Author: jfthomps
Date: Fri Sep 30 15:43:25 2011
New Revision: 1177705
URL: http://svn.apache.org/viewvc?rev=1177705&view=rev
Log:
VCL-345
check for whitespace in add computers IP address field
utils.php - modified processInputVar - added additional argument -
$stripwhitespace - when set to 1 will call trim() on the variable to remove
starting/trailing whitespace
computers.php:
-modified processComputerInput - set $stripwhitespace to 1 when calling
processInputVar for ipaddress, owner, ram, procspeed, and hostname
-modified processBulkComputerInput - set $stripwhitespace to 1 when calling
processInputVar for ipaddress, startipaddress, endipaddres, starthostval,
endhostval, startpripaddress, endpripaddress, startmac, owner, ram, procspeed,
and hostname
Modified:
incubator/vcl/trunk/web/.ht-inc/computers.php
incubator/vcl/trunk/web/.ht-inc/utils.php
Modified: incubator/vcl/trunk/web/.ht-inc/computers.php
URL:
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/computers.php?rev=1177705&r1=1177704&r2=1177705&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/computers.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/computers.php Fri Sep 30 15:43:25 2011
@@ -3080,17 +3080,17 @@ function processComputerInput($checks=1)
$return = processComputerInput2();
$return["bulk"] = getContinuationVar("bulk", processInputVar("bulk",
ARG_NUMERIC));
- $return["ipaddress"] = getContinuationVar("ipaddress",
processInputVar("ipaddress", ARG_STRING));
+ $return["ipaddress"] = getContinuationVar("ipaddress",
processInputVar("ipaddress", ARG_STRING, NULL, 1));
$return["stateid"] = getContinuationVar("stateid",
processInputVar("stateid", ARG_NUMERIC));
- $return["owner"] = getContinuationVar("owner", processInputVar("owner",
ARG_STRING));
+ $return["owner"] = getContinuationVar("owner", processInputVar("owner",
ARG_STRING, NULL, 1));
$return["platformid"] = getContinuationVar("platformid",
processInputVar("platformid", ARG_NUMERIC));
$return["scheduleid"] = getContinuationVar("scheduleid",
processInputVar("scheduleid", ARG_NUMERIC));
$return["currentimgid"] = getContinuationVar("currentimgid",
processInputVar("currentimgid", ARG_NUMERIC));
- $return["ram"] = getContinuationVar("ram", processInputVar("ram",
ARG_NUMERIC));
+ $return["ram"] = getContinuationVar("ram", processInputVar("ram",
ARG_NUMERIC, NULL, 1));
$return["numprocs"] = getContinuationVar("numprocs",
processInputVar("numprocs", ARG_NUMERIC));
- $return["procspeed"] = getContinuationVar("procspeed",
processInputVar("procspeed", ARG_NUMERIC));
+ $return["procspeed"] = getContinuationVar("procspeed",
processInputVar("procspeed", ARG_NUMERIC, NULL, 1));
$return["network"] = getContinuationVar("network",
processInputVar("network", ARG_NUMERIC));
- $return["hostname"] = getContinuationVar("hostname",
processInputVar("hostname", ARG_STRING));
+ $return["hostname"] = getContinuationVar("hostname",
processInputVar("hostname", ARG_STRING, NULL, 1));
$return["compid"] = getContinuationVar("compid",
processInputVar("compid", ARG_NUMERIC));
$return["type"] = getContinuationVar("type", processInputVar("type",
ARG_STRING, "lab"));
$return["provisioningid"] = getContinuationVar("provisioningid",
processInputVar("provisioningid", ARG_NUMERIC));
@@ -3229,7 +3229,7 @@ function processComputerInput3() {
function processBulkComputerInput($checks=1) {
global $submitErr, $submitErrMsg;
$return = processComputerInput2();
- $ipaddress = getContinuationVar("ipaddress",
processInputVar("ipaddress", ARG_STRING));
+ $ipaddress = getContinuationVar("ipaddress",
processInputVar("ipaddress", ARG_STRING, NULL, 1));
if(! empty($ipaddress)) {
$return["startipaddress"] = $ipaddress;
$tmp = $ipaddress;
@@ -3240,24 +3240,24 @@ function processBulkComputerInput($check
$return["endhostval"] = "";
}
else {
- $return["startipaddress"] =
getContinuationVar("startipaddress", processInputVar("startipaddress",
ARG_STRING));
- $return["endipaddress"] = getContinuationVar("endipaddress",
processInputVar("endipaddress", ARG_STRING));
- $return["starthostval"] = getContinuationVar("starthostval",
processInputVar("starthostval", ARG_NUMERIC));
- $return["endhostval"] = getContinuationVar("endhostval",
processInputVar("endhostval", ARG_NUMERIC));
- }
- $return["startpripaddress"] = getContinuationVar("startpripaddress",
processInputVar("startpripaddress", ARG_STRING));
- $return["endpripaddress"] = getContinuationVar("endpripaddress",
processInputVar("endpripaddress", ARG_STRING));
- $return["startmac"] = getContinuationVar("startmac",
processInputVar("startmac", ARG_STRING));
+ $return["startipaddress"] =
getContinuationVar("startipaddress", processInputVar("startipaddress",
ARG_STRING, NULL, 1));
+ $return["endipaddress"] = getContinuationVar("endipaddress",
processInputVar("endipaddress", ARG_STRING, NULL, 1));
+ $return["starthostval"] = getContinuationVar("starthostval",
processInputVar("starthostval", ARG_NUMERIC, NULL, 1));
+ $return["endhostval"] = getContinuationVar("endhostval",
processInputVar("endhostval", ARG_NUMERIC, NULL, 1));
+ }
+ $return["startpripaddress"] = getContinuationVar("startpripaddress",
processInputVar("startpripaddress", ARG_STRING, NULL, 1));
+ $return["endpripaddress"] = getContinuationVar("endpripaddress",
processInputVar("endpripaddress", ARG_STRING, NULL, 1));
+ $return["startmac"] = getContinuationVar("startmac",
processInputVar("startmac", ARG_STRING, NULL, 1));
$return["stateid"] = getContinuationVar("stateid",
processInputVar("stateid", ARG_NUMERIC));
- $return["owner"] = getContinuationVar("owner", processInputVar("owner",
ARG_STRING));
+ $return["owner"] = getContinuationVar("owner", processInputVar("owner",
ARG_STRING, NULL, 1));
$return["platformid"] = getContinuationVar("platformid",
processInputVar("platformid", ARG_NUMERIC));
$return["scheduleid"] = getContinuationVar("scheduleid",
processInputVar("scheduleid", ARG_NUMERIC));
- $return["ram"] = getContinuationVar("ram", processInputVar("ram",
ARG_NUMERIC));
+ $return["ram"] = getContinuationVar("ram", processInputVar("ram",
ARG_NUMERIC, NULL, 1));
$return["numprocs"] = getContinuationVar("numprocs",
processInputVar("numprocs", ARG_NUMERIC));
- $return["procspeed"] = getContinuationVar("procspeed",
processInputVar("procspeed", ARG_NUMERIC));
+ $return["procspeed"] = getContinuationVar("procspeed",
processInputVar("procspeed", ARG_NUMERIC, NULL, 1));
$return["network"] = getContinuationVar("network",
processInputVar("network", ARG_NUMERIC));
- $return["hostname"] = getContinuationVar("hostname",
processInputVar("hostname", ARG_STRING));
+ $return["hostname"] = getContinuationVar("hostname",
processInputVar("hostname", ARG_STRING, NULL, 1));
$return["type"] = getContinuationVar("type", processInputVar("type",
ARG_STRING));
$return["provisioningid"] = getContinuationVar("provisioningid",
processInputVar("provisioningid", ARG_NUMERIC));
$return["computergroup"] = getContinuationVar("computergroup",
processInputVar("computergroup", ARG_MULTINUMERIC));
Modified: incubator/vcl/trunk/web/.ht-inc/utils.php
URL:
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/utils.php?rev=1177705&r1=1177704&r2=1177705&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/utils.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/utils.php Fri Sep 30 15:43:25 2011
@@ -2948,7 +2948,7 @@ function getAffiliationDataUpdateText($a
////////////////////////////////////////////////////////////////////////////////
///
-/// \fn processInputVar($vartag, $type, $defaultvalue)
+/// \fn processInputVar($vartag, $type, $defaultvalue, $stripwhitespace)
///
/// \param $vartag - name of GET or POST variable
/// \param $type - tag type:\n
@@ -2956,6 +2956,8 @@ function getAffiliationDataUpdateText($a
/// \b ARG_STRING - string\n
/// \b ARG_MULTINUMERIC - an array of numbers
/// \param $defaultvalue - default value for the variable (NULL if not passed
in)
+/// \param $stripwhitespace - (optional, default=0) - set to 1 to strip
+/// whitespace from the beginning and end of the value
///
/// \return safe value for the GET or POST variable
///
@@ -2963,7 +2965,7 @@ function getAffiliationDataUpdateText($a
/// sanitizes the variable to make sure it doesn't contain anything malicious
///
////////////////////////////////////////////////////////////////////////////////
-function processInputVar($vartag, $type, $defaultvalue=NULL) {
+function processInputVar($vartag, $type, $defaultvalue=NULL,
$stripwhitespace=0) {
if((array_key_exists($vartag, $_POST) &&
strncmp("$_POST[$vartag]", "0", 1) == 0 &&
$type == ARG_NUMERIC &&
@@ -2995,6 +2997,8 @@ function processInputVar($vartag, $type,
if($type == ARG_MULTINUMERIC) {
foreach($return as $index => $value) {
$return[$index] = strip_tags($value);
+ if($stripwhitespace)
+ $return[$index] = trim($return[$index]);
if($return[$index] == 'zero')
$return[$index] = '0';
}
@@ -3002,10 +3006,14 @@ function processInputVar($vartag, $type,
elseif($type == ARG_MULTISTRING) {
foreach($return as $index => $value) {
$return[$index] = strip_tags($value);
+ if($stripwhitespace)
+ $return[$index] = trim($return[$index]);
}
}
else {
$return = strip_tags($return);
+ if($stripwhitespace)
+ $return = trim($return);
}
if(! empty($return) && $type == ARG_NUMERIC) {
