commit 4d8675b123548e54469d7eb130e1f524e2b53f75
parent f55cc6969452e4128ae1a55515e1b67664eacfe0
Author: dankert <devnull@localhost>
Date: Wed, 16 Sep 2009 00:37:44 +0200
Eingabe von Sonderzeichen, welches die Sicherheitsprüfung bisher ablehnte.
Diffstat:
6 files changed, 28 insertions(+), 19 deletions(-)
diff --git a/actionClasses/Action.class.php b/actionClasses/Action.class.php
@@ -132,11 +132,20 @@ class Action
return Text::clean($value,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz');
case 'alphanum':
- default:
$value = $REQ[ $varName ];
- return Text::clean($value,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 ,._-/:=()');
+ return Text::clean($value,'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789.,_-');
+
+ case 'full':
+ default:
+ $value = $REQ[ $varName ];
+ $allowed = ' ';
+ for ($i = 40; $i <= 59; $i++) $allowed .= chr($i); // Zahlen
+ for ($i = 65; $i <= 93; $i++) $allowed .= chr($i); // ABC
+ for ($i = 97; $i <= 122; $i++) $allowed .= chr($i); // abc
+ for ($i = 192; $i <= 255; $i++) $allowed .= chr($i); // Sonderzeichen
+ return Text::clean($value,$allowed);
- case 'num':
+ case 'num':
case '123':
$value = $REQ[ $varName ];
return Text::clean($value,'1234567890.');
diff --git a/actionClasses/FileAction.class.php b/actionClasses/FileAction.class.php
@@ -89,10 +89,10 @@ class FileAction extends ObjectAction
function saveprop()
{
// Eigenschaften speichern
- $this->file->filename = $this->getRequestVar('filename' );
- $this->file->name = $this->getRequestVar('name' );
- $this->file->extension = $this->getRequestVar('extension' );
- $this->file->desc = $this->getRequestVar('description');
+ $this->file->filename = $this->getRequestVar('filename' ,'alphanum');
+ $this->file->name = $this->getRequestVar('name' ,'full' );
+ $this->file->extension = $this->getRequestVar('extension' ,'alphanum');
+ $this->file->desc = $this->getRequestVar('description','full' );
$this->file->save();
$this->file->setTimestamp();
diff --git a/actionClasses/FolderAction.class.php b/actionClasses/FolderAction.class.php
@@ -495,9 +495,9 @@ class FolderAction extends ObjectAction
{
// Ordnereigenschaften speichern
if ( $this->getRequestVar('name') != '' )
- $this->folder->name = $this->getRequestVar('name' );
+ $this->folder->name = $this->getRequestVar('name' ,'full');
elseif ($this->getRequestVar('filename') != '' )
- $this->folder->name = $this->getRequestVar('filename');
+ $this->folder->name = $this->getRequestVar('filename','alphanum');
else
{
$this->addValidationError('name');
@@ -506,8 +506,8 @@ class FolderAction extends ObjectAction
return;
}
- $this->folder->filename = $this->getRequestVar('filename' );
- $this->folder->desc = $this->getRequestVar('description');
+ $this->folder->filename = $this->getRequestVar('filename' ,'alphanum');
+ $this->folder->desc = $this->getRequestVar('description','full' );
$this->folder->save();
$this->addNotice($this->folder->getType(),$this->folder->name,'PROP_SAVED','ok');
}
diff --git a/actionClasses/IndexAction.class.php b/actionClasses/IndexAction.class.php
@@ -589,9 +589,9 @@ class IndexAction extends Action
$openid_user = $this->getRequestVar('openid_url' );
$loginName = $this->getRequestVar('login_name' ,'alphanum');
- $loginPassword = $this->getRequestVar('login_password');
- $newPassword1 = $this->getRequestVar('password1' );
- $newPassword2 = $this->getRequestVar('password2' );
+ $loginPassword = $this->getRequestVar('login_password','alphanum');
+ $newPassword1 = $this->getRequestVar('password1' ,'alphanum');
+ $newPassword2 = $this->getRequestVar('password2' ,'alphanum');
// Login mit Open-Id.
if ( !empty($openid_user) )
diff --git a/actionClasses/LinkAction.class.php b/actionClasses/LinkAction.class.php
@@ -110,8 +110,8 @@ class LinkAction extends ObjectAction
if ( $this->getRequestVar('name') != '' )
{
// Eigenschaften speichern
- $this->link->name = $this->getRequestVar('name' );
- $this->link->desc = $this->getRequestVar('description');
+ $this->link->name = $this->getRequestVar('name' ,'full');
+ $this->link->desc = $this->getRequestVar('description','full');
$this->link->save();
$this->link->setTimestamp();
diff --git a/actionClasses/PageAction.class.php b/actionClasses/PageAction.class.php
@@ -305,9 +305,9 @@ class PageAction extends ObjectAction
{
if ( $this->getRequestVar('name')!='' )
{
- $this->page->name = $this->getRequestVar('name' );
- $this->page->filename = $this->getRequestVar('filename' );
- $this->page->desc = $this->getRequestVar('description');
+ $this->page->name = $this->getRequestVar('name' ,'full' );
+ $this->page->filename = $this->getRequestVar('filename' ,'alphanum');
+ $this->page->desc = $this->getRequestVar('description','full' );
$this->page->save();
$this->addNotice($this->page->getType(),$this->page->name,'PROP_SAVED','ok');