Browse Source

vérifie un peu mieux les entrées

master
vince vince 3 years ago
parent
commit
9b2a313953
1 changed files with 13 additions and 5 deletions
  1. +13
    -5
      index.php

+ 13
- 5
index.php View File

@ -8,9 +8,9 @@ define('DATA_FILE', __DIR__ . DIRECTORY_SEPARATOR . 'data.php');
if (file_exists(CONFIG_FILE)) require_once CONFIG_FILE; if (file_exists(CONFIG_FILE)) require_once CONFIG_FILE;
if (!isset($config)) $config = []; if (!isset($config)) $config = [];
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
$action = (isset($_REQUEST['action']) and preg_match('/^[a-z]{1,16}$/i', $_REQUEST['action'])) ? $_REQUEST['action'] : null;
$hasSupplier = isset($_REQUEST['supplier']) and !empty($_REQUEST['supplier']);
$hasSupplier = isset($_REQUEST['supplier']) and !empty($_REQUEST['supplier']) and preg_match('/^[A-Za-z]\w{0,31}$/', $_REQUEST['supplier']);
$supplier = $_REQUEST['supplier']; $supplier = $_REQUEST['supplier'];
if ($hasSupplier) { if ($hasSupplier) {
@ -52,7 +52,7 @@ if ($hasSupplier) {
foreach (array_keys($config[$supplier]) as $key) foreach (array_keys($config[$supplier]) as $key)
if (isset($_REQUEST[$key])) if (isset($_REQUEST[$key]))
$config[$supplier][$key] = $_REQUEST[$key];
$config[$supplier][$key] = (!in_array($key, ['title', 'description']) ? filter_var($_REQUEST[$key], FILTER_SANITIZE_STRING) : $_REQUEST[$key]);
} }
if (empty($config[$supplier]['start'])) if (empty($config[$supplier]['start']))
@ -93,7 +93,15 @@ if ($action === 'config') {
$isConfig = true; $isConfig = true;
} }
$hasEvent = isset($_REQUEST['event']);
try {
$hasEvent = (
isset($_REQUEST['event'])
and preg_match('/^\d{4}\-[01]\d\-[0123]\d$/', $_REQUEST['event'])
and ((new \DateTimeImmutable($_REQUEST['event'])) instanceof \DateTimeImmutable)
);
} catch (\Exception $exception) {
$hasEvent = false;
}
if (!$isConfig and $hasSupplier) { if (!$isConfig and $hasSupplier) {
$start = new \DateTime($config[$supplier]['start']); $start = new \DateTime($config[$supplier]['start']);
if (!$hasEvent) { if (!$hasEvent) {
@ -133,7 +141,7 @@ if (!$isConfig and $hasSupplier) {
fwrite($output, '<?php' . PHP_EOL); fwrite($output, '<?php' . PHP_EOL);
$item = []; $item = [];
foreach (['name', 'choice', 'action'] as $field) foreach (['name', 'choice', 'action'] as $field)
$item[$field] = $_REQUEST[$field];
$item[$field] = filter_var($_REQUEST[$field], FILTER_SANITIZE_STRING);
$item['timestamp'] = time(); $item['timestamp'] = time();
$item['hash'] = md5(implode([ $item['name'], $item['choice'], ])); $item['hash'] = md5(implode([ $item['name'], $item['choice'], ]));
fprintf( fprintf(


Loading…
Cancel
Save