diff options
Diffstat (limited to 'devel/flyspray/files/patch-includes-regexp.php')
| -rw-r--r-- | devel/flyspray/files/patch-includes-regexp.php | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/devel/flyspray/files/patch-includes-regexp.php b/devel/flyspray/files/patch-includes-regexp.php new file mode 100644 index 000000000000..6cbbac084616 --- /dev/null +++ b/devel/flyspray/files/patch-includes-regexp.php @@ -0,0 +1,94 @@ +--- includes/regexp.php.orig Sun Jul 24 12:00:47 2005 ++++ includes/regexp.php Wed Oct 26 23:03:01 2005 +@@ -55,6 +55,20 @@ + + }; + ++if (isset($_GET['sort2']) && !empty($_GET['sort2'])) ++{ ++ // Yes. Now check its regex format for safety -- Limited range ++ if (preg_match ("/^(asc|desc)$/", $_GET['sort2'])) { ++ ++ // continue; ++ } else { ++ ++ $fs->Redirect($fs->CreateURL('error', null)); ++// print "Sorting request is invalid."; exit; ++ }; ++ ++}; ++ + if (isset($_GET['project']) && !empty($_GET['project'])) { + + // Yes. Now check its regex format for safety -- Numbers only +@@ -69,6 +83,21 @@ + }; + }; + ++if (isset($_GET['type']) && !empty($_GET['type'])) { ++ ++ // Yes. Now check its regex format for safety -- Numbers only ++ if (preg_match ("/^\d+$/", $_GET['type'])) { ++ ++ // continue; ++ ++ } else { ++ ++ $fs->Redirect($fs->CreateURL('error', null)); ++// print "Tasktype request is invalid."; exit; ++ }; ++}; ++ ++ + if (isset($_GET['page']) && !empty($_GET['page'])) + { + // Yes. Now check its regex format for safety -- Numbers only +@@ -324,4 +353,48 @@ + // print "Magic URL is invalid."; exit; + }; + }; ++ ++if (isset($_GET['tasks']) && !empty($_GET['tasks'])) ++{ ++ // Yes. Now check its regex format for safety -- Limited range ++ if (preg_match ("/^(all|assigned|reported|watched)$/", $_GET['tasks'])) { ++ ++ // continue; ++ } else { ++ ++ $fs->Redirect($fs->CreateURL('error', null)); ++// print "Tasks request is invalid."; exit; ++ }; ++ ++}; ++ ++if (isset($_GET['due']) && !empty($_GET['due'])) { ++ ++ // Yes. Now check its regex format for safety -- Numbers only ++ if (preg_match ("/^\d+$/", $_GET['due'])) { ++ ++ // continue; ++ } else { ++ ++ $fs->Redirect($fs->CreateURL('error', null)); ++// print "Due version request is invalid."; exit; ++ }; ++}; ++ ++if (isset($_GET['string']) && !empty($_GET['string'])) { ++ ++ // Yes. Now check its regex format for safety -- Numbers only ++ if (preg_match ("!<.*>!", $_GET['string'])) { ++ $fs->Redirect($fs->CreateURL('error', null)); ++ }; ++}; ++ ++if (isset($_GET['PHPSESSID']) && !empty($_GET['PHPSESSID'])) { ++ ++ // Yes. Now check its regex format for safety -- Numbers only ++ if (preg_match ("!<.*>!", $_GET['PHPSESSID'])) { ++ $fs->Redirect($fs->CreateURL('error', null)); ++ }; ++}; ++ + ?> |