From a4b643ebaee436191cc9df6117a502b9fce968b9 Mon Sep 17 00:00:00 2001 From: oricgn Date: Thu, 14 Apr 2016 10:36:15 +0200 Subject: [PATCH] Data validation enhanced Don't stop at first occurrence of an error; check all input fields. --- include/admin/cache.php | 10 ++++------ include/admin/customprofile.php | 2 +- include/admin/newfolder.php | 2 +- include/admin/newforum.php | 12 ++++-------- include/admin/settings.php | 14 ++++++-------- 5 files changed, 16 insertions(+), 24 deletions(-) diff --git a/include/admin/cache.php b/include/admin/cache.php index 6014bb7a6..e624dc5e3 100644 --- a/include/admin/cache.php +++ b/include/admin/cache.php @@ -20,8 +20,8 @@ if ( !defined( "PHORUM_ADMIN" ) ) return; -$error = ""; -$okmsg = ""; +$error = ''; +$okmsg = ''; if ( count( $_POST ) ) { $new_settings = array(); @@ -34,7 +34,7 @@ if ( empty( $value ) ) { $new_settings[$field] = "/tmp"; } elseif ( !file_exists( $value ) ) { - $error = "This cache directory does not exist. Please create it with the proper permissions."; + $error .= 'This cache directory does not exist. Please create it with the proper permissions. '; } else { $new_settings[$field] = $value; } @@ -46,7 +46,7 @@ if ( empty( $value ) ) { $new_settings[$field] = "file"; } elseif ( !file_exists( './include/cache/'.$value.'.php' ) ) { - $error = "This cache layer ($value) does not exist."; + $error .= 'This cache layer ($value) does not exist. '; } else { $new_settings[$field] = $value; } @@ -68,8 +68,6 @@ } } - - if ( $error ) break; } if ( empty( $error ) ) { diff --git a/include/admin/customprofile.php b/include/admin/customprofile.php index 9ce2fb3d5..8596be6a6 100644 --- a/include/admin/customprofile.php +++ b/include/admin/customprofile.php @@ -67,7 +67,7 @@ "" was found.

If you accidentally deleted that old field, then - you can choose to restore the old field's configuration and + you can choose to restore the old field’s configuration and data. You can also create a totally new field and ignore the deleted field. What do you want to do?

diff --git a/include/admin/newfolder.php b/include/admin/newfolder.php index e21dd41f6..79ee5a89c 100644 --- a/include/admin/newfolder.php +++ b/include/admin/newfolder.php @@ -33,7 +33,7 @@ $value = trim($value); $_POST["name"] = $value; if($value == ""){ - $error="Please fill in Title"; + $error='Please fill in Title.'; } break; case "vroot": diff --git a/include/admin/newforum.php b/include/admin/newforum.php index 6157ce0d6..8ce19835a 100644 --- a/include/admin/newforum.php +++ b/include/admin/newforum.php @@ -21,7 +21,7 @@ include_once "./include/format_functions.php"; -$error=""; +$error=''; if(count($_POST)){ @@ -33,7 +33,7 @@ case "name": if(empty($value) && $_POST["module"]!="forum_defaults"){ - $error="Please fill in Title"; + $error.='Please fill in Title. '; } break; @@ -98,18 +98,14 @@ if( $_POST['inherit_id'] !== NULL && $_POST["inherit_id"] != "NULL" && $_POST['inherit_id'] != 0) { $forum_check_inherit =phorum_db_get_forums(intval($_POST["inherit_id"])); if( $forum_check_inherit[$_POST["inherit_id"]]["inherit_id"] || ($_POST["inherit_id"]==$_POST["forum_id"]) ) { - $error="Settings can't be inherited by this forum, because this forum already inherits settings from another forum."; + $error.='Settings can’t be inherited by this forum, because this forum already inherits settings from another forum. '; } if( $forum_check_inherit[$_POST["inherit_id"]]["inherit_id"] === 0) { - $error="Settings can't be inherited by this forum, because this forum already inherits the default settings"; + $error.='Settings can’t be inherited by this forum, because this forum already inherits the default settings. '; } } break; } - - if($error) break; - - } if (empty($error)) { diff --git a/include/admin/settings.php b/include/admin/settings.php index 5e8489705..9bc78774a 100644 --- a/include/admin/settings.php +++ b/include/admin/settings.php @@ -19,7 +19,7 @@ if ( !defined( "PHORUM_ADMIN" ) ) return; -$error = ""; +$error = ''; if ( count( $_POST ) ) { @@ -42,7 +42,7 @@ if ( empty( $value ) ) { $_POST[$field] = dirname( $_SERVER["HTTP_REFERER"] ); } elseif ( !preg_match( "/^(http|https):\/\/(([a-z0-9][a-z0-9_-]*)(\.[a-z0-9][a-z0-9_-]*)+)(:(\d+))?/i", $value ) && !preg_match( "/^(http|https):\/\/[a-z0-9][a-z0-9_-]*(:\d+)?/i", $value ) ) { - $error = "The provided HTTP Path is not a valid URL."; + $error .= 'The provided HTTP Path is not a valid URL. '; } break; @@ -67,7 +67,7 @@ if ( empty( $value ) ) { $_POST[$field] = "/"; } elseif ( $value[0] != "/" ) { - $error = "Session Path must start with a /"; + $error .= 'Session Path must start with a /. '; } break; @@ -75,7 +75,7 @@ case "session_domain": if ( !empty( $value ) && !stristr( $_POST["http_path"], $value ) ) { - $error = "Session Domain must be part of the domain in HTTP Path or empty."; + $error .= 'Session Domain must be part of the domain in HTTP Path or empty. '; } break; @@ -83,7 +83,7 @@ case "system_email_from_address": if ( empty( $value ) ) { - $error = "You must supply an email address for system emails to use as a from address."; + $error .= 'You must supply an email address for system emails to use as a from address. '; } break; @@ -110,7 +110,7 @@ $private_key = trim($value); if (strlen($private_key) < 30) { - $error = "Use at least 30 characters for the secret private key."; + $error .= 'Use at least 30 characters for the secret private key. '; } $_POST[$field] = $private_key; break; @@ -122,8 +122,6 @@ } break; } - - if ( $error ) break; } if ( empty( $error ) ) {