('/^[\w-]+$/u', $value))
 				return NULL;
 		break;
 	}
-- 
cgit v1.1