diff options
Diffstat (limited to 'lib/plugins/config/settings/config.class.php')
| -rw-r--r-- | lib/plugins/config/settings/config.class.php | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index 4f2129c70..01f15a54e 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -342,8 +342,8 @@ if (!class_exists('setting')) { var $_cautionList = array( 'basedir' => 'danger', 'baseurl' => 'danger', 'savedir' => 'danger', 'useacl' => 'danger', 'authtype' => 'danger', 'superuser' => 'danger', 'userewrite' => 'danger', - 'start' => 'warning', 'camelcase' => 'warning', 'deaccent' => 'warning', 'sepchar' => 'warning', 'compression' => 'warning', 'xsendfile' => 'warning', 'renderer_xhtml' => 'warning', - 'allowdebug' => 'security', 'htmlok' => 'security', 'phpok' => 'security', 'iexssprotect' => 'security', 'xmlrpc' => 'security', 'fnencode' => 'warning' + 'start' => 'warning', 'camelcase' => 'warning', 'deaccent' => 'warning', 'sepchar' => 'warning', 'compression' => 'warning', 'xsendfile' => 'warning', 'renderer_xhtml' => 'warning', 'fnencode' => 'warning', + 'allowdebug' => 'security', 'htmlok' => 'security', 'phpok' => 'security', 'iexssprotect' => 'security', 'xmlrpc' => 'security', 'fullpath' => 'security' ); function setting($key, $params=NULL) { @@ -616,8 +616,25 @@ if (!class_exists('setting_numeric')) { // This allows for many PHP syntax errors... // var $_pattern = '/^[-+\/*0-9 ]*$/'; // much more restrictive, but should eliminate syntax errors. - var $_pattern = '/^[-]?[0-9]+(?:[-+*][0-9]+)*$/'; - //FIXME - make the numeric error checking better. + var $_pattern = '/^[-+]? *[0-9]+ *(?:[-+*] *[0-9]+ *)*$/'; + var $_min = null; + var $_max = null; + + function update($input) { + $local = $this->_local; + $valid = parent::update($input); + if ($valid && !(is_null($this->_min) && is_null($this->_max))) { + $numeric_local = (int) eval('return '.$this->_local.';'); + if ((!is_null($this->_min) && $numeric_local < $this->_min) || + (!is_null($this->_max) && $numeric_local > $this->_max)) { + $this->_error = true; + $this->_input = $input; + $this->_local = $local; + $valid = false; + } + } + return $valid; + } function out($var, $fmt='php') { |