summaryrefslogtreecommitdiffstats
path: root/frontends/php/include/validate.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'frontends/php/include/validate.inc.php')
-rw-r--r--frontends/php/include/validate.inc.php284
1 files changed, 95 insertions, 189 deletions
diff --git a/frontends/php/include/validate.inc.php b/frontends/php/include/validate.inc.php
index 2b4875b2..ea2d51c8 100644
--- a/frontends/php/include/validate.inc.php
+++ b/frontends/php/include/validate.inc.php
@@ -19,8 +19,7 @@
**/
?>
<?php
- function unset_request($key,$requester='unknown')
- {
+ function unset_request($key,$requester='unknown'){
unset($_REQUEST[$key]);
}
@@ -28,10 +27,8 @@
define('ZBX_VALID_ERROR', 1);
define('ZBX_VALID_WARNING', 2);
- function is_int_range($value)
- {
- if( !empty($value) ) foreach(explode(',',$value) as $int_range)
- {
+ function is_int_range($value){
+ if( !empty($value) ) foreach(explode(',',$value) as $int_range){
$int_range = explode('-', $int_range);
if(count($int_range) > 2) return false;
foreach($int_range as $int_val)
@@ -41,43 +38,35 @@
return true;
}
- function is_hex_color($value)
- {
+ function is_hex_color($value){
return eregi('^[0-9,A-F]{6}$', $value);
}
- function BETWEEN($min,$max,$var=NULL)
- {
+ function BETWEEN($min,$max,$var=NULL){
return "({".$var."}>=".$min."&&{".$var."}<=".$max.")&&";
}
- function GT($value,$var='')
- {
+ function GT($value,$var=''){
return "({".$var."}>=".$value.")&&";
}
- function IN($array,$var='')
- {
+ function IN($array,$var=''){
if(is_array($array)) $array = implode(',', $array);
return "str_in_array({".$var."},array(".$array."))&&";
}
- function HEX($var=NULL)
- {
+ function HEX($var=NULL){
return "ereg(\"^[a-zA-Z0-9]{1,}$\",{".$var."})&&";
}
- function KEY_PARAM($var=NULL)
- {
+ function KEY_PARAM($var=NULL){
return 'ereg(\'^([0-9a-zA-Z\_\.[.'.ZBX_EREG_SPACE_SYMB.'.]\$ ]+)$\',{'.$var.'})&&';
}
- function validate_ipv4($str,&$arr)
- {
+ function validate_ipv4($str,&$arr){
if( !ereg('^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$', $str, $arr) ) return false;
for($i=1; $i<=4; $i++) if( !is_numeric($arr[$i]) || $arr[$i] > 255 || $arr[$i] < 0 ) return false;
return true;
}
- function validate_ipv6($str,&$arr)
- {
+ function validate_ipv6($str,&$arr){
$pattern1 = '([A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}';
$pattern2 = ':(:[A-Fa-f0-9]{1,4}){1,7}';
$pattern3 = '[A-Fa-f0-9]{1,4}::([A-Fa-f0-9]{1,4}:){0,5}[A-Fa-f0-9]{1,4}';
@@ -93,21 +82,17 @@
return true;
}
- function validate_ip($str,&$arr)
- {
+ function validate_ip($str,&$arr){
if(validate_ipv4($str,$arr))
return true;
- if(defined('ZBX_HAVE_IPV6'))
- {
+ if(defined('ZBX_HAVE_IPV6')){
return validate_ipv6($str,$arr);
}
return false;
}
-/* function validate_ip_range($str)
- {
- foreach(explode(',',$str) as $ip_range)
- {
+/* function validate_ip_range($str){
+ foreach(explode(',',$str) as $ip_range){
$ip_parts = explode('.', $ip_range);
if(count($ip_parts) != 4) return false;
@@ -117,8 +102,7 @@
$last_part = explode('-', $ip_parts[3]);
if(count($last_part) > 2) return false;
- foreach($last_part as $ip_p)
- {
+ foreach($last_part as $ip_p){
if( !is_numeric($ip_p) || $ip_p < 0 || $ip_p > 255 ) return false;
}
if(count($last_part) == 2 && $last_part[0] > $last_part[1]) return false;
@@ -127,20 +111,16 @@
return true;
}
*/
- function validate_ip_range($str)
- {
- foreach(explode(',',$str) as $ip_range)
- {
+ function validate_ip_range($str){
+ foreach(explode(',',$str) as $ip_range){
$parts = explode('-', $ip_range);
$parts_count = count($parts);
if($parts_count > 2) return false;
- if(validate_ipv4($parts[0], $arr))
- {
+ if(validate_ipv4($parts[0], $arr)){
$ip_parts = explode('.', $parts[0]);
- if( $parts_count == 2 )
- {
+ if( $parts_count == 2 ){
if( !ereg('^[0-9]{1,3}$', $parts[1]) ) return false;
sscanf($ip_parts[3], "%d", $from_value);
@@ -148,13 +128,11 @@
if($to_value > 255 || $from_value > $to_value) return false;
}
}
- else if( defined('ZBX_HAVE_IPV6') && validate_ipv6($parts[0], $arr) )
- {
+ else if( defined('ZBX_HAVE_IPV6') && validate_ipv6($parts[0], $arr) ){
$ip_parts = explode(':', $parts[0]);
$ip_parts_count = count($ip_parts);
- if( $parts_count == 2 )
- {
+ if( $parts_count == 2 ){
if( !ereg('^[A-Fa-f0-9]{1,4}$', $parts[1]) ) return false;
sscanf($ip_parts[$ip_parts_count - 1], "%x", $from_value);
@@ -162,8 +140,7 @@
if($from_value > $to_value) return false;
}
}
- else
- {
+ else{
return false;
}
@@ -171,30 +148,25 @@
return true;
}
-/* function validate_ip_range($str)
- {
- if(defined('ZBX_HAVE_IPV6'))
- {
+/* function validate_ip_range($str){
+ if(defined('ZBX_HAVE_IPV6')){
return validate_ipv4_ipv6_range($str);
}
- else
- {
+ else{
return validate_ipv4_range($str);
}
return false;
}
*/
- function validate_port_list($str)
- {
- foreach(explode(',',$str) as $port_range)
- {
+ function validate_port_list($str){
+ foreach(explode(',',$str) as $port_range){
$port_range = explode('-', $port_range);
if(count($port_range) > 2) return false;
foreach($port_range as $port)
if( !is_numeric($port) || $port > 65535 || $port < 0 )
return false;
}
- return true;
+ return true;
}
@@ -203,14 +175,11 @@
// VAR TYPE OPTIONAL FLAGS VALIDATION EXCEPTION
- function calc_exp2($fields,$field,$expression)
- {
- foreach($fields as $f => $checks)
- {
+ function calc_exp2($fields,$field,$expression){
+ foreach($fields as $f => $checks){
/*
// If an unset variable used in expression, return FALSE
- if(zbx_strstr($expression,'{'.$f.'}')&&!isset($_REQUEST[$f]))
- {
+ if(zbx_strstr($expression,'{'.$f.'}')&&!isset($_REQUEST[$f])){
//SDI("Variable [$f] is not set. $expression is FALSE");
//info("Variable [$f] is not set. $expression is FALSE");
// return FALSE;
@@ -229,8 +198,7 @@
return $ret;
}
- function calc_exp($fields,$field,$expression)
- {
+ function calc_exp($fields,$field,$expression){
//SDI("$field - expression: ".$expression);
if(zbx_strstr($expression,"{}") && !isset($_REQUEST[$field]))
@@ -239,10 +207,8 @@
if(zbx_strstr($expression,"{}") && !is_array($_REQUEST[$field]))
$expression = str_replace("{}",'$_REQUEST["'.$field.'"]',$expression);
- if(zbx_strstr($expression,"{}") && is_array($_REQUEST[$field]))
- {
- foreach($_REQUEST[$field] as $key => $val)
- {
+ if(zbx_strstr($expression,"{}") && is_array($_REQUEST[$field])){
+ foreach($_REQUEST[$field] as $key => $val){
$expression2 = str_replace("{}",'$_REQUEST["'.$field.'"]["'.$key.'"]',$expression);
if(calc_exp2($fields,$field,$expression2)==FALSE)
return FALSE;
@@ -253,75 +219,57 @@
return calc_exp2($fields,$field,$expression);
}
- function unset_not_in_list(&$fields)
- {
- foreach($_REQUEST as $key => $val)
- {
- if(!isset($fields[$key]))
- {
+ function unset_not_in_list(&$fields){
+ foreach($_REQUEST as $key => $val){
+ if(!isset($fields[$key])){
unset_request($key,'unset_not_in_list');
}
}
}
- function unset_if_zero($fields)
- {
- foreach($fields as $field => $checks)
- {
+ function unset_if_zero($fields){
+ foreach($fields as $field => $checks){
list($type,$opt,$flags,$validation,$exception)=$checks;
- if(($flags&P_NZERO)&&(isset($_REQUEST[$field]))&&(is_numeric($_REQUEST[$field]))&&($_REQUEST[$field]==0))
- {
+ if(($flags&P_NZERO)&&(isset($_REQUEST[$field]))&&(is_numeric($_REQUEST[$field]))&&($_REQUEST[$field]==0)){
unset_request($field,'unset_if_zero');
}
}
}
- function unset_action_vars($fields)
- {
- foreach($fields as $field => $checks)
- {
+ function unset_action_vars($fields){
+ foreach($fields as $field => $checks){
list($type,$opt,$flags,$validation,$exception)=$checks;
- if(($flags&P_ACT)&&(isset($_REQUEST[$field])))
- {
+ if(($flags&P_ACT)&&(isset($_REQUEST[$field]))){
unset_request($field,'unset_action_vars');
}
}
}
- function unset_all()
- {
- foreach($_REQUEST as $key => $val)
- {
+ function unset_all(){
+ foreach($_REQUEST as $key => $val){
unset_request($key,'unset_all');
}
}
- function check_type(&$field, $flags, &$var, $type)
- {
- if(is_array($var) && $type != T_ZBX_IP)
- {
+ function check_type(&$field, $flags, &$var, $type){
+ if(is_array($var) && $type != T_ZBX_IP){
$err = ZBX_VALID_OK;
- foreach($var as $el)
- {
+ foreach($var as $el){
$err |= check_type($field, $flags, $el, $type);
}
return $err;
}
- if($type == T_ZBX_IP)
- {
- if( !validate_ip($var,$arr) )
- {
- if($flags&P_SYS)
- {
+ if($type == T_ZBX_IP){
+ if( !validate_ip($var,$arr) ){
+ if($flags&P_SYS){
info("Critical error. Field [".$field."] is not IP");
return ZBX_VALID_ERROR;
}
- else
- {
+ else{
info("Warning. Field [".$field."] is not IP");
return ZBX_VALID_WARNING;
}
@@ -329,17 +277,13 @@
return ZBX_VALID_OK;
}
- if($type == T_ZBX_IP_RANGE)
- {
- if( !validate_ip_range($var) )
- {
- if($flags&P_SYS)
- {
+ if($type == T_ZBX_IP_RANGE){
+ if( !validate_ip_range($var) ){
+ if($flags&P_SYS){
info("Critical error. Field [".$field."] is not IP range");
return ZBX_VALID_ERROR;
}
- else
- {
+ else{
info("Warning. Field [".$field."] is not IP range");
return ZBX_VALID_WARNING;
}
@@ -347,8 +291,7 @@
return ZBX_VALID_OK;
}
- if($type == T_ZBX_PORTS)
- {
+ if($type == T_ZBX_PORTS){
$err = ZBX_VALID_OK;
foreach(explode(',', $var) as $el)
foreach(explode('-', $el) as $p)
@@ -356,17 +299,13 @@
return $err;
}
- if($type == T_ZBX_INT_RANGE)
- {
- if( !is_int_range($var) )
- {
- if($flags&P_SYS)
- {
+ if($type == T_ZBX_INT_RANGE){
+ if( !is_int_range($var) ){
+ if($flags&P_SYS){
info("Critical error. Field [".$field."] is not integer range");
return ZBX_VALID_ERROR;
}
- else
- {
+ else{
info("Warning. Field [".$field."] is not integer range");
return ZBX_VALID_WARNING;
}
@@ -375,52 +314,44 @@
}
if(($type == T_ZBX_INT) && !is_numeric($var)) {
- if($flags&P_SYS)
- {
+ if($flags&P_SYS){
info("Critical error. Field [".$field."] is not integer");
return ZBX_VALID_ERROR;
}
- else
- {
+ else{
info("Warning. Field [".$field."] is not integer");
return ZBX_VALID_WARNING;
}
}
if(($type == T_ZBX_DBL) && !is_numeric($var)) {
- if($flags&P_SYS)
- {
+ if($flags&P_SYS){
info("Critical error. Field [".$field."] is not double");
return ZBX_VALID_ERROR;
}
- else
- {
+ else{
info("Warning. Field [".$field."] is not double");
return ZBX_VALID_WARNING;
}
}
if(($type == T_ZBX_STR) && !is_string($var)) {
- if($flags&P_SYS)
- {
+ if($flags&P_SYS){
info("Critical error. Field [".$field."] is not string");
return ZBX_VALID_ERROR;
}
- else
- {
+ else{
info("Warning. Field [".$field."] is not string");
return ZBX_VALID_WARNING;
}
}
//*
if(($type == T_ZBX_STR) && !defined('ZBX_ALLOW_UNICODE') && (strlen($var) != zbx_strlen($var))){
- if($flags&P_SYS)
- {
+ if($flags&P_SYS){
info("Critical error. Field [".$field."] contains Multibyte chars");
return ZBX_VALID_ERROR;
}
- else
- {
+ else{
info("Warning. Field [".$field."] - multibyte chars are restricted");
return ZBX_VALID_ERROR;
}
@@ -428,13 +359,11 @@
//*/
if(($type == T_ZBX_CLR) && !is_hex_color($var)) {
$var = 'FFFFFF';
- if($flags&P_SYS)
- {
+ if($flags&P_SYS){
info("Critical error. Field [".$field."] is not color");
return ZBX_VALID_ERROR;
}
- else
- {
+ else{
info("Warning. Field [".$field."] is not color");
return ZBX_VALID_WARNING;
}
@@ -442,27 +371,21 @@
return ZBX_VALID_OK;
}
- function check_trim(&$var)
- {
- if(is_string($var))
- {
+ function check_trim(&$var){
+ if(is_string($var)) {
$var = trim($var);
}
- elseif(is_array($var))
- {
- foreach($var as $key => $val)
- {
+ else if(is_array($var)){
+ foreach($var as $key => $val){
check_trim($var[$key]);
}
}
}
- function check_field(&$fields, &$field, $checks)
- {
+ function check_field(&$fields, &$field, $checks){
list($type,$opt,$flags,$validation,$exception)=$checks;
- if($flags&P_UNSET_EMPTY && isset($_REQUEST[$field]) && $_REQUEST[$field]=='')
- {
+ if($flags&P_UNSET_EMPTY && isset($_REQUEST[$field]) && $_REQUEST[$field]==''){
unset_request($field,'P_UNSET_EMPTY');
}
@@ -475,42 +398,34 @@
else if($opt == O_OPT && $except) $opt = O_MAND;
else if($opt == O_NO && $except) $opt = O_MAND;
- if($opt == O_MAND)
- {
- if(!isset($_REQUEST[$field]))
- {
- if($flags&P_SYS)
- {
+ if($opt == O_MAND){
+ if(!isset($_REQUEST[$field])){
+ if($flags&P_SYS){
info("Critical error. Field [".$field."] is mandatory");
return ZBX_VALID_ERROR;
}
- else
- {
+ else{
info("Warning. Field [".$field."] is mandatory");
return ZBX_VALID_WARNING;
}
}
}
- elseif($opt == O_NO)
- {
+ else if($opt == O_NO){
if(!isset($_REQUEST[$field]))
return ZBX_VALID_OK;
unset_request($field,'O_NO');
- if($flags&P_SYS)
- {
+ if($flags&P_SYS){
info("Critical error. Field [".$field."] must be missing");
return ZBX_VALID_ERROR;
}
- else
- {
+ else{
info("Warning. Field [".$field."] must be missing");
return ZBX_VALID_WARNING;
}
}
- elseif($opt == O_OPT)
- {
+ else if($opt == O_OPT){
if(!isset($_REQUEST[$field]))
return ZBX_VALID_OK;
}
@@ -521,20 +436,16 @@
if($err != ZBX_VALID_OK)
return $err;
- if(($exception==NULL)||($except==TRUE))
- {
+ if(($exception==NULL)||($except==TRUE)){
if(!$validation) $valid=TRUE;
else $valid=calc_exp($fields,$field,$validation);
- if(!$valid)
- {
- if($flags&P_SYS)
- {
+ if(!$valid){
+ if($flags&P_SYS){
info("Critical error. Incorrect value for [".$field."] = '".$_REQUEST[$field]."'");
return ZBX_VALID_ERROR;
}
- else
- {
+ else{
info("Warning. Incorrect value for [".$field."]");
return ZBX_VALID_WARNING;
}
@@ -555,16 +466,14 @@
'sortorder'=> array(T_ZBX_STR, O_OPT, P_SYS, NULL,NULL)
);
- function invalid_url()
- {
+ function invalid_url(){
include_once "include/page_header.php";
unset_all();
show_error_message(S_INVALID_URL);
include_once "include/page_footer.php";
}
- function check_fields(&$fields, $show_messages=true)
- {
+ function check_fields(&$fields, $show_messages=true){
global $_REQUEST;
global $system_fields;
@@ -573,22 +482,19 @@
$fields = array_merge($fields, $system_fields);
- foreach($fields as $field => $checks)
- {
+ foreach($fields as $field => $checks){
$err |= check_field($fields, $field,$checks);
}
unset_not_in_list($fields);
unset_if_zero($fields);
- if($err!=ZBX_VALID_OK)
- {
+ if($err!=ZBX_VALID_OK){
unset_action_vars($fields);
}
$fields = null;
- if($err&ZBX_VALID_ERROR)
- {
+ if($err&ZBX_VALID_ERROR){
invalid_url();
}
generated by cgit (git 2.34.1) at 2024-05-07 15:23:15 +0000