summaryrefslogtreecommitdiffstats
path: root/frontends/php/include/validate.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'frontends/php/include/validate.inc.php')
-rw-r--r--frontends/php/include/validate.inc.php95
1 files changed, 83 insertions, 12 deletions
diff --git a/frontends/php/include/validate.inc.php b/frontends/php/include/validate.inc.php
index 659935bc..04ebac59 100644
--- a/frontends/php/include/validate.inc.php
+++ b/frontends/php/include/validate.inc.php
@@ -47,7 +47,7 @@
return eval($exec);
}
- function unset_all(&$fields)
+ function unset_not_in_list(&$fields)
{
foreach($_REQUEST as $key => $val)
{
@@ -59,12 +59,36 @@
}
}
+ function unset_action_vars($fields)
+ {
+ foreach($fields as $field => $checks)
+ {
+ list($type,$opt,$flags,$validation,$exception)=$checks;
+
+ if(($flags&P_ACT)&&(isset($_REQUEST[$field])))
+ {
+ info("Unset:".$field);
+ unset($_REQUEST[$field]);
+ }
+ }
+ }
+
+ function unset_all()
+ {
+ foreach($_REQUEST as $key => $val)
+ {
+ unset($_REQUEST[$key]);
+ }
+ }
+
function check_fields(&$fields)
{
global $_REQUEST;
$ret = TRUE;
+ $critical = FALSE;
+
foreach($fields as $field => $checks)
{
list($type,$opt,$flags,$validation,$exception)=$checks;
@@ -83,9 +107,16 @@
{
if(!isset($_REQUEST[$field]))
{
- info("Field [".$field."] is mandatory");
$ret = FALSE;
- continue;
+ info("Warning. Field [".$field."] is mandatory");
+ if($flags&P_SYS)
+ {
+ info("Critical error. Field [".$field."] is mandatory");
+ unset_all();
+ $critical = TRUE;
+ break;
+ }
+ else continue;
}
}
@@ -93,9 +124,16 @@
{
if(isset($_REQUEST[$field]))
{
- info("Field [".$field."] must be missing");
$ret = FALSE;
- continue;
+ info("Warning. Field [".$field."] must be missing");
+ if($flags&P_SYS)
+ {
+ info("Critical error. Field [".$field."] must be missing");
+ unset_all();
+ $critical = TRUE;
+ break;
+ }
+ else continue;
}
else continue;
}
@@ -107,15 +145,29 @@
if( ($type == T_ZBX_INT) && !is_numeric($_REQUEST[$field])) {
- info("Field [".$field."] is not integer");
$ret = FALSE;
- continue;
+ info("Warning. Field [".$field."] is not integer");
+ if($flags&P_SYS)
+ {
+ info("Critical error. Field [".$field."] is not integer");
+ unset_all();
+ $critical = TRUE;
+ break;
+ }
+ else continue;
}
if( ($type == T_ZBX_DBL) && !is_numeric($_REQUEST[$field])) {
- info("Field [".$field."] is not double");
$ret = FALSE;
- continue;
+ info("Warning. Field [".$field."] is not double");
+ if($flags&P_SYS)
+ {
+ info("Critical error. Field [".$field."] is not double");
+ unset_all();
+ $critical = TRUE;
+ break;
+ }
+ else continue;
}
if(($exception==NULL)||($except==TRUE))
@@ -125,13 +177,32 @@
if(!$valid)
{
- info("Incorrect value for [".$field."]");
$ret = FALSE;
- continue;
+ info("Warning. Incorrect value for [".$field."]");
+ if($flags&P_SYS)
+ {
+ info("Critical error. Incorrect value for [".$field."]");
+ unset_all();
+ $critical = TRUE;
+ break;
+ }
+ else continue;
}
}
}
- unset_all($fields);
+ unset_not_in_list($fields);
+ if($critical)
+ {
+ show_messages(FALSE, "", "Invalid URL");
+ show_page_footer();
+ exit;
+ }
+ if(!$ret)
+ {
+ info("zzz");
+ unset_action_vars($fields);
+ }
+ show_messages();
return $ret;
}
?>
generated by cgit (git 2.34.1) at 2026-04-12 18:26:14 +0000