openrat-cms

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs
commit 4d8675b123548e54469d7eb130e1f524e2b53f75
parent f55cc6969452e4128ae1a55515e1b67664eacfe0
Author: dankert <devnull@localhost>
Date:   Wed, 16 Sep 2009 00:37:44 +0200

Eingabe von Sonderzeichen, welches die Sicherheitsprüfung bisher ablehnte.

Diffstat:

actionClasses/Action.class.php | 15++++++++++++---


actionClasses/FileAction.class.php | 8++++----


actionClasses/FolderAction.class.php | 8++++----


actionClasses/IndexAction.class.php | 6+++---


actionClasses/LinkAction.class.php | 4++--


actionClasses/PageAction.class.php | 6+++---


6 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/actionClasses/Action.class.php b/actionClasses/Action.class.php
@@ -132,11 +132,20 @@ class Action
 				return Text::clean($value,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz');
 				
 			case 'alphanum':
-			default:
 				$value  = $REQ[ $varName ];
-				return Text::clean($value,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 ,._-/:=()');
+				return Text::clean($value,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.,_-');
+				
+			case 'full':
+			default:
+				$value   = $REQ[ $varName ];
+				$allowed = ' ';
+				for ($i =  40; $i <=  59; $i++) $allowed .= chr($i);  // Zahlen 
+				for ($i =  65; $i <=  93; $i++) $allowed .= chr($i);  // ABC
+				for ($i =  97; $i <= 122; $i++) $allowed .= chr($i);  // abc
+				for ($i = 192; $i <= 255; $i++) $allowed .= chr($i);  // Sonderzeichen
+				return Text::clean($value,$allowed);
 				
-			case 'num':
+				case 'num':
 			case '123':
 				$value  = $REQ[ $varName ];
 				return Text::clean($value,'1234567890.');
diff --git a/actionClasses/FileAction.class.php b/actionClasses/FileAction.class.php
@@ -89,10 +89,10 @@ class FileAction extends ObjectAction
 	function saveprop()
 	{
 		// Eigenschaften speichern
-		$this->file->filename  = $this->getRequestVar('filename'   );
-		$this->file->name      = $this->getRequestVar('name'       );
-		$this->file->extension = $this->getRequestVar('extension'  );
-		$this->file->desc      = $this->getRequestVar('description');
+		$this->file->filename  = $this->getRequestVar('filename'   ,'alphanum');
+		$this->file->name      = $this->getRequestVar('name'       ,'full'    );
+		$this->file->extension = $this->getRequestVar('extension'  ,'alphanum');
+		$this->file->desc      = $this->getRequestVar('description','full'    );
 		
 		$this->file->save();
 		$this->file->setTimestamp();
diff --git a/actionClasses/FolderAction.class.php b/actionClasses/FolderAction.class.php
@@ -495,9 +495,9 @@ class FolderAction extends ObjectAction
 	{
 		// Ordnereigenschaften speichern
 		if   ( $this->getRequestVar('name') != '' )
-			$this->folder->name     = $this->getRequestVar('name'    );
+			$this->folder->name     = $this->getRequestVar('name'    ,'full');
 		elseif ($this->getRequestVar('filename') != '' )
-		 	$this->folder->name     = $this->getRequestVar('filename');
+		 	$this->folder->name     = $this->getRequestVar('filename','alphanum');
 		else
 		{
 			$this->addValidationError('name');
@@ -506,8 +506,8 @@ class FolderAction extends ObjectAction
 			return;
 		}
 		
-		$this->folder->filename = $this->getRequestVar('filename'   );
-		$this->folder->desc     = $this->getRequestVar('description');
+		$this->folder->filename = $this->getRequestVar('filename'   ,'alphanum');
+		$this->folder->desc     = $this->getRequestVar('description','full'    );
 		$this->folder->save();
 		$this->addNotice($this->folder->getType(),$this->folder->name,'PROP_SAVED','ok');
 	}
diff --git a/actionClasses/IndexAction.class.php b/actionClasses/IndexAction.class.php
@@ -589,9 +589,9 @@ class IndexAction extends Action
 
 		$openid_user   = $this->getRequestVar('openid_url'    );
 		$loginName     = $this->getRequestVar('login_name'    ,'alphanum');
-		$loginPassword = $this->getRequestVar('login_password');
-		$newPassword1  = $this->getRequestVar('password1'     );
-		$newPassword2  = $this->getRequestVar('password2'     );
+		$loginPassword = $this->getRequestVar('login_password','alphanum');
+		$newPassword1  = $this->getRequestVar('password1'     ,'alphanum');
+		$newPassword2  = $this->getRequestVar('password2'     ,'alphanum');
 		
 		// Login mit Open-Id.
 		if	( !empty($openid_user) )
diff --git a/actionClasses/LinkAction.class.php b/actionClasses/LinkAction.class.php
@@ -110,8 +110,8 @@ class LinkAction extends ObjectAction
 		if   ( $this->getRequestVar('name') != '' )
 		{
 			// Eigenschaften speichern
-			$this->link->name      = $this->getRequestVar('name'       );
-			$this->link->desc      = $this->getRequestVar('description');
+			$this->link->name      = $this->getRequestVar('name'       ,'full');
+			$this->link->desc      = $this->getRequestVar('description','full');
 
 			$this->link->save();
 			$this->link->setTimestamp();
diff --git a/actionClasses/PageAction.class.php b/actionClasses/PageAction.class.php
@@ -305,9 +305,9 @@ class PageAction extends ObjectAction
 	{
 		if   ( $this->getRequestVar('name')!='' )
 		{
-			$this->page->name        = $this->getRequestVar('name'       );
-			$this->page->filename    = $this->getRequestVar('filename'   );
-			$this->page->desc        = $this->getRequestVar('description');
+			$this->page->name        = $this->getRequestVar('name'       ,'full'    );
+			$this->page->filename    = $this->getRequestVar('filename'   ,'alphanum');
+			$this->page->desc        = $this->getRequestVar('description','full'    );
 
 			$this->page->save();
 			$this->addNotice($this->page->getType(),$this->page->name,'PROP_SAVED','ok');