Mibew/i18n
1
0
Fork 0
mirror of https://github.com/Mibew/i18n.git synced 2025-01-22 21:40:28 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix regular expressions for integer IDs

Browse Source
This commit is contained in:
Fedor A. Fetisov 2013-09-13 20:18:06 +04:00
parent d7c18215c5
commit d9a8afeb57
21 changed files with 37 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/messenger/webim/b.php
View File

@ -37,7 +37,7 @@ if(!$lang || !locale_pattern_check($lang) || !locale_exists($lang)) {
$lang = $current_locale; $lang = $current_locale;
} }
$groupid = verifyparam( "group", "/^\d{1,8}$/", ""); $groupid = verifyparam( "group", "/^\d{1,10}$/", "");
if($groupid) { if($groupid) {
loadsettings(); loadsettings();
if($settings['enablegroups'] == '1') { if($settings['enablegroups'] == '1') {

6
src/messenger/webim/client.php
View File

@ -47,7 +47,7 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) {
$groupid = ""; $groupid = "";
$groupname = ""; $groupname = "";
if($settings['enablegroups'] == '1') { if($settings['enablegroups'] == '1') {
$groupid = verifyparam( "group", "/^\d{1,8}$/", ""); $groupid = verifyparam( "group", "/^\d{1,10}$/", "");
if($groupid) { if($groupid) {
$group = group_by_id($groupid); $group = group_by_id($groupid);
if(!$group) { if(!$group) {
@ -155,8 +155,8 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) {
exit; exit;
} }
$token = verifyparam( "token", "/^\d{1,8}$/"); $token = verifyparam( "token", "/^\d{1,10}$/");
$threadid = verifyparam( "thread", "/^\d{1,8}$/"); $threadid = verifyparam( "thread", "/^\d{1,10}$/");
$level = verifyparam( "level", "/^(ajaxed|simple|old)$/"); $level = verifyparam( "level", "/^(ajaxed|simple|old)$/");
$thread = thread_by_id($threadid); $thread = thread_by_id($threadid);

2
src/messenger/webim/leavemessage.php
View File

@ -50,7 +50,7 @@ $groupname = "";
$group = NULL; $group = NULL;
loadsettings(); loadsettings();
if($settings['enablegroups'] == '1') { if($settings['enablegroups'] == '1') {
$groupid = verifyparam( "group", "/^\d{1,8}$/", ""); $groupid = verifyparam( "group", "/^\d{1,10}$/", "");
if($groupid) { if($groupid) {
$group = group_by_id($groupid); $group = group_by_id($groupid);
if(!$group) { if(!$group) {

2
src/messenger/webim/libs/getcode.php
View File

@ -61,7 +61,7 @@ function verifyparam_groupid($paramid)
global $settings, $errors; global $settings, $errors;
$groupid = ""; $groupid = "";
if ($settings['enablegroups'] == '1') { if ($settings['enablegroups'] == '1') {
$groupid = verifyparam($paramid, "/^\d{0,8}$/", ""); $groupid = verifyparam($paramid, "/^\d{0,10}$/", "");
if ($groupid) { if ($groupid) {
$group = group_by_id($groupid); $group = group_by_id($groupid);
if (!$group) { if (!$group) {

4
src/messenger/webim/mail.php
View File

@ -23,8 +23,8 @@ require_once('libs/notify.php');
$errors = array(); $errors = array();
$page = array(); $page = array();
$token = verifyparam( "token", "/^\d{1,8}$/"); $token = verifyparam( "token", "/^\d{1,10}$/");
$threadid = verifyparam( "thread", "/^\d{1,8}$/"); $threadid = verifyparam( "thread", "/^\d{1,10}$/");
$thread = thread_by_id($threadid); $thread = thread_by_id($threadid);
if( !$thread || !isset($thread['ltoken']) || $token != $thread['ltoken'] ) { if( !$thread || !isset($thread['ltoken']) || $token != $thread['ltoken'] ) {

4
src/messenger/webim/operator/agent.php
View File

@ -37,7 +37,7 @@ if ($settings['enablessl'] == "1" && $settings['forcessl'] == "1") {
} }
} }
$threadid = verifyparam("thread", "/^\d{1,8}$/"); $threadid = verifyparam("thread", "/^\d{1,10}$/");
if (!isset($_GET['token'])) { if (!isset($_GET['token'])) {
@ -87,7 +87,7 @@ if (!isset($_GET['token'])) {
exit; exit;
} }
$token = verifyparam("token", "/^\d{1,8}$/"); $token = verifyparam("token", "/^\d{1,10}$/");
$thread = thread_by_id($threadid); $thread = thread_by_id($threadid);
if (!$thread || !isset($thread['ltoken']) || $token != $thread['ltoken']) { if (!$thread || !isset($thread['ltoken']) || $token != $thread['ltoken']) {

2
src/messenger/webim/operator/avatar.php
View File

@ -22,7 +22,7 @@ require_once('../libs/operator_settings.php');
$operator = check_login(); $operator = check_login();
csrfchecktoken(); csrfchecktoken();
$opId = verifyparam("op", "/^\d{1,9}$/"); $opId = verifyparam("op", "/^\d{1,10}$/");
$page = array('opid' => $opId, 'avatar' => ''); $page = array('opid' => $opId, 'avatar' => '');
$errors = array(); $errors = array();

6
src/messenger/webim/operator/ban.php
View File

@ -30,7 +30,7 @@ $page['threadid'] = '';
$errors = array(); $errors = array();
if (isset($_POST['address'])) { if (isset($_POST['address'])) {
$banId = verifyparam("banId", "/^(\d{1,9})?$/", ""); $banId = verifyparam("banId", "/^(\d{1,10})?$/", "");
$address = getparam("address"); $address = getparam("address");
$days = getparam("days"); $days = getparam("days");
$comment = getparam('comment'); $comment = getparam('comment');
@ -93,7 +93,7 @@ if (isset($_POST['address'])) {
$page['threadid'] = $threadid; $page['threadid'] = $threadid;
} }
} else if (isset($_GET['id'])) { } else if (isset($_GET['id'])) {
$banId = verifyparam('id', "/^\d{1,9}$/"); $banId = verifyparam('id', "/^\d{1,10}$/");
$link = connect(); $link = connect();
$ban = select_one_row("select banid,(unix_timestamp(dtmtill)-unix_timestamp(CURRENT_TIMESTAMP)) as days,address,comment from ${mysqlprefix}chatban where banid = " . intval($banId), $link); $ban = select_one_row("select banid,(unix_timestamp(dtmtill)-unix_timestamp(CURRENT_TIMESTAMP)) as days,address,comment from ${mysqlprefix}chatban where banid = " . intval($banId), $link);
mysql_close($link); mysql_close($link);
@ -107,7 +107,7 @@ if (isset($_POST['address'])) {
$errors[] = "Wrong id"; $errors[] = "Wrong id";
} }
} else if (isset($_GET['thread'])) { } else if (isset($_GET['thread'])) {
$threadid = verifyparam('thread', "/^\d{1,9}$/"); $threadid = verifyparam('thread', "/^\d{1,10}$/");
$thread = thread_by_id($threadid); $thread = thread_by_id($threadid);
if ($thread) { if ($thread) {
$page['thread'] = topage($thread['userName']); $page['thread'] = topage($thread['userName']);

2
src/messenger/webim/operator/canned.php
View File

@ -78,7 +78,7 @@ if (!$lang || !in_array($lang, $all_locales)) {
$groupid = ""; $groupid = "";
if ($settings['enablegroups'] == '1') { if ($settings['enablegroups'] == '1') {
$groupid = verifyparam("group", "/^\d{0,8}$/", ""); $groupid = verifyparam("group", "/^\d{0,10}$/", "");
if ($groupid) { if ($groupid) {
$group = group_by_id($groupid); $group = group_by_id($groupid);
if (!$group) { if (!$group) {

4
src/messenger/webim/operator/cannededit.php
View File

@ -51,7 +51,7 @@ $operator = check_login();
csrfchecktoken(); csrfchecktoken();
loadsettings(); loadsettings();
$stringid = verifyparam("key", "/^\d{0,9}$/", ""); $stringid = verifyparam("key", "/^\d{0,10}$/", "");
$errors = array(); $errors = array();
$page = array(); $page = array();
@ -67,7 +67,7 @@ if ($stringid) {
$page['locale'] = verifyparam("lang", "/^[\w-]{2,5}$/", ""); $page['locale'] = verifyparam("lang", "/^[\w-]{2,5}$/", "");
$page['groupid'] = ""; $page['groupid'] = "";
if ($settings['enablegroups'] == '1') { if ($settings['enablegroups'] == '1') {
$page['groupid'] = verifyparam("group", "/^\d{0,8}$/"); $page['groupid'] = verifyparam("group", "/^\d{0,10}$/");
} }
} }

4
src/messenger/webim/operator/group.php
View File

@ -74,7 +74,7 @@ function update_group($groupid, $name, $descr, $commonname, $commondescr, $email
if (isset($_POST['name'])) { if (isset($_POST['name'])) {
$groupid = verifyparam("gid", "/^(\d{1,9})?$/", ""); $groupid = verifyparam("gid", "/^(\d{1,10})?$/", "");
$name = getparam('name'); $name = getparam('name');
$description = getparam('description'); $description = getparam('description');
$commonname = getparam('commonname'); $commonname = getparam('commonname');
@ -112,7 +112,7 @@ if (isset($_POST['name'])) {
} }
} else if (isset($_GET['gid'])) { } else if (isset($_GET['gid'])) {
$groupid = verifyparam('gid', "/^\d{1,9}$/"); $groupid = verifyparam('gid', "/^\d{1,10}$/");
$group = group_by_id($groupid); $group = group_by_id($groupid);
if (!$group) { if (!$group) {

2
src/messenger/webim/operator/groupmembers.php
View File

@ -54,7 +54,7 @@ function get_operators()
return $result; return $result;
} }
$groupid = verifyparam("gid", "/^\d{1,9}$/"); $groupid = verifyparam("gid", "/^\d{1,10}$/");
$page = array('groupid' => $groupid); $page = array('groupid' => $groupid);
$page['operators'] = get_operators(); $page['operators'] = get_operators();
$errors = array(); $errors = array();

2
src/messenger/webim/operator/notification.php
View File

@ -37,7 +37,7 @@ function notification_info($id)
} }
$notificationid = verifyparam("id", "/^(\d{1,9})$/"); $notificationid = verifyparam("id", "/^(\d{1,10})$/");
$page['notification'] = notification_info($notificationid); $page['notification'] = notification_info($notificationid);
prepare_menu($operator, false); prepare_menu($operator, false);

4
src/messenger/webim/operator/operator.php
View File

@ -28,7 +28,7 @@ $opId = '';
loadsettings(); loadsettings();
if (isset($_POST['login']) && isset($_POST['password'])) { if (isset($_POST['login']) && isset($_POST['password'])) {
$opId = verifyparam("opid", "/^(\d{1,9})?$/", ""); $opId = verifyparam("opid", "/^(\d{1,10})?$/", "");
$login = getparam('login'); $login = getparam('login');
$email = getparam('email'); $email = getparam('email');
$jabber = getparam('jabber'); $jabber = getparam('jabber');
@ -111,7 +111,7 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
} }
} else if (isset($_GET['op'])) { } else if (isset($_GET['op'])) {
$opId = verifyparam('op', "/^\d{1,9}$/"); $opId = verifyparam('op', "/^\d{1,10}$/");
$op = operator_by_id($opId); $op = operator_by_id($opId);
if (!$op) { if (!$op) {

2
src/messenger/webim/operator/opgroups.php
View File

@ -34,7 +34,7 @@ function update_operator_groups($operatorid, $newvalue)
} }
$opId = verifyparam("op", "/^\d{1,9}$/"); $opId = verifyparam("op", "/^\d{1,10}$/");
$page = array('opid' => $opId); $page = array('opid' => $opId);
$link = connect(); $link = connect();
$page['groups'] = get_all_groups($link); $page['groups'] = get_all_groups($link);

2
src/messenger/webim/operator/permissions.php
View File

@ -31,7 +31,7 @@ function update_operator_permissions($operatorid, $newvalue)
mysql_close($link); mysql_close($link);
} }
$opId = verifyparam("op", "/^\d{1,9}$/"); $opId = verifyparam("op", "/^\d{1,10}$/");
$page = array('opid' => $opId, 'canmodify' => is_capable($can_administrate, $operator) ? "1" : ""); $page = array('opid' => $opId, 'canmodify' => is_capable($can_administrate, $operator) ? "1" : "");
$errors = array(); $errors = array();

8
src/messenger/webim/operator/redirect.php
View File

@ -23,8 +23,8 @@ require_once('../libs/groups.php');
$operator = check_login(); $operator = check_login();
$threadid = verifyparam("thread", "/^\d{1,8}$/"); $threadid = verifyparam("thread", "/^\d{1,10}$/");
$token = verifyparam("token", "/^\d{1,8}$/"); $token = verifyparam("token", "/^\d{1,10}$/");
$thread = thread_by_id($threadid); $thread = thread_by_id($threadid);
if (!$thread || !isset($thread['ltoken']) || $token != $thread['ltoken']) { if (!$thread || !isset($thread['ltoken']) || $token != $thread['ltoken']) {
@ -35,7 +35,7 @@ $page = array();
$errors = array(); $errors = array();
if (isset($_GET['nextGroup'])) { if (isset($_GET['nextGroup'])) {
$nextid = verifyparam("nextGroup", "/^\d{1,8}$/"); $nextid = verifyparam("nextGroup", "/^\d{1,10}$/");
$nextGroup = group_by_id($nextid); $nextGroup = group_by_id($nextid);
if ($nextGroup) { if ($nextGroup) {
@ -56,7 +56,7 @@ if (isset($_GET['nextGroup'])) {
} }
} else { } else {
$nextid = verifyparam("nextAgent", "/^\d{1,8}$/"); $nextid = verifyparam("nextAgent", "/^\d{1,10}$/");
$nextOperator = operator_by_id($nextid); $nextOperator = operator_by_id($nextid);
if ($nextOperator) { if ($nextOperator) {

2
src/messenger/webim/operator/resetpwd.php
View File

@ -22,7 +22,7 @@ require_once('../libs/settings.php');
$errors = array(); $errors = array();
$page = array('version' => $version, 'showform' => true); $page = array('version' => $version, 'showform' => true);
$opId = verifyparam("id", "/^\d{1,9}$/"); $opId = verifyparam("id", "/^\d{1,10}$/");
$token = verifyparam("token", "/^[\dabcdef]+$/"); $token = verifyparam("token", "/^[\dabcdef]+$/");
$operator = operator_by_id($opId); $operator = operator_by_id($opId);

2
src/messenger/webim/operator/threadprocessor.php
View File

@ -42,7 +42,7 @@ function thread_info($id)
if (isset($_GET['threadid'])) { if (isset($_GET['threadid'])) {
$threadid = verifyparam("threadid", "/^(\d{1,9})?$/", ""); $threadid = verifyparam("threadid", "/^(\d{1,10})?$/", "");
$lastid = -1; $lastid = -1;
$page['threadMessages'] = get_messages($threadid, "html", false, $lastid); $page['threadMessages'] = get_messages($threadid, "html", false, $lastid);
$page['thread'] = thread_info($threadid); $page['thread'] = thread_info($threadid);

2
src/messenger/webim/operator/update.php
View File

@ -167,7 +167,7 @@ function print_operators()
echo "</operators>"; echo "</operators>";
} }
$since = verifyparam("since", "/^\d{1,9}$/", 0); $since = verifyparam("since", "/^\d{1,10}$/", 0);
$status = verifyparam("status", "/^\d{1,2}$/", 0); $status = verifyparam("status", "/^\d{1,2}$/", 0);
$showonline = verifyparam("showonline", "/^1$/", 0); $showonline = verifyparam("showonline", "/^1$/", 0);

10
src/messenger/webim/thread.php
View File

@ -20,15 +20,15 @@ require_once('libs/chat.php');
require_once('libs/operator.php'); require_once('libs/operator.php');
$act = verifyparam( "act", "/^(refresh|post|rename|close|ping)$/"); $act = verifyparam( "act", "/^(refresh|post|rename|close|ping)$/");
$token = verifyparam( "token", "/^\d{1,9}$/"); $token = verifyparam( "token", "/^\d{1,10}$/");
$threadid = verifyparam( "thread", "/^\d{1,9}$/"); $threadid = verifyparam( "thread", "/^\d{1,10}$/");
$isuser = verifyparam( "user", "/^true$/", "false") == 'true'; $isuser = verifyparam( "user", "/^true$/", "false") == 'true';
$outformat = ((verifyparam( "html", "/^on$/", "off") == 'on') ? "html" : "xml"); $outformat = ((verifyparam( "html", "/^on$/", "off") == 'on') ? "html" : "xml");
$istyping = verifyparam( "typed", "/^1$/", "") == '1'; $istyping = verifyparam( "typed", "/^1$/", "") == '1';
if($threadid == 0 && ($token == 123 || $token == 124)) { if($threadid == 0 && ($token == 123 || $token == 124)) {
require_once('libs/demothread.php'); require_once('libs/demothread.php');
$lastid = verifyparam( "lastid", "/^\d{1,9}$/", 0); $lastid = verifyparam( "lastid", "/^\d{1,10}$/", 0);
demo_process_thread($act,$outformat,$lastid,$isuser,$token == 123,$istyping,$act=="post"?getrawparam('message') : ""); demo_process_thread($act,$outformat,$lastid,$isuser,$token == 123,$istyping,$act=="post"?getrawparam('message') : "");
exit; exit;
} }
@ -58,12 +58,12 @@ if( !$isuser && $act != "rename" ) {
} }
if( $act == "refresh" ) { if( $act == "refresh" ) {
$lastid = verifyparam( "lastid", "/^\d{1,9}$/", -1); $lastid = verifyparam( "lastid", "/^\d{1,10}$/", -1);
print_thread_messages($thread, $token, $lastid, $isuser,$outformat, $isuser ? null : $operator['operatorid']); print_thread_messages($thread, $token, $lastid, $isuser,$outformat, $isuser ? null : $operator['operatorid']);
exit; exit;
} else if( $act == "post" ) { } else if( $act == "post" ) {
$lastid = verifyparam( "lastid", "/^\d{1,9}$/", -1); $lastid = verifyparam( "lastid", "/^\d{1,10}$/", -1);
$message = getrawparam('message'); $message = getrawparam('message');
$kind = $isuser ? $kind_user : $kind_agent; $kind = $isuser ? $kind_user : $kind_agent;