Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Added : url string validation

Browse Source
This commit is contained in:
Regis Houssin
2009-04-03 12:56:21 +00:00
parent c76caf0c9b
commit 282871a8c4
6 changed files with 109 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
htdocs/includes/menus/barre_top/auguria_backoffice.php
View File

@@ -54,48 +54,47 @@ class MenuTop {
*/ */
function showmenu() function showmenu()
{ {
require_once(DOL_DOCUMENT_ROOT."/core/menubase.class.php"); require_once(DOL_DOCUMENT_ROOT."/core/menubase.class.php");
global $user,$conf,$langs,$dolibarr_main_db_name;; global $user,$conf,$langs,$dolibarr_main_db_name;;
// On sauve en session le menu principal choisi // On sauve en session le menu principal choisi
if (isset($_GET["mainmenu"])) $_SESSION["mainmenu"]=$_GET["mainmenu"]; if (isset($_GET["mainmenu"])) $_SESSION["mainmenu"]=$_GET["mainmenu"];
if (isset($_GET["idmenu"])) $_SESSION["idmenu"]=$_GET["idmenu"]; if (isset($_GET["idmenu"])) $_SESSION["idmenu"]=$_GET["idmenu"];
$_SESSION["leftmenuopened"]=""; $_SESSION["leftmenuopened"]="";
$menuArbo = new Menubase($this->db,'auguria','top');
$menuArbo = new Menubase($this->db,'auguria','top'); $tabMenu = $menuArbo->menuTopCharger(0,$_SESSION['mainmenu'], 'auguria');
$tabMenu = $menuArbo->menuTopCharger(0,$_SESSION['mainmenu'], 'auguria');
print '<ul>';
print '<ul>';
for($i=0; $i<count($tabMenu); $i++)
for($i=0; $i<count($tabMenu); $i++) {
{ if ($tabMenu[$i]['enabled'] == true)
if ($tabMenu[$i]['enabled'] == true) {
{ if ($tabMenu[$i]['right'] == true)
if ($tabMenu[$i]['right'] == true) {
{ // Define url
// Define url $url=DOL_URL_ROOT.$tabMenu[$i]['url'];
$url=DOL_URL_ROOT.$tabMenu[$i]['url']; if (! eregi('\?',DOL_URL_ROOT.$tabMenu[$i]['url'])) $url.='?';
if (! eregi('\?',DOL_URL_ROOT.$tabMenu[$i]['url'])) $url.='?'; else $url.='&';
else $url.='&'; $url.='mainmenu='.$tabMenu[$i]['mainmenu'].'&leftmenu=';
$url.='mainmenu='.$tabMenu[$i]['mainmenu'].'&leftmenu='; $url.="&idmenu=".$tabMenu[$i]['rowid'];
$url.="&idmenu=".$tabMenu[$i]['rowid']; if (! empty($_GET["idmenu"]) && $tabMenu[$i]['rowid'] == $_GET["idmenu"]) $class='class="tmenusel"';
if (! empty($_GET["idmenu"]) && $tabMenu[$i]['rowid'] == $_GET["idmenu"]) $class='class="tmenusel"'; else $class='class="tmenu"';
else $class='class="tmenu"'; // Define idsel
// Define idsel $idsel='';
$idsel=''; print '<li><a '.$class.' '.$idsel.'href="'.$url.'"'.($this->atarget?" target=$this->atarget":"").'>'.$tabMenu[$i]['titre'].'</a></li>';
print '<li><a '.$class.' '.$idsel.'href="'.$url.'"'.($this->atarget?" target=$this->atarget":"").'>'.$tabMenu[$i]['titre'].'</a></li>'; }
} else
else {
{ print '<li><div class="tmenudisabled">'.$tabMenu[$i]['titre'].'</div></li>';
print '<li><div class="tmenudisabled">'.$tabMenu[$i]['titre'].'</div></li>'; }
} }
} }
}
print '</ul>';
print '</ul>';
} }
} }

31
htdocs/includes/menus/barre_top/eldy_backoffice.php
View File

@@ -350,31 +350,30 @@ class MenuTop {
if (! $this->hideifnotallowed) print '<td class="tmenu"><a class="tmenudisabled" '.$idsel.'href="#">'.$langs->trans("MenuMembers").'</a></td>'; if (! $this->hideifnotallowed) print '<td class="tmenu"><a class="tmenudisabled" '.$idsel.'href="#">'.$langs->trans("MenuMembers").'</a></td>';
} }
} }
// Affichage des menus personnalises
// Affichage des menus personnalises
require_once(DOL_DOCUMENT_ROOT."/core/menubase.class.php"); require_once(DOL_DOCUMENT_ROOT."/core/menubase.class.php");
$menuArbo = new Menubase($this->db,'eldy','top'); $menuArbo = new Menubase($this->db,'eldy','top');
$tabMenu = $menuArbo->menuTopCharger(0,$_SESSION['mainmenu'],'eldy'); $tabMenu = $menuArbo->menuTopCharger(0,$_SESSION['mainmenu'],'eldy');
for($i=0; $i<count($tabMenu); $i++) for($i=0; $i<count($tabMenu); $i++)
{ {
if ($tabMenu[$i]['enabled'] == true) if ($tabMenu[$i]['enabled'] == true)
{ {
$idsel=(empty($tabMenu[$i]['mainmenu'])?'id="none" ':'id="'.$tabMenu[$i]['mainmenu'].'" '); $idsel=(empty($tabMenu[$i]['mainmenu'])?'id="none" ':'id="'.$tabMenu[$i]['mainmenu'].'" ');
if ($tabMenu[$i]['right'] == true) if ($tabMenu[$i]['right'] == true)
{ {
$url=DOL_URL_ROOT.$tabMenu[$i]['url']; $url=DOL_URL_ROOT.$tabMenu[$i]['url'];
if (! eregi('\?',DOL_URL_ROOT.$tabMenu[$i]['url'])) $url.='?'; if (! eregi('\?',DOL_URL_ROOT.$tabMenu[$i]['url'])) $url.='?';
else $url.='&'; else $url.='&';
$url.='mainmenu='.$tabMenu[$i]['mainmenu'].'&leftmenu='; $url.='mainmenu='.$tabMenu[$i]['mainmenu'].'&leftmenu=';
$url.="&idmenu=".$tabMenu[$i]['rowid']; $url.="&idmenu=".$tabMenu[$i]['rowid'];
if (! empty($_SESSION['idmenu']) && $tabMenu[$i]['rowid'] == $_SESSION['idmenu']) $class='class="tmenusel"'; if (! empty($_SESSION['idmenu']) && $tabMenu[$i]['rowid'] == $_SESSION['idmenu']) $class='class="tmenusel"';
else $class='class="tmenu"'; else $class='class="tmenu"';
print '<td class="tmenu"><a '.$class.' '.$idsel.'href="'.$url.'"'.($this->atarget?" target=$this->atarget":"").'>'; print '<td class="tmenu"><a '.$class.' '.$idsel.'href="'.$url.'"'.($this->atarget?" target=$this->atarget":"").'>';
print $tabMenu[$i]['titre']; print $tabMenu[$i]['titre'];
print '</a></td>'; print '</a></td>';
} }
else else
{ {

1
htdocs/langs/en_US/errors.lang
View File

@@ -18,6 +18,7 @@ ErrorBadCustomerCodeSyntax=Bad syntax for customer code
ErrorCustomerCodeRequired=Customer code required ErrorCustomerCodeRequired=Customer code required
ErrorCustomerCodeAlreadyUsed=Customer code already used ErrorCustomerCodeAlreadyUsed=Customer code already used
ErrorPrefixRequired=Prefix required ErrorPrefixRequired=Prefix required
ErrorUrlNotValid=The website address is incorrect
ErrorBadSupplierCodeSyntax=Bad syntax for supplier code ErrorBadSupplierCodeSyntax=Bad syntax for supplier code
ErrorSupplierCodeRequired=Supplier code required ErrorSupplierCodeRequired=Supplier code required
ErrorSupplierCodeAlreadyUsed=Supplier code already used ErrorSupplierCodeAlreadyUsed=Supplier code already used

1
htdocs/langs/fr_FR/errors.lang
View File

@@ -18,6 +18,7 @@ ErrorBadCustomerCodeSyntax=La syntaxe du code client est incorrect
ErrorCustomerCodeRequired=Code client obligatoire ErrorCustomerCodeRequired=Code client obligatoire
ErrorCustomerCodeAlreadyUsed=Code client deja utilise ErrorCustomerCodeAlreadyUsed=Code client deja utilise
ErrorPrefixRequired=Prefix obligatoire ErrorPrefixRequired=Prefix obligatoire
ErrorUrlNotValid=L'adresse du site web est incorrect
ErrorBadSupplierCodeSyntax=La syntaxe du code fournisseur est incorrect ErrorBadSupplierCodeSyntax=La syntaxe du code fournisseur est incorrect
ErrorSupplierCodeRequired=Code fournisseur obligatoire ErrorSupplierCodeRequired=Code fournisseur obligatoire
ErrorSupplierCodeAlreadyUsed=Code fournisseur deja utilise ErrorSupplierCodeAlreadyUsed=Code fournisseur deja utilise

51
htdocs/lib/functions.lib.php
View File

@@ -2379,13 +2379,60 @@ function clean_url($url,$http=1)
} }
// On passe le nom de domaine en minuscule // On passe le nom de domaine en minuscule
$url = eregi_replace('^'.$proto.$domain, $newproto.strtolower($domain), $url); $CleanUrl = eregi_replace('^'.$proto.$domain, $newproto.strtolower($domain), $url);
return $url; return $CleanUrl;
} }
} }
/**
* \brief Url string validation
* \remarks <http[s]> :// [user[:pass]@] hostname [port] [/path] [?getquery] [anchor]
* \param url Url
* \param http 1: verify http, 0: not verify http
* \param pass 1: verify user and pass, 0: not verify user and pass
* \param port 1: verify port, 0: not verify port
* \param path 1: verify path, 0: not verify path
* \param query 1: verify query, 0: not verify query
* \param anchor 1: verify anchor, 0: not verify anchor
* \return string ValidUrl
*/
function valid_url($url,$http=0,$pass=0,$port=0,$path=0,$query=0,$anchor=0)
{
$ValidUrl = 0;
$urlregex = '';
// SCHEME
if ($http) $urlregex .= "^(http:\/\/|https:\/\/)";
// USER AND PASS
if ($pass) $urlregex .= "([a-z0-9+!*(),;?&=\$_.-]+(\:[a-z0-9+!*(),;?&=\$_.-]+)?@)";
// HOSTNAME OR IP
//$urlregex .= "[a-z0-9+\$_-]+(\.[a-z0-9+\$_-]+)*"; // http://x = allowed (ex. http://localhost, http://routerlogin)
//$urlregex .= "[a-z0-9+\$_-]+(\.[a-z0-9+\$_-]+)+"; // http://x.x = minimum
$urlregex .= "([a-z0-9+\$_-]+\.)*[a-z0-9+\$_-]{2,3}"; // http://x.xx(x) = minimum
//use only one of the above
// PORT
if ($port) $urlregex .= "(\:[0-9]{2,5})";
// PATH
if ($path) $urlregex .= "(\/([a-z0-9+\$_-]\.?)+)*\/";
// GET Query
if ($query) $urlregex .= "(\?[a-z+&\$_.-][a-z0-9;:@/&%=+\$_.-]*)";
// ANCHOR
if($anchor) $urlregex .= "(#[a-z_.-][a-z0-9+\$_.-]*)\$";
// check
if (eregi($urlregex, $url))
{
$ValidUrl = 1;
}
return $ValidUrl;
}
/** /**
* \brief Clean a string from all HTML tags and entities * \brief Clean a string from all HTML tags and entities

5
htdocs/societe.class.php
View File

@@ -294,6 +294,11 @@ class Societe extends CommonObject
$result = -3; $result = -3;
} }
} }
if (valid_url($this->url) == 0)
{
$this->errors[] = 'ErrorUrlNotValid';
$result = -4;
}
return $result; return $result;
} }