From 61c77268159454a8db8b52b7494b451cadf9f698 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Wed, 03 Mar 2010 08:31:25 -0500
Subject: [PATCH] Fixed: FS#1083 - Make some validation for Redirect paths.

---
 interface/web/sites/form/web_aliasdomain.tform.php |    4 ++
 interface/web/sites/lib/lang/en_web_domain.lng     |    1 
 interface/web/sites/form/web_subdomain.tform.php   |    4 ++
 interface/web/sites/lib/lang/en_web_subdomain.lng  |   77 +++++++++++++++++++-------------------
 interface/web/sites/form/web_domain.tform.php      |    4 ++
 5 files changed, 52 insertions(+), 38 deletions(-)

diff --git a/interface/web/sites/form/web_aliasdomain.tform.php b/interface/web/sites/form/web_aliasdomain.tform.php
index ef36068..e9753a4 100644
--- a/interface/web/sites/form/web_aliasdomain.tform.php
+++ b/interface/web/sites/form/web_aliasdomain.tform.php
@@ -111,6 +111,10 @@
 		'redirect_path' => array (
 			'datatype'	=> 'VARCHAR',
 			'formtype'	=> 'TEXT',
+			'validators'	=> array ( 	0 => array (	'type'	=> 'REGEX',
+														'regex' => '@^(([.]{0})|(https?://([-\w\.]+)+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?)|(/[\w/_\.\-]{1,255}/))$@',
+														'errmsg'=> 'redirect_error_regex'),
+									),
 			'default'	=> '',
 			'value'		=> '',
 			'width'		=> '30',
diff --git a/interface/web/sites/form/web_domain.tform.php b/interface/web/sites/form/web_domain.tform.php
index 1e5afad..d5ef328 100644
--- a/interface/web/sites/form/web_domain.tform.php
+++ b/interface/web/sites/form/web_domain.tform.php
@@ -223,6 +223,10 @@
 		),
 		'redirect_path' => array (
 			'datatype'	=> 'VARCHAR',
+			'validators'	=> array ( 	0 => array (	'type'	=> 'REGEX',
+														'regex' => '@^(([.]{0})|(https?://([-\w\.]+)+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?)|(/[\w/_\.\-]{1,255}/))$@',
+														'errmsg'=> 'redirect_error_regex'),
+									),
 			'formtype'	=> 'TEXT',
 			'default'	=> '',
 			'value'		=> '',
diff --git a/interface/web/sites/form/web_subdomain.tform.php b/interface/web/sites/form/web_subdomain.tform.php
index f6cc6f8..f9bfcd5 100644
--- a/interface/web/sites/form/web_subdomain.tform.php
+++ b/interface/web/sites/form/web_subdomain.tform.php
@@ -111,6 +111,10 @@
 		'redirect_path' => array (
 			'datatype'	=> 'VARCHAR',
 			'formtype'	=> 'TEXT',
+			'validators'	=> array ( 	0 => array (	'type'	=> 'REGEX',
+														'regex' => '@^(([.]{0})|(https?://([-\w\.]+)+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?)|(/[\w/_\.\-]{1,255}/))$@',
+														'errmsg'=> 'redirect_error_regex'),
+									),
 			'default'	=> '',
 			'value'		=> '',
 			'width'		=> '30',
diff --git a/interface/web/sites/lib/lang/en_web_domain.lng b/interface/web/sites/lib/lang/en_web_domain.lng
index ba874b5..fa15cda 100644
--- a/interface/web/sites/lib/lang/en_web_domain.lng
+++ b/interface/web/sites/lib/lang/en_web_domain.lng
@@ -55,4 +55,5 @@
 $wb["ssl_organistaion_unit_error_regex"] = 'Invalid SSL Organisation Unit. Valid characters are: a-z, 0-9 and .,-_';
 $wb["ssl_country_error_regex"] = 'Invalid SSL Country. Valid characters are: A-Z';
 $wb["limit_traffic_quota_free_txt"] = 'Max. available Traffic Quota';
+$wb["redirect_error_regex"] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
 ?>
diff --git a/interface/web/sites/lib/lang/en_web_subdomain.lng b/interface/web/sites/lib/lang/en_web_subdomain.lng
index ef71003..6bd3b08 100644
--- a/interface/web/sites/lib/lang/en_web_subdomain.lng
+++ b/interface/web/sites/lib/lang/en_web_subdomain.lng
@@ -1,39 +1,40 @@
-<?php
-$wb["ssl_state_txt"] = 'State';
-$wb["ssl_locality_txt"] = 'Locality';
-$wb["ssl_organisation_txt"] = 'Organisation';
-$wb["ssl_organisation_unit_txt"] = 'Organisation Unit';
-$wb["ssl_country_txt"] = 'Country';
-$wb["ssl_request_txt"] = 'SSL Request';
-$wb["ssl_cert_txt"] = 'SSL Certificate';
-$wb["ssl_bundle_txt"] = 'SSL Bundle';
-$wb["ssl_action_txt"] = 'SSL Action';
-$wb["server_id_txt"] = 'Server';
-$wb["domain_txt"] = 'Domain';
-$wb["type_txt"] = 'Type';
-$wb["parent_domain_id_txt"] = 'Parent Website';
-$wb["redirect_type_txt"] = 'Redirect Type';
-$wb["redirect_path_txt"] = 'Redirect Path';
-$wb["active_txt"] = 'Active';
-$wb["document_root_txt"] = 'Documentroot';
-$wb["system_user_txt"] = 'Linux User';
-$wb["system_group_txt"] = 'Linux Group';
-$wb["ip_address_txt"] = 'IP-Address';
-$wb["vhost_type_txt"] = 'VHost Type';
-$wb["hd_quota_txt"] = 'Harddisk Quota';
-$wb["traffic_quota_txt"] = 'Traffic Quaota';
-$wb["cgi_txt"] = 'CGI';
-$wb["ssi_txt"] = 'SSI';
-$wb["ssl_txt"] = 'SSL';
-$wb["suexec_txt"] = 'SuEXEC';
-$wb["php_txt"] = 'PHP';
-$wb["client_txt"] = 'Client';
-$wb["limit_web_domain_txt"] = 'The max. number of web domains for your account is reached.';
-$wb["limit_web_aliasdomain_txt"] = 'The max. number of aliasdomains for your account is reached.';
-$wb["limit_web_subdomain_txt"] = 'The max. number of web subdomains for your account is reached.';
-$wb["apache_directives_txt"] = 'Apache directives';
-$wb["domain_error_empty"] = 'Domain is empty.';
-$wb["domain_error_unique"] = 'There is already a website or sub / aliasdomain with this domain name.';
-$wb["domain_error_regex"] = 'Domain name invalid.';
-$wb["host_txt"] = 'Host';
+<?php
+$wb["ssl_state_txt"] = 'State';
+$wb["ssl_locality_txt"] = 'Locality';
+$wb["ssl_organisation_txt"] = 'Organisation';
+$wb["ssl_organisation_unit_txt"] = 'Organisation Unit';
+$wb["ssl_country_txt"] = 'Country';
+$wb["ssl_request_txt"] = 'SSL Request';
+$wb["ssl_cert_txt"] = 'SSL Certificate';
+$wb["ssl_bundle_txt"] = 'SSL Bundle';
+$wb["ssl_action_txt"] = 'SSL Action';
+$wb["server_id_txt"] = 'Server';
+$wb["domain_txt"] = 'Domain';
+$wb["type_txt"] = 'Type';
+$wb["parent_domain_id_txt"] = 'Parent Website';
+$wb["redirect_type_txt"] = 'Redirect Type';
+$wb["redirect_path_txt"] = 'Redirect Path';
+$wb["active_txt"] = 'Active';
+$wb["document_root_txt"] = 'Documentroot';
+$wb["system_user_txt"] = 'Linux User';
+$wb["system_group_txt"] = 'Linux Group';
+$wb["ip_address_txt"] = 'IP-Address';
+$wb["vhost_type_txt"] = 'VHost Type';
+$wb["hd_quota_txt"] = 'Harddisk Quota';
+$wb["traffic_quota_txt"] = 'Traffic Quaota';
+$wb["cgi_txt"] = 'CGI';
+$wb["ssi_txt"] = 'SSI';
+$wb["ssl_txt"] = 'SSL';
+$wb["suexec_txt"] = 'SuEXEC';
+$wb["php_txt"] = 'PHP';
+$wb["client_txt"] = 'Client';
+$wb["limit_web_domain_txt"] = 'The max. number of web domains for your account is reached.';
+$wb["limit_web_aliasdomain_txt"] = 'The max. number of aliasdomains for your account is reached.';
+$wb["limit_web_subdomain_txt"] = 'The max. number of web subdomains for your account is reached.';
+$wb["apache_directives_txt"] = 'Apache directives';
+$wb["domain_error_empty"] = 'Domain is empty.';
+$wb["domain_error_unique"] = 'There is already a website or sub / aliasdomain with this domain name.';
+$wb["domain_error_regex"] = 'Domain name invalid.';
+$wb["host_txt"] = 'Host';
+$wb["redirect_error_regex"] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
 ?>
\ No newline at end of file

--
Gitblit v1.9.1