From 2b8703fbe10a01e92ba737d233faffc3727341a4 Mon Sep 17 00:00:00 2001
From: artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082>
Date: Thu, 24 Jan 2008 11:53:06 +0000
Subject:  - [DEV-102] added support of UTF8 for GUI (Artem)

git-svn-id: svn://svn.zabbix.com/trunk@5275 97f52cf1-0a1b-0410-bd0e-c28be96e8082
---
 frontends/php/include/validate.inc.php | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

(limited to 'frontends/php/include/validate.inc.php')

diff --git a/frontends/php/include/validate.inc.php b/frontends/php/include/validate.inc.php
index 740974d0..2b4875b2 100644
--- a/frontends/php/include/validate.inc.php
+++ b/frontends/php/include/validate.inc.php
@@ -68,7 +68,7 @@
 	}
 	function	KEY_PARAM($var=NULL)
 	{
-		return 'ereg(\'^([0-9a-zA-Z\_\.[.-.]\$ ]+)$\',{'.$var.'})&&';
+		return 'ereg(\'^([0-9a-zA-Z\_\.[.'.ZBX_EREG_SPACE_SYMB.'.]\$ ]+)$\',{'.$var.'})&&';
 	}
 	function	validate_ipv4($str,&$arr)
 	{
@@ -209,7 +209,7 @@
 		{
 /*
 			// If an unset variable used in expression, return FALSE
-			if(strstr($expression,'{'.$f.'}')&&!isset($_REQUEST[$f]))
+			if(zbx_strstr($expression,'{'.$f.'}')&&!isset($_REQUEST[$f]))
 			{
 //SDI("Variable [$f] is not set. $expression is FALSE");
 //info("Variable [$f] is not set. $expression is FALSE");
@@ -233,13 +233,13 @@
 	{
 //SDI("$field - expression: ".$expression);
 
-		if(strstr($expression,"{}") && !isset($_REQUEST[$field]))
+		if(zbx_strstr($expression,"{}") && !isset($_REQUEST[$field]))
 			return FALSE;
 
-		if(strstr($expression,"{}") && !is_array($_REQUEST[$field]))
+		if(zbx_strstr($expression,"{}") && !is_array($_REQUEST[$field]))
 			$expression = str_replace("{}",'$_REQUEST["'.$field.'"]',$expression);
 
-		if(strstr($expression,"{}") && is_array($_REQUEST[$field]))
+		if(zbx_strstr($expression,"{}") && is_array($_REQUEST[$field]))
 		{
 			foreach($_REQUEST[$field] as $key => $val)
 			{
@@ -412,12 +412,20 @@
 				return ZBX_VALID_WARNING;
 			}
 		}
-		
-		if($type == T_ZBX_STR){
-//			XSS
-//			$var=str_replace('<','&lt;',$var);
+//*		
+		if(($type == T_ZBX_STR) && !defined('ZBX_ALLOW_UNICODE') && (strlen($var) != zbx_strlen($var))){
+			if($flags&P_SYS)
+			{
+				info("Critical error. Field [".$field."] contains Multibyte chars");
+				return ZBX_VALID_ERROR;
+			}
+			else
+			{
+				info("Warning. Field [".$field."] - multibyte chars are restricted");
+				return ZBX_VALID_ERROR;
+			}
 		}
-
+//*/
 		if(($type == T_ZBX_CLR) && !is_hex_color($var)) {
 			$var = 'FFFFFF';
 			if($flags&P_SYS)
-- 
cgit