Eileen has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/380681 )
Change subject: CRM-20906 Validate the extension key is of general standard ...................................................................... CRM-20906 Validate the extension key is of general standard https://github.com/civicrm/civicrm-core/pull/10994 (squashed, included upstream typo :-) Change-Id: I9e13847a4f5cabc4f6f3fcec5d813fef4468bb44 --- M CRM/Admin/Form/Extensions.php M CRM/Utils/Rule.php M CRM/Utils/Type.php 3 files changed, 20 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/wikimedia/fundraising/crm/civicrm refs/changes/81/380681/1 diff --git a/CRM/Admin/Form/Extensions.php b/CRM/Admin/Form/Extensions.php index 2373bcb..7f273cb 100644 --- a/CRM/Admin/Form/Extensions.php +++ b/CRM/Admin/Form/Extensions.php @@ -45,7 +45,9 @@ $this->_key = CRM_Utils_Request::retrieve('key', 'String', $this, FALSE, 0 ); - + if (!CRM_Utils_Type::validate($this->_key, 'ExtensionKey')) { + throw new CRM_Core_Exception('Extension Key does not match expected standard'); + } $session = CRM_Core_Session::singleton(); $url = CRM_Utils_System::url('civicrm/admin/extensions', 'reset=1&action=browse'); $session->pushUserContext($url); diff --git a/CRM/Utils/Rule.php b/CRM/Utils/Rule.php index 3baca20..93af34d 100644 --- a/CRM/Utils/Rule.php +++ b/CRM/Utils/Rule.php @@ -908,4 +908,15 @@ } } + /** + * @param string $key Extension Key to check + * @return bool + */ + public static function checkExtesnionKeyIsValid($key = NULL) { + if (!empty($key) && !preg_match('/^[0-9a-zA-Z._-]+$/', $key)) { + return FALSE; + } + return TRUE; + } + } diff --git a/CRM/Utils/Type.php b/CRM/Utils/Type.php index 43b920f..fbe1c93 100644 --- a/CRM/Utils/Type.php +++ b/CRM/Utils/Type.php @@ -466,6 +466,12 @@ } break; + case 'ExtensionKey': + if (CRM_Utils_Rule::checkExtesnionKeyIsValid($data)) { + return $data; + } + break; + default: CRM_Core_Error::fatal("Cannot recognize $type for $data"); break; -- To view, visit https://gerrit.wikimedia.org/r/380681 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I9e13847a4f5cabc4f6f3fcec5d813fef4468bb44 Gerrit-PatchSet: 1 Gerrit-Project: wikimedia/fundraising/crm/civicrm Gerrit-Branch: master Gerrit-Owner: Eileen <emcnaugh...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
