From 282871a8c46e3d2d3d23ea21007429267fbeeee5 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Fri, 3 Apr 2009 12:56:21 +0000
Subject: [PATCH] Added : url string validation

---
 .../menus/barre_top/auguria_backoffice.php    | 77 +++++++++----------
 .../menus/barre_top/eldy_backoffice.php       | 31 ++++----
 htdocs/langs/en_US/errors.lang                |  1 +
 htdocs/langs/fr_FR/errors.lang                |  1 +
 htdocs/lib/functions.lib.php                  | 51 +++++++++++-
 htdocs/societe.class.php                      |  5 ++
 6 files changed, 109 insertions(+), 57 deletions(-)

diff --git a/htdocs/includes/menus/barre_top/auguria_backoffice.php b/htdocs/includes/menus/barre_top/auguria_backoffice.php
index c50964fc8fe..3712cf2e413 100644
--- a/htdocs/includes/menus/barre_top/auguria_backoffice.php
+++ b/htdocs/includes/menus/barre_top/auguria_backoffice.php
@@ -54,48 +54,47 @@ class MenuTop {
      */
     function showmenu()
     {
-       	require_once(DOL_DOCUMENT_ROOT."/core/menubase.class.php");
+    	require_once(DOL_DOCUMENT_ROOT."/core/menubase.class.php");
 
-        global $user,$conf,$langs,$dolibarr_main_db_name;;
+      global $user,$conf,$langs,$dolibarr_main_db_name;;
 
 
-        // On sauve en session le menu principal choisi
-		if (isset($_GET["mainmenu"])) $_SESSION["mainmenu"]=$_GET["mainmenu"];
-		if (isset($_GET["idmenu"]))   $_SESSION["idmenu"]=$_GET["idmenu"];
-        $_SESSION["leftmenuopened"]="";
-
-
-        $menuArbo = new Menubase($this->db,'auguria','top');
- 		$tabMenu = $menuArbo->menuTopCharger(0,$_SESSION['mainmenu'], 'auguria');
-
-        print '<ul>';
-
-        for($i=0; $i<count($tabMenu); $i++)
-        {
-        	if ($tabMenu[$i]['enabled'] == true)
-        	{
-        		if ($tabMenu[$i]['right'] == true)
-	        	{
-		        	// Define url
-					$url=DOL_URL_ROOT.$tabMenu[$i]['url'];
-					if (! eregi('\?',DOL_URL_ROOT.$tabMenu[$i]['url'])) $url.='?';
-					else $url.='&';
-					$url.='mainmenu='.$tabMenu[$i]['mainmenu'].'&leftmenu=';
-					$url.="&idmenu=".$tabMenu[$i]['rowid'];
-					if (! empty($_GET["idmenu"]) && $tabMenu[$i]['rowid'] == $_GET["idmenu"]) $class='class="tmenusel"';
-					else  $class='class="tmenu"';
-					// Define idsel
-					$idsel='';
-	        		print '<li><a '.$class.' '.$idsel.'href="'.$url.'"'.($this->atarget?" target=$this->atarget":"").'>'.$tabMenu[$i]['titre'].'</a></li>';
-	        	}
-	        	else
-	        	{
-	        		print '<li><div class="tmenudisabled">'.$tabMenu[$i]['titre'].'</div></li>';
-	        	}
-        	}
-        }
-
-        print '</ul>';
+      // On sauve en session le menu principal choisi
+      if (isset($_GET["mainmenu"])) $_SESSION["mainmenu"]=$_GET["mainmenu"];
+      if (isset($_GET["idmenu"]))   $_SESSION["idmenu"]=$_GET["idmenu"];
+      $_SESSION["leftmenuopened"]="";
+      
+      $menuArbo = new Menubase($this->db,'auguria','top');
+      $tabMenu = $menuArbo->menuTopCharger(0,$_SESSION['mainmenu'], 'auguria');
+      
+      print '<ul>';
+      
+      for($i=0; $i<count($tabMenu); $i++)
+      {
+      	if ($tabMenu[$i]['enabled'] == true)
+      	{
+      		if ($tabMenu[$i]['right'] == true)
+      		{
+      			// Define url
+      			$url=DOL_URL_ROOT.$tabMenu[$i]['url'];
+      			if (! eregi('\?',DOL_URL_ROOT.$tabMenu[$i]['url'])) $url.='?';
+      			else $url.='&';
+      			$url.='mainmenu='.$tabMenu[$i]['mainmenu'].'&leftmenu=';
+      			$url.="&idmenu=".$tabMenu[$i]['rowid'];
+      			if (! empty($_GET["idmenu"]) && $tabMenu[$i]['rowid'] == $_GET["idmenu"]) $class='class="tmenusel"';
+      			else  $class='class="tmenu"';
+      			// Define idsel
+      			$idsel='';
+      			print '<li><a '.$class.' '.$idsel.'href="'.$url.'"'.($this->atarget?" target=$this->atarget":"").'>'.$tabMenu[$i]['titre'].'</a></li>';
+      		}
+      		else
+	        {
+	        	print '<li><div class="tmenudisabled">'.$tabMenu[$i]['titre'].'</div></li>';
+	        }
+	      }
+	    }
+	    
+	    print '</ul>';
     }
 
 }
diff --git a/htdocs/includes/menus/barre_top/eldy_backoffice.php b/htdocs/includes/menus/barre_top/eldy_backoffice.php
index 575f2f4643a..3781f07afc6 100644
--- a/htdocs/includes/menus/barre_top/eldy_backoffice.php
+++ b/htdocs/includes/menus/barre_top/eldy_backoffice.php
@@ -350,31 +350,30 @@ class MenuTop {
             	if (! $this->hideifnotallowed) print '<td class="tmenu"><a class="tmenudisabled" '.$idsel.'href="#">'.$langs->trans("MenuMembers").'</a></td>';
         	}
         }
-
-
-		// Affichage des menus personnalises
+        
+        // Affichage des menus personnalises
        	require_once(DOL_DOCUMENT_ROOT."/core/menubase.class.php");
 
         $menuArbo = new Menubase($this->db,'eldy','top');
- 		$tabMenu = $menuArbo->menuTopCharger(0,$_SESSION['mainmenu'],'eldy');
-
- 		for($i=0; $i<count($tabMenu); $i++)
+        $tabMenu = $menuArbo->menuTopCharger(0,$_SESSION['mainmenu'],'eldy');
+        
+        for($i=0; $i<count($tabMenu); $i++)
         {
         	if ($tabMenu[$i]['enabled'] == true)
         	{
         		$idsel=(empty($tabMenu[$i]['mainmenu'])?'id="none" ':'id="'.$tabMenu[$i]['mainmenu'].'" ');
         		if ($tabMenu[$i]['right'] == true)
 	        	{
-					$url=DOL_URL_ROOT.$tabMenu[$i]['url'];
-					if (! eregi('\?',DOL_URL_ROOT.$tabMenu[$i]['url'])) $url.='?';
-					else $url.='&';
-					$url.='mainmenu='.$tabMenu[$i]['mainmenu'].'&leftmenu=';
-					$url.="&idmenu=".$tabMenu[$i]['rowid'];
-					if (! empty($_SESSION['idmenu']) && $tabMenu[$i]['rowid'] == $_SESSION['idmenu']) $class='class="tmenusel"';
-					else $class='class="tmenu"';
-					print '<td class="tmenu"><a '.$class.' '.$idsel.'href="'.$url.'"'.($this->atarget?" target=$this->atarget":"").'>';
-					print $tabMenu[$i]['titre'];
-					print '</a></td>';
+	        		$url=DOL_URL_ROOT.$tabMenu[$i]['url'];
+	        		if (! eregi('\?',DOL_URL_ROOT.$tabMenu[$i]['url'])) $url.='?';
+	        		else $url.='&';
+	        		$url.='mainmenu='.$tabMenu[$i]['mainmenu'].'&leftmenu=';
+	        		$url.="&idmenu=".$tabMenu[$i]['rowid'];
+	        		if (! empty($_SESSION['idmenu']) && $tabMenu[$i]['rowid'] == $_SESSION['idmenu']) $class='class="tmenusel"';
+	        		else $class='class="tmenu"';
+	        		print '<td class="tmenu"><a '.$class.' '.$idsel.'href="'.$url.'"'.($this->atarget?" target=$this->atarget":"").'>';
+	        		print $tabMenu[$i]['titre'];
+	        		print '</a></td>';
 	        	}
 	        	else
 	        	{
diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang
index 064b0f73432..7a06ba92808 100644
--- a/htdocs/langs/en_US/errors.lang
+++ b/htdocs/langs/en_US/errors.lang
@@ -18,6 +18,7 @@ ErrorBadCustomerCodeSyntax=Bad syntax for customer code
 ErrorCustomerCodeRequired=Customer code required
 ErrorCustomerCodeAlreadyUsed=Customer code already used
 ErrorPrefixRequired=Prefix required
+ErrorUrlNotValid=The website address is incorrect
 ErrorBadSupplierCodeSyntax=Bad syntax for supplier code
 ErrorSupplierCodeRequired=Supplier code required
 ErrorSupplierCodeAlreadyUsed=Supplier code already used
diff --git a/htdocs/langs/fr_FR/errors.lang b/htdocs/langs/fr_FR/errors.lang
index debda9c2f2b..67274b607b0 100644
--- a/htdocs/langs/fr_FR/errors.lang
+++ b/htdocs/langs/fr_FR/errors.lang
@@ -18,6 +18,7 @@ ErrorBadCustomerCodeSyntax=La syntaxe du code client est incorrect
 ErrorCustomerCodeRequired=Code client obligatoire
 ErrorCustomerCodeAlreadyUsed=Code client deja utilise
 ErrorPrefixRequired=Prefix obligatoire
+ErrorUrlNotValid=L'adresse du site web est incorrect
 ErrorBadSupplierCodeSyntax=La syntaxe du code fournisseur est incorrect
 ErrorSupplierCodeRequired=Code fournisseur obligatoire
 ErrorSupplierCodeAlreadyUsed=Code fournisseur deja utilise
diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php
index dd3223c908d..7996ae07f31 100644
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@@ -2379,13 +2379,60 @@ function clean_url($url,$http=1)
 		}
 
 		// On passe le nom de domaine en minuscule
-		$url = eregi_replace('^'.$proto.$domain, $newproto.strtolower($domain), $url);
+		$CleanUrl = eregi_replace('^'.$proto.$domain, $newproto.strtolower($domain), $url);
 
-		return $url;
+		return $CleanUrl;
 	}
 }
 
 
+/**
+ *	\brief   	Url string validation
+ *  \remarks  <http[s]> :// [user[:pass]@] hostname [port] [/path] [?getquery] [anchor]
+ *	\param   	url			Url
+ *  \param   	http		1: verify http, 0: not verify http
+ *  \param   	pass		1: verify user and pass, 0: not verify user and pass
+ *  \param   	port		1: verify port, 0: not verify port
+ *  \param   	path		1: verify path, 0: not verify path
+ *  \param   	query		1: verify query, 0: not verify query
+ *  \param   	anchor	1: verify anchor, 0: not verify anchor
+ *	\return  	string	    ValidUrl
+ */
+function valid_url($url,$http=0,$pass=0,$port=0,$path=0,$query=0,$anchor=0)
+{
+	$ValidUrl = 0;
+	$urlregex = '';
+	
+	// SCHEME
+	if ($http) $urlregex .= "^(http:\/\/|https:\/\/)";
+	
+	// USER AND PASS
+	if ($pass) $urlregex .= "([a-z0-9+!*(),;?&=\$_.-]+(\:[a-z0-9+!*(),;?&=\$_.-]+)?@)";
+	
+	// HOSTNAME OR IP
+	//$urlregex .= "[a-z0-9+\$_-]+(\.[a-z0-9+\$_-]+)*";  // http://x = allowed (ex. http://localhost, http://routerlogin)
+	//$urlregex .= "[a-z0-9+\$_-]+(\.[a-z0-9+\$_-]+)+";  // http://x.x = minimum
+	$urlregex .= "([a-z0-9+\$_-]+\.)*[a-z0-9+\$_-]{2,3}";  // http://x.xx(x) = minimum
+	//use only one of the above
+	
+	// PORT
+	if ($port) $urlregex .= "(\:[0-9]{2,5})";
+	// PATH
+	if ($path) $urlregex .= "(\/([a-z0-9+\$_-]\.?)+)*\/";
+	// GET Query
+	if ($query) $urlregex .= "(\?[a-z+&\$_.-][a-z0-9;:@/&%=+\$_.-]*)";
+	// ANCHOR
+	if($anchor) $urlregex .= "(#[a-z_.-][a-z0-9+\$_.-]*)\$";
+	
+	// check
+	if (eregi($urlregex, $url))
+	{
+		$ValidUrl = 1;
+	}
+	
+	return $ValidUrl;
+}
+
 
 /**
  *	\brief   	Clean a string from all HTML tags and entities
diff --git a/htdocs/societe.class.php b/htdocs/societe.class.php
index 90d5da7e0b3..b2745a4221f 100644
--- a/htdocs/societe.class.php
+++ b/htdocs/societe.class.php
@@ -294,6 +294,11 @@ class Societe extends CommonObject
 				$result = -3;
 			}
 		}
+		if (valid_url($this->url) == 0)
+		{
+			$this->errors[] = 'ErrorUrlNotValid';
+			$result = -4;
+		}
 
 		return $result;
 	}