diff options
Diffstat (limited to 'code/admin/utils.php')
-rw-r--r-- | code/admin/utils.php | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/code/admin/utils.php b/code/admin/utils.php index f02146a..9612535 100644 --- a/code/admin/utils.php +++ b/code/admin/utils.php @@ -1,4 +1,9 @@ <?php + define('RE_TEXT_LINE_CLEANER', '/["\p{C}\p{Zl}\p{Zp}]+/u'); + define('RE_IDENTIFIER_CLEANER', '/[^a-zA-Z0-9_]+/'); + define('RE_LANG_IDENT_CLEANER', '/[^a-zA-Z\/\_-]+/'); + define('RE_RELPATH_CLEANER', '/[^a-zA-Z0-9_\/-]+/'); // Never put \. in this regex + function sanitize($arg_array, $arg_key, $replace_chars_re, $default_value) { //FIXME : should check string type and strlen ! if ( ! array_key_exists($arg_key, $arg_array) ) return $default_value; @@ -33,20 +38,21 @@ function load_ini_site_conf($ini_path) { $sanitize_site_conf = array( - 'site_admin_lang' => array( 'replace_chars_re' => '/[^a-zA-Z\/\_-]+/', 'default_value' => 'C' ), - 'site_default_page' => array( 'replace_chars_re' => '/[^a-z0-9\/]+/', 'default_value' => 'en/index' ), + 'site_admin_lang' => array( 'replace_chars_re' => RE_LANG_IDENT_CLEANER, 'default_value' => 'C' ), + 'site_default_page' => array( 'replace_chars_re' => RE_RELPATH_CLEANER, 'default_value' => 'en/index' ), ); return sanitize_ini($ini_path, $sanitize_site_conf); } function load_ini_page_props($page) { + $sanitize_page_props = array( //FIXME : title regex : all but html special chars ? - 'page_title' => array( 'replace_chars_re' => '/[^\w !_,.-]+/', 'default_value' => '(missing title in props.ini)' ), - 'page_template' => array( 'replace_chars_re' => '/[^a-z0-9]+/', 'default_value' => 'default' ), - 'page_layout' => array( 'replace_chars_re' => '/[^a-z0-9]+/', 'default_value' => 'article' ), - 'page_description' => array( 'replace_chars_re' => '/[^\w !_,.-]+/', 'default_value' => '(missing description in props.ini)' ), - 'page_keywords' => array( 'replace_chars_re' => '/[^\w !_,.-]+/', 'default_value' => '(missing keywords in props.ini)' ), + 'page_template' => array( 'replace_chars_re' => RE_IDENTIFIER_CLEANER, 'default_value' => 'default' ), + 'page_layout' => array( 'replace_chars_re' => RE_IDENTIFIER_CLEANER, 'default_value' => 'article' ), + 'page_title' => array( 'replace_chars_re' => RE_TEXT_LINE_CLEANER, 'default_value' => '(missing)' ), + 'page_description' => array( 'replace_chars_re' => RE_TEXT_LINE_CLEANER, 'default_value' => '(missing)' ), + 'page_keywords' => array( 'replace_chars_re' => RE_TEXT_LINE_CLEANER, 'default_value' => '(missing)' ), ); $ini_path="content/$page/props.ini"; return sanitize_ini($ini_path, $sanitize_page_props); @@ -136,10 +142,12 @@ function safe_put_file($path, $content) { //FIXME : if exists, then mktemp, put in it then rm and mv. Right preservation problems ? + $res=FALSE; if ($handle = fopen($path, 'w')) { $res = fwrite($handle, $content); fclose($handle); } + return $res; } function _write_ini_file_r(&$content, $assoc_arr, $has_sections) @@ -158,10 +166,13 @@ } } } else { - if ( preg_match('/^\w+$/',$val)===1 ) + if ( preg_match(RE_IDENTIFIER_CLEANER,$val)===1 ) { + // Need to quote the value + $content .= "$key = \"" . str_replace('"', '', $val) . "\"\n"; + } else { + // No need to quote $content .= "$key = $val\n"; - else - $content .= "$key = \"" . str_replace('"', '\"', $val) . "\"\n"; + } } } } @@ -170,8 +181,10 @@ $res=FALSE; $content = ''; _write_ini_file_r($content, $assoc_arr, $has_sections); + if (is_string($content) && strlen($content) > 0) { - safe_put_file($path, $content); + //TODO : check if produced ini is readable again ! + $res = safe_put_file($path, $content); } return $res; |