Mercurial > hg > fapweb

diff msite.inc.php @ 207:e31c42a9b574

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Slowly work on input validation.
author Matti Hamalainen <ccr@tnsp.org>
date Sun, 17 Nov 2013 19:26:46 +0200
parents 77d33161f8be
children b236b4d8d7a9
line wrap: on
line diff
--- a/msite.inc.php	Sun Nov 17 19:07:08 2013 +0200
+++ b/msite.inc.php	Sun Nov 17 19:26:46 2013 +0200
@@ -244,4 +244,42 @@
 }
 
 
+function stCheckRequestUserData($admin)
+{
+  if (!stChkRequestItem("name", $fake,
+    array(CHK_ISGT, VT_STR, 0, "Handle / name not given."),
+    array(CHK_ISLT, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters.")
+    )) return FALSE;
+
+  if (!stChkRequestItem("groups", $fake,
+    array(CHK_ISLT, VT_STR, SET_LEN_GROUPS, "Groups are too long, should be less than ".SET_LEN_GROUPS." characters.")
+    )) return FALSE;
+
+  if (!stChkRequestItem("oneliner", $fake,
+    array(CHK_ISLT, VT_STR, SET_LEN_ONELINER, "Oneliner is too long, should be less than ".SET_LEN_ONELINER." characters.")
+    )) return FALSE;
+
+  $email = stGetRequestItem("email");
+  if (!$admin && stGetSetting("requireEMail") && strlen($email) < 4)
+  {
+    stError("E-mail address not given, or it is too short.");
+    return FALSE;
+  }
+
+  if (strlen($email) > 0 && (strpos($email, "@") === FALSE || strpos($email, ".") === FALSE))
+  {
+    stError("E-mail address not in proper format.");
+    return FALSE;
+  }
+
+  if (strlen($email) > SET_LEN_EMAIL)
+  {
+    stError("E-mail address too long, max ".SET_LEN_EMAIL." characters.");
+    return FALSE;
+  }
+  
+  return TRUE;
+}
+
+
 ?>
\ No newline at end of file