From: Thomas Mudrunka Date: Mon, 24 Oct 2011 19:19:04 +0000 (+0200) Subject: Pridana zakladni podpora pro kontrolu validity dat X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=a8bbdc31576415bf9b1d1100785f8ad4f53a37e4;p=mirrors%2FSokoMan.git Pridana zakladni podpora pro kontrolu validity dat --- diff --git a/index.php b/index.php index 40b215f..479e75c 100755 --- a/index.php +++ b/index.php @@ -159,7 +159,7 @@ class Sklad_HTML extends HTML { //TODO: Split into few more methods $home = URL_HOME; $script = $_SERVER['SCRIPT_NAME']; $search = htmlspecialchars(@trim($_GET['q'])); - $message = strip_tags(@trim($_GET['message']),''); + $message = strip_tags(@trim($_GET['message']),'
'); $instance = INSTANCE_ID != '' ? '/'.INSTANCE_ID : ''; $user_id = htmlspecialchars($user['id']); $user_gid = htmlspecialchars($user['gid']); @@ -795,15 +795,16 @@ class Sklad_UI { new HTTP_Auth('SkladovejSystem', true, array($this->db->auth,'check_auth')); } - function post_redirect_get($location, $message='', $error=false) { - $url_args = $message != '' ? '?message='.urlencode(T($message)) : ''; + function post_redirect_get($location, $message='', $error=false, $translate=true) { + $messaget = $translate ? T($message) : $message; + $url_args = $messaget != '' ? '?message='.urlencode($messaget) : ''; $location = $this->html->internal_url($location).$url_args; header('Location: '.$location); if($error) trigger_error($message); $location=htmlspecialchars($location); die( "". - T($message)."
Location:
$location" + $messaget."
Location: $location" ); } @@ -819,6 +820,15 @@ class Sklad_UI { return $out; } + function check_input_validity($field, $value='', $ruleset=0) { + $rules = array(0 => array( + 'model_barcode' => '/./', + 'item_serial' => '/./' + )); + if(isset($rules[$ruleset][$field]) && !preg_match($rules[$ruleset][$field], trim($value))) return false; + return true; + } + function process_http_request_post($action=false, $class=false, $id=false, $force_redirect=false) { if($_SERVER['REQUEST_METHOD'] != 'POST') return; //echo('
'); //DEBUG (maybe todo remove), HEADERS ALREADY SENT!!!!
@@ -833,7 +843,14 @@ class Sklad_UI {
 			$values=array();
 			foreach($_POST['values'] as $table => $columns) {
 				foreach($columns as $column => $ids) {
-					foreach($ids as $id => $val) $values[$table][$id][$column] = $val;
+					foreach($ids as $id => $val) {
+						$values[$table][$id][$column] = trim($val);
+						if(!$this->check_input_validity($column,$val)) {
+							$message = "Spatny vstup: $column [$id] = \"$val\"; ". //XSS
+								$this->html->link('GO BACK', 'javascript:history.back()', false, false);
+			        $this->post_redirect_get('', $message, false, false);
+						}
+					}
 				}
 			}
 			//die(print_r($values));