From 6b15d5f4e18578acb46be3babc46b7a9d3a9299c Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Mon, 14 Dec 2015 10:14:45 -0500
Subject: [PATCH] - added {DOCROOT_CLIENT} to directive placeholders (non-symlink docroot) - made placeholders visible for apache, too - added event raise at formdef loading (on_before_formdef and on_after_formdef) - added possibility to put plugin files into module/lib/plugin.d/ directory
---
interface/lib/classes/tform_base.inc.php | 26 ++++++++++++--------------
1 files changed, 12 insertions(+), 14 deletions(-)
diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index 104217d..95162a7 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -126,6 +126,7 @@
function loadFormDef($file, $module = '') {
global $app, $conf;
+ $app->plugin->raiseEvent('on_before_formdef', $module);
include $file;
$this->formDef = $form;
@@ -150,6 +151,8 @@
$wb = $app->functions->array_merge($wb_global, $wb);
}
if(isset($wb_global)) unset($wb_global);
+
+ $app->plugin->raiseEvent('on_after_formdef', $module);
$this->wordbook = $wb;
@@ -416,12 +419,10 @@
/* CSRF PROTECTION */
// generate csrf protection id and key
- $_csrf_id = uniqid($this->formDef['name'] . '_');
- $_csrf_value = sha1(uniqid(microtime(true), true));
- if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array();
- if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
- $_SESSION['_csrf'][$_csrf_id] = $_csrf_value;
- $_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
+ $csrf_token = $app->auth->csrf_token_get($this->formDef['name']);
+ $_csrf_id = $csrf_token['csrf_id'];
+ $_csrf_value = $csrf_token['csrf_key'];
+
$this->formDef['tabs'][$tab]['fields']['_csrf_id'] = array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
@@ -714,10 +715,6 @@
unset($_POST);
unset($record);
}
- $_SESSION['_csrf'][$_csrf_id] = null;
- $_SESSION['_csrf_timeout'][$_csrf_id] = null;
- unset($_SESSION['_csrf'][$_csrf_id]);
- unset($_SESSION['_csrf_timeout'][$_csrf_id]);
if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
$to_unset = array();
@@ -1064,11 +1061,10 @@
}
break;
-
-
case 'ISIPV4':
$vip=1;
- if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+// if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+ if(preg_match("/^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/", $field_value)){
$groups=explode(".", $field_value);
foreach($groups as $group){
if($group<0 or $group>255)
@@ -1084,6 +1080,7 @@
}
}
break;
+
case 'ISIP':
if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
if($validator['allowempty'] == 'y' && $field_value == '') {
@@ -1113,7 +1110,8 @@
if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){
$ip_ok = 1;
}
- if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+// if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){
+ if(preg_match("/^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/", $field_value)){
$ip_ok = 1;
}
if($ip_ok == 0) {
--
Gitblit v1.9.1