Mibew/i18n
1
0
Fork 0
mirror of https://github.com/Mibew/i18n.git synced 2025-01-22 21:40:28 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix regular expressions for integer IDs

Browse Source
This commit is contained in:
Fedor A. Fetisov 2013-09-13 20:18:06 +04:00
parent d7c18215c5
commit d9a8afeb57
21 changed files with 37 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/messenger/webim/b.php
View File

@ -37,7 +37,7 @@ if(!$lang || !locale_pattern_check($lang) || !locale_exists($lang)) {
$lang = $current_locale;
}
$groupid = verifyparam( "group", "/^\d{1,8}$/", "");
$groupid = verifyparam( "group", "/^\d{1,10}$/", "");
if($groupid) {
loadsettings();
if($settings['enablegroups'] == '1') {

6
src/messenger/webim/client.php
View File

@ -47,7 +47,7 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) {
$groupid = "";
$groupname = "";
if($settings['enablegroups'] == '1') {
$groupid = verifyparam( "group", "/^\d{1,8}$/", "");
$groupid = verifyparam( "group", "/^\d{1,10}$/", "");
if($groupid) {
$group = group_by_id($groupid);
if(!$group) {
@ -155,8 +155,8 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) {
exit;
}
$token = verifyparam( "token", "/^\d{1,8}$/");
$threadid = verifyparam( "thread", "/^\d{1,8}$/");
$token = verifyparam( "token", "/^\d{1,10}$/");
$threadid = verifyparam( "thread", "/^\d{1,10}$/");
$level = verifyparam( "level", "/^(ajaxed|simple|old)$/");
$thread = thread_by_id($threadid);

2
src/messenger/webim/leavemessage.php
View File

@ -50,7 +50,7 @@ $groupname = "";
$group = NULL;
loadsettings();
if($settings['enablegroups'] == '1') {
$groupid = verifyparam( "group", "/^\d{1,8}$/", "");
$groupid = verifyparam( "group", "/^\d{1,10}$/", "");
if($groupid) {
$group = group_by_id($groupid);
if(!$group) {

2
src/messenger/webim/libs/getcode.php
View File

@ -61,7 +61,7 @@ function verifyparam_groupid($paramid)
global $settings, $errors;
$groupid = "";
if ($settings['enablegroups'] == '1') {
$groupid = verifyparam($paramid, "/^\d{0,8}$/", "");
$groupid = verifyparam($paramid, "/^\d{0,10}$/", "");
if ($groupid) {
$group = group_by_id($groupid);
if (!$group) {

4
src/messenger/webim/mail.php
View File

@ -23,8 +23,8 @@ require_once('libs/notify.php');
$errors = array();
$page = array();
$token = verifyparam( "token", "/^\d{1,8}$/");
$threadid = verifyparam( "thread", "/^\d{1,8}$/");
$token = verifyparam( "token", "/^\d{1,10}$/");
$threadid = verifyparam( "thread", "/^\d{1,10}$/");
$thread = thread_by_id($threadid);
if( !$thread || !isset($thread['ltoken']) || $token != $thread['ltoken'] ) {

4
src/messenger/webim/operator/agent.php
View File

@ -37,7 +37,7 @@ if ($settings['enablessl'] == "1" && $settings['forcessl'] == "1") {
}
}
$threadid = verifyparam("thread", "/^\d{1,8}$/");
$threadid = verifyparam("thread", "/^\d{1,10}$/");
if (!isset($_GET['token'])) {
@ -87,7 +87,7 @@ if (!isset($_GET['token'])) {
exit;
}
$token = verifyparam("token", "/^\d{1,8}$/");
$token = verifyparam("token", "/^\d{1,10}$/");
$thread = thread_by_id($threadid);
if (!$thread || !isset($thread['ltoken']) || $token != $thread['ltoken']) {

2
src/messenger/webim/operator/avatar.php
View File

@ -22,7 +22,7 @@ require_once('../libs/operator_settings.php');
$operator = check_login();
csrfchecktoken();
$opId = verifyparam("op", "/^\d{1,9}$/");
$opId = verifyparam("op", "/^\d{1,10}$/");
$page = array('opid' => $opId, 'avatar' => '');
$errors = array();

6
src/messenger/webim/operator/ban.php
View File

@ -30,7 +30,7 @@ $page['threadid'] = '';
$errors = array();
if (isset($_POST['address'])) {
$banId = verifyparam("banId", "/^(\d{1,9})?$/", "");
$banId = verifyparam("banId", "/^(\d{1,10})?$/", "");
$address = getparam("address");
$days = getparam("days");
$comment = getparam('comment');
@ -93,7 +93,7 @@ if (isset($_POST['address'])) {
$page['threadid'] = $threadid;
}
} else if (isset($_GET['id'])) {
$banId = verifyparam('id', "/^\d{1,9}$/");
$banId = verifyparam('id', "/^\d{1,10}$/");
$link = connect();
$ban = select_one_row("select banid,(unix_timestamp(dtmtill)-unix_timestamp(CURRENT_TIMESTAMP)) as days,address,comment from ${mysqlprefix}chatban where banid = " . intval($banId), $link);
mysql_close($link);
@ -107,7 +107,7 @@ if (isset($_POST['address'])) {
$errors[] = "Wrong id";
}
} else if (isset($_GET['thread'])) {
$threadid = verifyparam('thread', "/^\d{1,9}$/");
$threadid = verifyparam('thread', "/^\d{1,10}$/");
$thread = thread_by_id($threadid);
if ($thread) {
$page['thread'] = topage($thread['userName']);

2
src/messenger/webim/operator/canned.php
View File

@ -78,7 +78,7 @@ if (!$lang || !in_array($lang, $all_locales)) {
$groupid = "";
if ($settings['enablegroups'] == '1') {
$groupid = verifyparam("group", "/^\d{0,8}$/", "");
$groupid = verifyparam("group", "/^\d{0,10}$/", "");
if ($groupid) {
$group = group_by_id($groupid);
if (!$group) {

4
src/messenger/webim/operator/cannededit.php
View File

@ -51,7 +51,7 @@ $operator = check_login();
csrfchecktoken();
loadsettings();
$stringid = verifyparam("key", "/^\d{0,9}$/", "");
$stringid = verifyparam("key", "/^\d{0,10}$/", "");
$errors = array();
$page = array();
@ -67,7 +67,7 @@ if ($stringid) {
$page['locale'] = verifyparam("lang", "/^[\w-]{2,5}$/", "");
$page['groupid'] = "";
if ($settings['enablegroups'] == '1') {
$page['groupid'] = verifyparam("group", "/^\d{0,8}$/");
$page['groupid'] = verifyparam("group", "/^\d{0,10}$/");
}
}

4
src/messenger/webim/operator/group.php
View File

@ -74,7 +74,7 @@ function update_group($groupid, $name, $descr, $commonname, $commondescr, $email
if (isset($_POST['name'])) {
$groupid = verifyparam("gid", "/^(\d{1,9})?$/", "");
$groupid = verifyparam("gid", "/^(\d{1,10})?$/", "");
$name = getparam('name');
$description = getparam('description');
$commonname = getparam('commonname');
@ -112,7 +112,7 @@ if (isset($_POST['name'])) {
}
} else if (isset($_GET['gid'])) {
$groupid = verifyparam('gid', "/^\d{1,9}$/");
$groupid = verifyparam('gid', "/^\d{1,10}$/");
$group = group_by_id($groupid);
if (!$group) {

2
src/messenger/webim/operator/groupmembers.php
View File

@ -54,7 +54,7 @@ function get_operators()
return $result;
}
$groupid = verifyparam("gid", "/^\d{1,9}$/");
$groupid = verifyparam("gid", "/^\d{1,10}$/");
$page = array('groupid' => $groupid);
$page['operators'] = get_operators();
$errors = array();

2
src/messenger/webim/operator/notification.php
View File

@ -37,7 +37,7 @@ function notification_info($id)
}
$notificationid = verifyparam("id", "/^(\d{1,9})$/");
$notificationid = verifyparam("id", "/^(\d{1,10})$/");
$page['notification'] = notification_info($notificationid);
prepare_menu($operator, false);

4
src/messenger/webim/operator/operator.php
View File

@ -28,7 +28,7 @@ $opId = '';
loadsettings();
if (isset($_POST['login']) && isset($_POST['password'])) {
$opId = verifyparam("opid", "/^(\d{1,9})?$/", "");
$opId = verifyparam("opid", "/^(\d{1,10})?$/", "");
$login = getparam('login');
$email = getparam('email');
$jabber = getparam('jabber');
@ -111,7 +111,7 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
}
} else if (isset($_GET['op'])) {
$opId = verifyparam('op', "/^\d{1,9}$/");
$opId = verifyparam('op', "/^\d{1,10}$/");
$op = operator_by_id($opId);
if (!$op) {

2
src/messenger/webim/operator/opgroups.php
View File

@ -34,7 +34,7 @@ function update_operator_groups($operatorid, $newvalue)
}
$opId = verifyparam("op", "/^\d{1,9}$/");
$opId = verifyparam("op", "/^\d{1,10}$/");
$page = array('opid' => $opId);
$link = connect();
$page['groups'] = get_all_groups($link);

2
src/messenger/webim/operator/permissions.php
View File

@ -31,7 +31,7 @@ function update_operator_permissions($operatorid, $newvalue)
mysql_close($link);
}
$opId = verifyparam("op", "/^\d{1,9}$/");
$opId = verifyparam("op", "/^\d{1,10}$/");
$page = array('opid' => $opId, 'canmodify' => is_capable($can_administrate, $operator) ? "1" : "");
$errors = array();

8
src/messenger/webim/operator/redirect.php
View File

@ -23,8 +23,8 @@ require_once('../libs/groups.php');
$operator = check_login();
$threadid = verifyparam("thread", "/^\d{1,8}$/");
$token = verifyparam("token", "/^\d{1,8}$/");
$threadid = verifyparam("thread", "/^\d{1,10}$/");
$token = verifyparam("token", "/^\d{1,10}$/");
$thread = thread_by_id($threadid);
if (!$thread || !isset($thread['ltoken']) || $token != $thread['ltoken']) {
@ -35,7 +35,7 @@ $page = array();
$errors = array();
if (isset($_GET['nextGroup'])) {
$nextid = verifyparam("nextGroup", "/^\d{1,8}$/");
$nextid = verifyparam("nextGroup", "/^\d{1,10}$/");
$nextGroup = group_by_id($nextid);
if ($nextGroup) {
@ -56,7 +56,7 @@ if (isset($_GET['nextGroup'])) {
}
} else {
$nextid = verifyparam("nextAgent", "/^\d{1,8}$/");
$nextid = verifyparam("nextAgent", "/^\d{1,10}$/");
$nextOperator = operator_by_id($nextid);
if ($nextOperator) {

2
src/messenger/webim/operator/resetpwd.php
View File

@ -22,7 +22,7 @@ require_once('../libs/settings.php');
$errors = array();
$page = array('version' => $version, 'showform' => true);
$opId = verifyparam("id", "/^\d{1,9}$/");
$opId = verifyparam("id", "/^\d{1,10}$/");
$token = verifyparam("token", "/^[\dabcdef]+$/");
$operator = operator_by_id($opId);

2
src/messenger/webim/operator/threadprocessor.php
View File

@ -42,7 +42,7 @@ function thread_info($id)
if (isset($_GET['threadid'])) {
$threadid = verifyparam("threadid", "/^(\d{1,9})?$/", "");
$threadid = verifyparam("threadid", "/^(\d{1,10})?$/", "");
$lastid = -1;
$page['threadMessages'] = get_messages($threadid, "html", false, $lastid);
$page['thread'] = thread_info($threadid);

2
src/messenger/webim/operator/update.php
View File

@ -167,7 +167,7 @@ function print_operators()
echo "</operators>";
}
$since = verifyparam("since", "/^\d{1,9}$/", 0);
$since = verifyparam("since", "/^\d{1,10}$/", 0);
$status = verifyparam("status", "/^\d{1,2}$/", 0);
$showonline = verifyparam("showonline", "/^1$/", 0);

10
src/messenger/webim/thread.php
View File

@ -20,15 +20,15 @@ require_once('libs/chat.php');
require_once('libs/operator.php');
$act = verifyparam( "act", "/^(refresh|post|rename|close|ping)$/");
$token = verifyparam( "token", "/^\d{1,9}$/");
$threadid = verifyparam( "thread", "/^\d{1,9}$/");
$token = verifyparam( "token", "/^\d{1,10}$/");
$threadid = verifyparam( "thread", "/^\d{1,10}$/");
$isuser = verifyparam( "user", "/^true$/", "false") == 'true';
$outformat = ((verifyparam( "html", "/^on$/", "off") == 'on') ? "html" : "xml");
$istyping = verifyparam( "typed", "/^1$/", "") == '1';
if($threadid == 0 && ($token == 123 || $token == 124)) {
require_once('libs/demothread.php');
$lastid = verifyparam( "lastid", "/^\d{1,9}$/", 0);
$lastid = verifyparam( "lastid", "/^\d{1,10}$/", 0);
demo_process_thread($act,$outformat,$lastid,$isuser,$token == 123,$istyping,$act=="post"?getrawparam('message') : "");
exit;
}
@ -58,12 +58,12 @@ if( !$isuser && $act != "rename" ) {
}
if( $act == "refresh" ) {
$lastid = verifyparam( "lastid", "/^\d{1,9}$/", -1);
$lastid = verifyparam( "lastid", "/^\d{1,10}$/", -1);
print_thread_messages($thread, $token, $lastid, $isuser,$outformat, $isuser ? null : $operator['operatorid']);
exit;
} else if( $act == "post" ) {
$lastid = verifyparam( "lastid", "/^\d{1,9}$/", -1);
$lastid = verifyparam( "lastid", "/^\d{1,10}$/", -1);
$message = getrawparam('message');
$kind = $isuser ? $kind_user : $kind_agent;