Mercurial > hg > lukkari
changeset 23:b4b86915ae2c
Better input validation for $_GET arguments, thanks to Hjalmarr for pointing out the error.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Mon, 14 Feb 2011 23:55:09 +0200 |
parents | f025d36926a1 |
children | 1b8260151e99 |
files | index.php |
diffstat | 1 files changed, 5 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/index.php Tue Jan 25 19:51:39 2011 +0200 +++ b/index.php Mon Feb 14 23:55:09 2011 +0200 @@ -36,12 +36,14 @@ function checkClassID(&$id) { global $luokkaDefault; - if (!preg_match("#^[A-Z]{3}\d\S+|ccr#", $id)) { + if (preg_match("#^([A-Z]{3}\d[A-Za-z0-9_]{1,6}|ccr|Ryh_[A-Z]{3}\d[A-Za-z0-9_]{1,6})$#", $id, $m)) { + $id = $m[1]; + return TRUE; + } else { errorMsg("Virhe! Luokan täytyy olla muotoa <b>XXXnXXX</b>, käytetään vakioarvoa <b>".$luokkaDefault."</b>."); $id = $luokkaDefault; return FALSE; - } else - return TRUE; + } } // Check for mini-info mode