Mikolaj Zalewski : validate input data

Alexandre Julliard julliard at winehq.org
Fri Jun 19 08:36:17 CDT 2009 

Module: tools
Branch: master
Commit: f2025b7ccbc06e57180926c337b2ac82a42c741d
URL:    http://source.winehq.org/git/tools.git/?a=commit;h=f2025b7ccbc06e57180926c337b2ac82a42c741d

Author: Mikolaj Zalewski <mikolajz at tygrys.dom>
Date:   Wed Feb 13 20:06:21 2008 +0100

validate input data

---

 php/lib.php      |   21 +++++++++++++++++++++
 php/resfile.php  |    2 +-
 php/resource.php |    6 +++---
 3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/php/lib.php b/php/lib.php
index e5e68b7..8b6a95e 100644
--- a/php/lib.php
+++ b/php/lib.php
@@ -12,6 +12,27 @@ function validate_lang($id)
     return $lang;
 }
 
+function validate_type($type)
+{
+    if (!preg_match("/^[0-9]+$/", $type))
+        die("Invalid type");
+    return $type;
+}
+
+function validate_resfile($resfile)
+{
+    if (!preg_match("*^[a-zA-Z0-9/.-_]+$*", $resfile))
+        die("Invalid resource file");
+    return $resfile;
+}
+
+function validate_id($id)
+{
+    if (!preg_match("/^[a-zA-Z0-9_]+$/", $id))
+        die("Invalid resource file");
+    return $id;
+}
+
 function get_lang_name($id)
 {
     global $DATAROOT;
diff --git a/php/resfile.php b/php/resfile.php
index 6685c50..facf721 100644
--- a/php/resfile.php
+++ b/php/resfile.php
@@ -3,7 +3,7 @@ include("config.php");
 include("lib.php");
 
 $lang = validate_lang($_REQUEST['lang']);
-$resfile = $_REQUEST['resfile'];
+$resfile = validate_resfile($_REQUEST['resfile']);
     
 $file = fopen("$DATAROOT/langs/$lang", "r");
 $msgs = array();
diff --git a/php/resource.php b/php/resource.php
index 5c7cbba..2d9602d 100644
--- a/php/resource.php
+++ b/php/resource.php
@@ -3,9 +3,9 @@ include("config.php");
 include("lib.php");
 
 $lang = validate_lang($_REQUEST['lang']);
-$resfile = $_REQUEST['resfile'];
-$type = $_REQUEST['type'];
-$id = $_REQUEST['id'];
+$resfile = validate_resfile($_REQUEST['resfile']);
+$type = validate_type($_REQUEST['type']);
+$id = validate_id($_REQUEST['id']);
     
 $norm_fn = preg_replace("/[^A-Za-z0-9]/", "-", $resfile);
 $file = fopen("$DATAROOT/dumps/$norm_fn/$lang-$type-$id", "r");

More information about the wine-cvs mailing list