Author: jfthomps
Date: Fri Sep 30 15:43:25 2011
New Revision: 1177705

URL: http://svn.apache.org/viewvc?rev=1177705&view=rev
Log:
VCL-345
check for whitespace in add computers IP address field

utils.php - modified processInputVar - added additional argument - 
$stripwhitespace - when set to 1 will call trim() on the variable to remove 
starting/trailing whitespace

computers.php:
-modified processComputerInput - set $stripwhitespace to 1 when calling 
processInputVar for ipaddress, owner, ram, procspeed, and hostname
-modified processBulkComputerInput - set $stripwhitespace to 1 when calling 
processInputVar for ipaddress, startipaddress, endipaddres, starthostval, 
endhostval, startpripaddress, endpripaddress, startmac, owner, ram, procspeed, 
and hostname

Modified:
    incubator/vcl/trunk/web/.ht-inc/computers.php
    incubator/vcl/trunk/web/.ht-inc/utils.php

Modified: incubator/vcl/trunk/web/.ht-inc/computers.php
URL: 
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/computers.php?rev=1177705&r1=1177704&r2=1177705&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/computers.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/computers.php Fri Sep 30 15:43:25 2011
@@ -3080,17 +3080,17 @@ function processComputerInput($checks=1)
        $return = processComputerInput2();
 
        $return["bulk"] = getContinuationVar("bulk", processInputVar("bulk", 
ARG_NUMERIC));
-       $return["ipaddress"] = getContinuationVar("ipaddress", 
processInputVar("ipaddress", ARG_STRING));
+       $return["ipaddress"] = getContinuationVar("ipaddress", 
processInputVar("ipaddress", ARG_STRING, NULL, 1));
        $return["stateid"] = getContinuationVar("stateid", 
processInputVar("stateid", ARG_NUMERIC));
-       $return["owner"] = getContinuationVar("owner", processInputVar("owner", 
ARG_STRING));
+       $return["owner"] = getContinuationVar("owner", processInputVar("owner", 
ARG_STRING, NULL, 1));
        $return["platformid"] = getContinuationVar("platformid", 
processInputVar("platformid", ARG_NUMERIC));
        $return["scheduleid"] = getContinuationVar("scheduleid", 
processInputVar("scheduleid", ARG_NUMERIC));
        $return["currentimgid"] = getContinuationVar("currentimgid", 
processInputVar("currentimgid", ARG_NUMERIC));
-       $return["ram"] = getContinuationVar("ram", processInputVar("ram", 
ARG_NUMERIC));
+       $return["ram"] = getContinuationVar("ram", processInputVar("ram", 
ARG_NUMERIC, NULL, 1));
        $return["numprocs"] = getContinuationVar("numprocs", 
processInputVar("numprocs", ARG_NUMERIC));
-       $return["procspeed"] = getContinuationVar("procspeed", 
processInputVar("procspeed", ARG_NUMERIC));
+       $return["procspeed"] = getContinuationVar("procspeed", 
processInputVar("procspeed", ARG_NUMERIC, NULL, 1));
        $return["network"] = getContinuationVar("network", 
processInputVar("network", ARG_NUMERIC));
-       $return["hostname"] = getContinuationVar("hostname", 
processInputVar("hostname", ARG_STRING));
+       $return["hostname"] = getContinuationVar("hostname", 
processInputVar("hostname", ARG_STRING, NULL, 1));
        $return["compid"] = getContinuationVar("compid", 
processInputVar("compid", ARG_NUMERIC));
        $return["type"] = getContinuationVar("type", processInputVar("type", 
ARG_STRING, "lab"));
        $return["provisioningid"] = getContinuationVar("provisioningid", 
processInputVar("provisioningid", ARG_NUMERIC));
@@ -3229,7 +3229,7 @@ function processComputerInput3() {
 function processBulkComputerInput($checks=1) {
        global $submitErr, $submitErrMsg;
        $return = processComputerInput2();
-       $ipaddress = getContinuationVar("ipaddress", 
processInputVar("ipaddress", ARG_STRING));
+       $ipaddress = getContinuationVar("ipaddress", 
processInputVar("ipaddress", ARG_STRING, NULL, 1));
        if(! empty($ipaddress)) {
                $return["startipaddress"] = $ipaddress;
                $tmp = $ipaddress;
@@ -3240,24 +3240,24 @@ function processBulkComputerInput($check
                $return["endhostval"] = "";
        }
        else {
-               $return["startipaddress"] = 
getContinuationVar("startipaddress", processInputVar("startipaddress", 
ARG_STRING));
-               $return["endipaddress"] = getContinuationVar("endipaddress", 
processInputVar("endipaddress", ARG_STRING));
-               $return["starthostval"] = getContinuationVar("starthostval", 
processInputVar("starthostval", ARG_NUMERIC));
-               $return["endhostval"] = getContinuationVar("endhostval", 
processInputVar("endhostval", ARG_NUMERIC));
-       }
-       $return["startpripaddress"] = getContinuationVar("startpripaddress", 
processInputVar("startpripaddress", ARG_STRING));
-       $return["endpripaddress"] = getContinuationVar("endpripaddress", 
processInputVar("endpripaddress", ARG_STRING));
-       $return["startmac"] = getContinuationVar("startmac", 
processInputVar("startmac", ARG_STRING));
+               $return["startipaddress"] = 
getContinuationVar("startipaddress", processInputVar("startipaddress", 
ARG_STRING, NULL, 1));
+               $return["endipaddress"] = getContinuationVar("endipaddress", 
processInputVar("endipaddress", ARG_STRING, NULL, 1));
+               $return["starthostval"] = getContinuationVar("starthostval", 
processInputVar("starthostval", ARG_NUMERIC, NULL, 1));
+               $return["endhostval"] = getContinuationVar("endhostval", 
processInputVar("endhostval", ARG_NUMERIC, NULL, 1));
+       }
+       $return["startpripaddress"] = getContinuationVar("startpripaddress", 
processInputVar("startpripaddress", ARG_STRING, NULL, 1));
+       $return["endpripaddress"] = getContinuationVar("endpripaddress", 
processInputVar("endpripaddress", ARG_STRING, NULL, 1));
+       $return["startmac"] = getContinuationVar("startmac", 
processInputVar("startmac", ARG_STRING, NULL, 1));
 
        $return["stateid"] = getContinuationVar("stateid", 
processInputVar("stateid", ARG_NUMERIC));
-       $return["owner"] = getContinuationVar("owner", processInputVar("owner", 
ARG_STRING));
+       $return["owner"] = getContinuationVar("owner", processInputVar("owner", 
ARG_STRING, NULL, 1));
        $return["platformid"] = getContinuationVar("platformid", 
processInputVar("platformid", ARG_NUMERIC));
        $return["scheduleid"] = getContinuationVar("scheduleid", 
processInputVar("scheduleid", ARG_NUMERIC));
-       $return["ram"] = getContinuationVar("ram", processInputVar("ram", 
ARG_NUMERIC));
+       $return["ram"] = getContinuationVar("ram", processInputVar("ram", 
ARG_NUMERIC, NULL, 1));
        $return["numprocs"] = getContinuationVar("numprocs", 
processInputVar("numprocs", ARG_NUMERIC));
-       $return["procspeed"] = getContinuationVar("procspeed", 
processInputVar("procspeed", ARG_NUMERIC));
+       $return["procspeed"] = getContinuationVar("procspeed", 
processInputVar("procspeed", ARG_NUMERIC, NULL, 1));
        $return["network"] = getContinuationVar("network", 
processInputVar("network", ARG_NUMERIC));
-       $return["hostname"] = getContinuationVar("hostname", 
processInputVar("hostname", ARG_STRING));
+       $return["hostname"] = getContinuationVar("hostname", 
processInputVar("hostname", ARG_STRING, NULL, 1));
        $return["type"] = getContinuationVar("type", processInputVar("type", 
ARG_STRING));
        $return["provisioningid"] = getContinuationVar("provisioningid", 
processInputVar("provisioningid", ARG_NUMERIC));
        $return["computergroup"] = getContinuationVar("computergroup", 
processInputVar("computergroup", ARG_MULTINUMERIC));

Modified: incubator/vcl/trunk/web/.ht-inc/utils.php
URL: 
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/utils.php?rev=1177705&r1=1177704&r2=1177705&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/utils.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/utils.php Fri Sep 30 15:43:25 2011
@@ -2948,7 +2948,7 @@ function getAffiliationDataUpdateText($a
 
 
////////////////////////////////////////////////////////////////////////////////
 ///
-/// \fn processInputVar($vartag, $type, $defaultvalue)
+/// \fn processInputVar($vartag, $type, $defaultvalue, $stripwhitespace)
 ///
 /// \param $vartag - name of GET or POST variable
 /// \param $type - tag type:\n
@@ -2956,6 +2956,8 @@ function getAffiliationDataUpdateText($a
 /// \b ARG_STRING - string\n
 /// \b ARG_MULTINUMERIC - an array of numbers
 /// \param $defaultvalue - default value for the variable (NULL if not passed 
in)
+/// \param $stripwhitespace - (optional, default=0) - set to 1 to strip
+/// whitespace from the beginning and end of the value
 ///
 /// \return safe value for the GET or POST variable
 ///
@@ -2963,7 +2965,7 @@ function getAffiliationDataUpdateText($a
 /// sanitizes the variable to make sure it doesn't contain anything malicious
 ///
 
////////////////////////////////////////////////////////////////////////////////
-function processInputVar($vartag, $type, $defaultvalue=NULL) {
+function processInputVar($vartag, $type, $defaultvalue=NULL, 
$stripwhitespace=0) {
        if((array_key_exists($vartag, $_POST) &&
           strncmp("$_POST[$vartag]", "0", 1) == 0 &&
           $type == ARG_NUMERIC &&
@@ -2995,6 +2997,8 @@ function processInputVar($vartag, $type,
        if($type == ARG_MULTINUMERIC) {
                foreach($return as $index => $value) {
                        $return[$index] = strip_tags($value);
+                       if($stripwhitespace)
+                               $return[$index] = trim($return[$index]);
                        if($return[$index] == 'zero')
                                $return[$index] = '0';
                }
@@ -3002,10 +3006,14 @@ function processInputVar($vartag, $type,
        elseif($type == ARG_MULTISTRING) {
                foreach($return as $index => $value) {
                        $return[$index] = strip_tags($value);
+                       if($stripwhitespace)
+                               $return[$index] = trim($return[$index]);
                }
        }
        else {
                $return = strip_tags($return);
+               if($stripwhitespace)
+                       $return = trim($return);
        }
 
        if(! empty($return) && $type == ARG_NUMERIC) {


Reply via email to