diff options
| author | Tom N Harris <tnharris@whoopdedo.org> | 2012-06-24 18:24:07 -0400 |
|---|---|---|
| committer | Tom N Harris <tnharris@whoopdedo.org> | 2012-06-24 18:28:16 -0400 |
| commit | 4b530faa88b9afb8467805a9dde8204b9b0bd9fa (patch) | |
| tree | d2b800dadefb6fe2c3246b268fbcf85a020706f4 /install.php | |
| parent | bcc94b2c17efc51fd78a25db43058d10e685679d (diff) | |
| download | rpg-4b530faa88b9afb8467805a9dde8204b9b0bd9fa.tar.gz rpg-4b530faa88b9afb8467805a9dde8204b9b0bd9fa.tar.bz2 | |
validate inputs to install form
Diffstat (limited to 'install.php')
| -rw-r--r-- | install.php | 100 |
1 files changed, 63 insertions, 37 deletions
diff --git a/install.php b/install.php index 80e9ad407..698cd64c4 100644 --- a/install.php +++ b/install.php @@ -29,8 +29,10 @@ if (get_magic_quotes_gpc() && !defined('MAGIC_QUOTES_STRIPPED')) { // language strings require_once(DOKU_INC.'inc/lang/en/lang.php'); -$LC = preg_replace('/[^a-z\-]+/','',$_REQUEST['l']); -if(!$LC) $LC = 'en'; +if(isset($_REQUEST['l']) && !is_array($_REQUEST['l'])) { + $LC = preg_replace('/[^a-z\-]+/','',$_REQUEST['l']); +} +if(empty($LC)) $LC = 'en'; if($LC && $LC != 'en' ) { require_once(DOKU_INC.'inc/lang/'.$LC.'/lang.php'); } @@ -56,7 +58,6 @@ $dokuwiki_hash = array( ); - // begin output header('Content-Type: text/html; charset=utf-8'); ?> @@ -131,17 +132,16 @@ header('Content-Type: text/html; charset=utf-8'); }elseif(!check_configs()){ echo '<p>'.$lang['i_modified'].'</p>'; print_errors(); - }elseif($_REQUEST['submit']){ - if(!check_data($_REQUEST['d'])){ - print_errors(); - print_form($_REQUEST['d']); - }elseif(!store_data($_REQUEST['d'])){ + }elseif(check_data($_REQUEST['d'])){ + // check_data has sanitized all input parameters + if(!store_data($_REQUEST['d'])){ echo '<p>'.$lang['i_failure'].'</p>'; print_errors(); }else{ echo '<p>'.$lang['i_success'].'</p>'; } }else{ + print_errors(); print_form($_REQUEST['d']); } ?> @@ -252,41 +252,65 @@ function print_retry() { * @author Andreas Gohr */ function check_data(&$d){ + static $form_default = array( + 'title' => '', + 'acl' => '0', + 'superuser' => '', + 'fullname' => '', + 'email' => '', + 'password' => '', + 'confirm' => '', + 'policy' => '0', + 'license' => 'cc-by-sa' + ); global $lang; global $error; + if(!is_array($d)) $d = array(); + foreach($d as $k => $v) { + if(is_array($v)) + unset($d[$k]); + else + $d[$k] = (string)$v; + } + //autolowercase the username - $d['superuser'] = strtolower($d['superuser']); + $d['superuser'] = isset($d['superuser']) ? strtolower($d['superuser']) : ""; - $ok = true; + $ok = false; - // check input - if(empty($d['title'])){ - $error[] = sprintf($lang['i_badval'],$lang['i_wikiname']); - $ok = false; - } - if($d['acl']){ - if(!preg_match('/^[a-z0-9_]+$/',$d['superuser'])){ - $error[] = sprintf($lang['i_badval'],$lang['i_superuser']); - $ok = false; - } - if(empty($d['password'])){ - $error[] = sprintf($lang['i_badval'],$lang['pass']); - $ok = false; - } - if($d['confirm'] != $d['password']){ - $error[] = sprintf($lang['i_badval'],$lang['passchk']); - $ok = false; - } - if(empty($d['fullname']) || strstr($d['fullname'],':')){ - $error[] = sprintf($lang['i_badval'],$lang['fullname']); + if(isset($_REQUEST['submit'])) { + $ok = true; + + // check input + if(empty($d['title'])){ + $error[] = sprintf($lang['i_badval'],$lang['i_wikiname']); $ok = false; } - if(empty($d['email']) || strstr($d['email'],':') || !strstr($d['email'],'@')){ - $error[] = sprintf($lang['i_badval'],$lang['email']); - $ok = false; + if(isset($d['acl'])){ + if(!preg_match('/^[a-z0-9_]+$/',$d['superuser'])){ + $error[] = sprintf($lang['i_badval'],$lang['i_superuser']); + $ok = false; + } + if(empty($d['password'])){ + $error[] = sprintf($lang['i_badval'],$lang['pass']); + $ok = false; + } + elseif(!isset($d['confirm']) || $d['confirm'] != $d['password']){ + $error[] = sprintf($lang['i_badval'],$lang['passchk']); + $ok = false; + } + if(empty($d['fullname']) || strstr($d['fullname'],':')){ + $error[] = sprintf($lang['i_badval'],$lang['fullname']); + $ok = false; + } + if(empty($d['email']) || strstr($d['email'],':') || !strstr($d['email'],'@')){ + $error[] = sprintf($lang['i_badval'],$lang['email']); + $ok = false; + } } } + $d = array_merge($form_default, $d); return $ok; } @@ -531,11 +555,13 @@ function langsel(){ */ function print_errors(){ global $error; - echo '<ul>'; - foreach ($error as $err){ - echo "<li>$err</li>"; + if(!empty($error)) { + echo '<ul>'; + foreach ($error as $err){ + echo "<li>$err</li>"; + } + echo '</ul>'; } - echo '</ul>'; } /** |