diff options
Diffstat (limited to 'frontends/php/include/validate.inc.php')
-rw-r--r-- | frontends/php/include/validate.inc.php | 284 |
1 files changed, 95 insertions, 189 deletions
diff --git a/frontends/php/include/validate.inc.php b/frontends/php/include/validate.inc.php index 2b4875b2..ea2d51c8 100644 --- a/frontends/php/include/validate.inc.php +++ b/frontends/php/include/validate.inc.php @@ -19,8 +19,7 @@ **/ ?> <?php - function unset_request($key,$requester='unknown') - { + function unset_request($key,$requester='unknown'){ unset($_REQUEST[$key]); } @@ -28,10 +27,8 @@ define('ZBX_VALID_ERROR', 1); define('ZBX_VALID_WARNING', 2); - function is_int_range($value) - { - if( !empty($value) ) foreach(explode(',',$value) as $int_range) - { + function is_int_range($value){ + if( !empty($value) ) foreach(explode(',',$value) as $int_range){ $int_range = explode('-', $int_range); if(count($int_range) > 2) return false; foreach($int_range as $int_val) @@ -41,43 +38,35 @@ return true; } - function is_hex_color($value) - { + function is_hex_color($value){ return eregi('^[0-9,A-F]{6}$', $value); } - function BETWEEN($min,$max,$var=NULL) - { + function BETWEEN($min,$max,$var=NULL){ return "({".$var."}>=".$min."&&{".$var."}<=".$max.")&&"; } - function GT($value,$var='') - { + function GT($value,$var=''){ return "({".$var."}>=".$value.")&&"; } - function IN($array,$var='') - { + function IN($array,$var=''){ if(is_array($array)) $array = implode(',', $array); return "str_in_array({".$var."},array(".$array."))&&"; } - function HEX($var=NULL) - { + function HEX($var=NULL){ return "ereg(\"^[a-zA-Z0-9]{1,}$\",{".$var."})&&"; } - function KEY_PARAM($var=NULL) - { + function KEY_PARAM($var=NULL){ return 'ereg(\'^([0-9a-zA-Z\_\.[.'.ZBX_EREG_SPACE_SYMB.'.]\$ ]+)$\',{'.$var.'})&&'; } - function validate_ipv4($str,&$arr) - { + function validate_ipv4($str,&$arr){ if( !ereg('^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$', $str, $arr) ) return false; for($i=1; $i<=4; $i++) if( !is_numeric($arr[$i]) || $arr[$i] > 255 || $arr[$i] < 0 ) return false; return true; } - function validate_ipv6($str,&$arr) - { + function validate_ipv6($str,&$arr){ $pattern1 = '([A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}'; $pattern2 = ':(:[A-Fa-f0-9]{1,4}){1,7}'; $pattern3 = '[A-Fa-f0-9]{1,4}::([A-Fa-f0-9]{1,4}:){0,5}[A-Fa-f0-9]{1,4}'; @@ -93,21 +82,17 @@ return true; } - function validate_ip($str,&$arr) - { + function validate_ip($str,&$arr){ if(validate_ipv4($str,$arr)) return true; - if(defined('ZBX_HAVE_IPV6')) - { + if(defined('ZBX_HAVE_IPV6')){ return validate_ipv6($str,$arr); } return false; } -/* function validate_ip_range($str) - { - foreach(explode(',',$str) as $ip_range) - { +/* function validate_ip_range($str){ + foreach(explode(',',$str) as $ip_range){ $ip_parts = explode('.', $ip_range); if(count($ip_parts) != 4) return false; @@ -117,8 +102,7 @@ $last_part = explode('-', $ip_parts[3]); if(count($last_part) > 2) return false; - foreach($last_part as $ip_p) - { + foreach($last_part as $ip_p){ if( !is_numeric($ip_p) || $ip_p < 0 || $ip_p > 255 ) return false; } if(count($last_part) == 2 && $last_part[0] > $last_part[1]) return false; @@ -127,20 +111,16 @@ return true; } */ - function validate_ip_range($str) - { - foreach(explode(',',$str) as $ip_range) - { + function validate_ip_range($str){ + foreach(explode(',',$str) as $ip_range){ $parts = explode('-', $ip_range); $parts_count = count($parts); if($parts_count > 2) return false; - if(validate_ipv4($parts[0], $arr)) - { + if(validate_ipv4($parts[0], $arr)){ $ip_parts = explode('.', $parts[0]); - if( $parts_count == 2 ) - { + if( $parts_count == 2 ){ if( !ereg('^[0-9]{1,3}$', $parts[1]) ) return false; sscanf($ip_parts[3], "%d", $from_value); @@ -148,13 +128,11 @@ if($to_value > 255 || $from_value > $to_value) return false; } } - else if( defined('ZBX_HAVE_IPV6') && validate_ipv6($parts[0], $arr) ) - { + else if( defined('ZBX_HAVE_IPV6') && validate_ipv6($parts[0], $arr) ){ $ip_parts = explode(':', $parts[0]); $ip_parts_count = count($ip_parts); - if( $parts_count == 2 ) - { + if( $parts_count == 2 ){ if( !ereg('^[A-Fa-f0-9]{1,4}$', $parts[1]) ) return false; sscanf($ip_parts[$ip_parts_count - 1], "%x", $from_value); @@ -162,8 +140,7 @@ if($from_value > $to_value) return false; } } - else - { + else{ return false; } @@ -171,30 +148,25 @@ return true; } -/* function validate_ip_range($str) - { - if(defined('ZBX_HAVE_IPV6')) - { +/* function validate_ip_range($str){ + if(defined('ZBX_HAVE_IPV6')){ return validate_ipv4_ipv6_range($str); } - else - { + else{ return validate_ipv4_range($str); } return false; } */ - function validate_port_list($str) - { - foreach(explode(',',$str) as $port_range) - { + function validate_port_list($str){ + foreach(explode(',',$str) as $port_range){ $port_range = explode('-', $port_range); if(count($port_range) > 2) return false; foreach($port_range as $port) if( !is_numeric($port) || $port > 65535 || $port < 0 ) return false; } - return true; + return true; } @@ -203,14 +175,11 @@ // VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION - function calc_exp2($fields,$field,$expression) - { - foreach($fields as $f => $checks) - { + function calc_exp2($fields,$field,$expression){ + foreach($fields as $f => $checks){ /* // If an unset variable used in expression, return FALSE - if(zbx_strstr($expression,'{'.$f.'}')&&!isset($_REQUEST[$f])) - { + if(zbx_strstr($expression,'{'.$f.'}')&&!isset($_REQUEST[$f])){ //SDI("Variable [$f] is not set. $expression is FALSE"); //info("Variable [$f] is not set. $expression is FALSE"); // return FALSE; @@ -229,8 +198,7 @@ return $ret; } - function calc_exp($fields,$field,$expression) - { + function calc_exp($fields,$field,$expression){ //SDI("$field - expression: ".$expression); if(zbx_strstr($expression,"{}") && !isset($_REQUEST[$field])) @@ -239,10 +207,8 @@ if(zbx_strstr($expression,"{}") && !is_array($_REQUEST[$field])) $expression = str_replace("{}",'$_REQUEST["'.$field.'"]',$expression); - if(zbx_strstr($expression,"{}") && is_array($_REQUEST[$field])) - { - foreach($_REQUEST[$field] as $key => $val) - { + if(zbx_strstr($expression,"{}") && is_array($_REQUEST[$field])){ + foreach($_REQUEST[$field] as $key => $val){ $expression2 = str_replace("{}",'$_REQUEST["'.$field.'"]["'.$key.'"]',$expression); if(calc_exp2($fields,$field,$expression2)==FALSE) return FALSE; @@ -253,75 +219,57 @@ return calc_exp2($fields,$field,$expression); } - function unset_not_in_list(&$fields) - { - foreach($_REQUEST as $key => $val) - { - if(!isset($fields[$key])) - { + function unset_not_in_list(&$fields){ + foreach($_REQUEST as $key => $val){ + if(!isset($fields[$key])){ unset_request($key,'unset_not_in_list'); } } } - function unset_if_zero($fields) - { - foreach($fields as $field => $checks) - { + function unset_if_zero($fields){ + foreach($fields as $field => $checks){ list($type,$opt,$flags,$validation,$exception)=$checks; - if(($flags&P_NZERO)&&(isset($_REQUEST[$field]))&&(is_numeric($_REQUEST[$field]))&&($_REQUEST[$field]==0)) - { + if(($flags&P_NZERO)&&(isset($_REQUEST[$field]))&&(is_numeric($_REQUEST[$field]))&&($_REQUEST[$field]==0)){ unset_request($field,'unset_if_zero'); } } } - function unset_action_vars($fields) - { - foreach($fields as $field => $checks) - { + function unset_action_vars($fields){ + foreach($fields as $field => $checks){ list($type,$opt,$flags,$validation,$exception)=$checks; - if(($flags&P_ACT)&&(isset($_REQUEST[$field]))) - { + if(($flags&P_ACT)&&(isset($_REQUEST[$field]))){ unset_request($field,'unset_action_vars'); } } } - function unset_all() - { - foreach($_REQUEST as $key => $val) - { + function unset_all(){ + foreach($_REQUEST as $key => $val){ unset_request($key,'unset_all'); } } - function check_type(&$field, $flags, &$var, $type) - { - if(is_array($var) && $type != T_ZBX_IP) - { + function check_type(&$field, $flags, &$var, $type){ + if(is_array($var) && $type != T_ZBX_IP){ $err = ZBX_VALID_OK; - foreach($var as $el) - { + foreach($var as $el){ $err |= check_type($field, $flags, $el, $type); } return $err; } - if($type == T_ZBX_IP) - { - if( !validate_ip($var,$arr) ) - { - if($flags&P_SYS) - { + if($type == T_ZBX_IP){ + if( !validate_ip($var,$arr) ){ + if($flags&P_SYS){ info("Critical error. Field [".$field."] is not IP"); return ZBX_VALID_ERROR; } - else - { + else{ info("Warning. Field [".$field."] is not IP"); return ZBX_VALID_WARNING; } @@ -329,17 +277,13 @@ return ZBX_VALID_OK; } - if($type == T_ZBX_IP_RANGE) - { - if( !validate_ip_range($var) ) - { - if($flags&P_SYS) - { + if($type == T_ZBX_IP_RANGE){ + if( !validate_ip_range($var) ){ + if($flags&P_SYS){ info("Critical error. Field [".$field."] is not IP range"); return ZBX_VALID_ERROR; } - else - { + else{ info("Warning. Field [".$field."] is not IP range"); return ZBX_VALID_WARNING; } @@ -347,8 +291,7 @@ return ZBX_VALID_OK; } - if($type == T_ZBX_PORTS) - { + if($type == T_ZBX_PORTS){ $err = ZBX_VALID_OK; foreach(explode(',', $var) as $el) foreach(explode('-', $el) as $p) @@ -356,17 +299,13 @@ return $err; } - if($type == T_ZBX_INT_RANGE) - { - if( !is_int_range($var) ) - { - if($flags&P_SYS) - { + if($type == T_ZBX_INT_RANGE){ + if( !is_int_range($var) ){ + if($flags&P_SYS){ info("Critical error. Field [".$field."] is not integer range"); return ZBX_VALID_ERROR; } - else - { + else{ info("Warning. Field [".$field."] is not integer range"); return ZBX_VALID_WARNING; } @@ -375,52 +314,44 @@ } if(($type == T_ZBX_INT) && !is_numeric($var)) { - if($flags&P_SYS) - { + if($flags&P_SYS){ info("Critical error. Field [".$field."] is not integer"); return ZBX_VALID_ERROR; } - else - { + else{ info("Warning. Field [".$field."] is not integer"); return ZBX_VALID_WARNING; } } if(($type == T_ZBX_DBL) && !is_numeric($var)) { - if($flags&P_SYS) - { + if($flags&P_SYS){ info("Critical error. Field [".$field."] is not double"); return ZBX_VALID_ERROR; } - else - { + else{ info("Warning. Field [".$field."] is not double"); return ZBX_VALID_WARNING; } } if(($type == T_ZBX_STR) && !is_string($var)) { - if($flags&P_SYS) - { + if($flags&P_SYS){ info("Critical error. Field [".$field."] is not string"); return ZBX_VALID_ERROR; } - else - { + else{ info("Warning. Field [".$field."] is not string"); return ZBX_VALID_WARNING; } } //* if(($type == T_ZBX_STR) && !defined('ZBX_ALLOW_UNICODE') && (strlen($var) != zbx_strlen($var))){ - if($flags&P_SYS) - { + if($flags&P_SYS){ info("Critical error. Field [".$field."] contains Multibyte chars"); return ZBX_VALID_ERROR; } - else - { + else{ info("Warning. Field [".$field."] - multibyte chars are restricted"); return ZBX_VALID_ERROR; } @@ -428,13 +359,11 @@ //*/ if(($type == T_ZBX_CLR) && !is_hex_color($var)) { $var = 'FFFFFF'; - if($flags&P_SYS) - { + if($flags&P_SYS){ info("Critical error. Field [".$field."] is not color"); return ZBX_VALID_ERROR; } - else - { + else{ info("Warning. Field [".$field."] is not color"); return ZBX_VALID_WARNING; } @@ -442,27 +371,21 @@ return ZBX_VALID_OK; } - function check_trim(&$var) - { - if(is_string($var)) - { + function check_trim(&$var){ + if(is_string($var)) { $var = trim($var); } - elseif(is_array($var)) - { - foreach($var as $key => $val) - { + else if(is_array($var)){ + foreach($var as $key => $val){ check_trim($var[$key]); } } } - function check_field(&$fields, &$field, $checks) - { + function check_field(&$fields, &$field, $checks){ list($type,$opt,$flags,$validation,$exception)=$checks; - if($flags&P_UNSET_EMPTY && isset($_REQUEST[$field]) && $_REQUEST[$field]=='') - { + if($flags&P_UNSET_EMPTY && isset($_REQUEST[$field]) && $_REQUEST[$field]==''){ unset_request($field,'P_UNSET_EMPTY'); } @@ -475,42 +398,34 @@ else if($opt == O_OPT && $except) $opt = O_MAND; else if($opt == O_NO && $except) $opt = O_MAND; - if($opt == O_MAND) - { - if(!isset($_REQUEST[$field])) - { - if($flags&P_SYS) - { + if($opt == O_MAND){ + if(!isset($_REQUEST[$field])){ + if($flags&P_SYS){ info("Critical error. Field [".$field."] is mandatory"); return ZBX_VALID_ERROR; } - else - { + else{ info("Warning. Field [".$field."] is mandatory"); return ZBX_VALID_WARNING; } } } - elseif($opt == O_NO) - { + else if($opt == O_NO){ if(!isset($_REQUEST[$field])) return ZBX_VALID_OK; unset_request($field,'O_NO'); - if($flags&P_SYS) - { + if($flags&P_SYS){ info("Critical error. Field [".$field."] must be missing"); return ZBX_VALID_ERROR; } - else - { + else{ info("Warning. Field [".$field."] must be missing"); return ZBX_VALID_WARNING; } } - elseif($opt == O_OPT) - { + else if($opt == O_OPT){ if(!isset($_REQUEST[$field])) return ZBX_VALID_OK; } @@ -521,20 +436,16 @@ if($err != ZBX_VALID_OK) return $err; - if(($exception==NULL)||($except==TRUE)) - { + if(($exception==NULL)||($except==TRUE)){ if(!$validation) $valid=TRUE; else $valid=calc_exp($fields,$field,$validation); - if(!$valid) - { - if($flags&P_SYS) - { + if(!$valid){ + if($flags&P_SYS){ info("Critical error. Incorrect value for [".$field."] = '".$_REQUEST[$field]."'"); return ZBX_VALID_ERROR; } - else - { + else{ info("Warning. Incorrect value for [".$field."]"); return ZBX_VALID_WARNING; } @@ -555,16 +466,14 @@ 'sortorder'=> array(T_ZBX_STR, O_OPT, P_SYS, NULL,NULL) ); - function invalid_url() - { + function invalid_url(){ include_once "include/page_header.php"; unset_all(); show_error_message(S_INVALID_URL); include_once "include/page_footer.php"; } - function check_fields(&$fields, $show_messages=true) - { + function check_fields(&$fields, $show_messages=true){ global $_REQUEST; global $system_fields; @@ -573,22 +482,19 @@ $fields = array_merge($fields, $system_fields); - foreach($fields as $field => $checks) - { + foreach($fields as $field => $checks){ $err |= check_field($fields, $field,$checks); } unset_not_in_list($fields); unset_if_zero($fields); - if($err!=ZBX_VALID_OK) - { + if($err!=ZBX_VALID_OK){ unset_action_vars($fields); } $fields = null; - if($err&ZBX_VALID_ERROR) - { + if($err&ZBX_VALID_ERROR){ invalid_url(); } |