lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added : url string validation

Browse Source
This commit is contained in:
Regis Houssin 2009-04-03 12:56:21 +00:00
parent c76caf0c9b
commit 282871a8c4
6 changed files with 109 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
htdocs/includes/menus/barre_top/auguria_backoffice.php
View File

@ -54,48 +54,47 @@ class MenuTop {
*/
function showmenu()
{
require_once(DOL_DOCUMENT_ROOT."/core/menubase.class.php");
require_once(DOL_DOCUMENT_ROOT."/core/menubase.class.php");
global $user,$conf,$langs,$dolibarr_main_db_name;;
global $user,$conf,$langs,$dolibarr_main_db_name;;
// On sauve en session le menu principal choisi
if (isset($_GET["mainmenu"])) $_SESSION["mainmenu"]=$_GET["mainmenu"];
if (isset($_GET["idmenu"])) $_SESSION["idmenu"]=$_GET["idmenu"];
$_SESSION["leftmenuopened"]="";
$menuArbo = new Menubase($this->db,'auguria','top');
$tabMenu = $menuArbo->menuTopCharger(0,$_SESSION['mainmenu'], 'auguria');
print '<ul>';
for($i=0; $i<count($tabMenu); $i++)
{
if ($tabMenu[$i]['enabled'] == true)
{
if ($tabMenu[$i]['right'] == true)
{
// Define url
$url=DOL_URL_ROOT.$tabMenu[$i]['url'];
if (! eregi('\?',DOL_URL_ROOT.$tabMenu[$i]['url'])) $url.='?';
else $url.='&';
$url.='mainmenu='.$tabMenu[$i]['mainmenu'].'&leftmenu=';
$url.="&idmenu=".$tabMenu[$i]['rowid'];
if (! empty($_GET["idmenu"]) && $tabMenu[$i]['rowid'] == $_GET["idmenu"]) $class='class="tmenusel"';
else $class='class="tmenu"';
// Define idsel
$idsel='';
print '<li><a '.$class.' '.$idsel.'href="'.$url.'"'.($this->atarget?" target=$this->atarget":"").'>'.$tabMenu[$i]['titre'].'</a></li>';
}
else
{
print '<li><div class="tmenudisabled">'.$tabMenu[$i]['titre'].'</div></li>';
}
}
}
print '</ul>';
// On sauve en session le menu principal choisi
if (isset($_GET["mainmenu"])) $_SESSION["mainmenu"]=$_GET["mainmenu"];
if (isset($_GET["idmenu"])) $_SESSION["idmenu"]=$_GET["idmenu"];
$_SESSION["leftmenuopened"]="";
$menuArbo = new Menubase($this->db,'auguria','top');
$tabMenu = $menuArbo->menuTopCharger(0,$_SESSION['mainmenu'], 'auguria');
print '<ul>';
for($i=0; $i<count($tabMenu); $i++)
{
if ($tabMenu[$i]['enabled'] == true)
{
if ($tabMenu[$i]['right'] == true)
{
// Define url
$url=DOL_URL_ROOT.$tabMenu[$i]['url'];
if (! eregi('\?',DOL_URL_ROOT.$tabMenu[$i]['url'])) $url.='?';
else $url.='&';
$url.='mainmenu='.$tabMenu[$i]['mainmenu'].'&leftmenu=';
$url.="&idmenu=".$tabMenu[$i]['rowid'];
if (! empty($_GET["idmenu"]) && $tabMenu[$i]['rowid'] == $_GET["idmenu"]) $class='class="tmenusel"';
else $class='class="tmenu"';
// Define idsel
$idsel='';
print '<li><a '.$class.' '.$idsel.'href="'.$url.'"'.($this->atarget?" target=$this->atarget":"").'>'.$tabMenu[$i]['titre'].'</a></li>';
}
else
{
print '<li><div class="tmenudisabled">'.$tabMenu[$i]['titre'].'</div></li>';
}
}
}
print '</ul>';
}
}

31
htdocs/includes/menus/barre_top/eldy_backoffice.php
View File

@ -350,31 +350,30 @@ class MenuTop {
if (! $this->hideifnotallowed) print '<td class="tmenu"><a class="tmenudisabled" '.$idsel.'href="#">'.$langs->trans("MenuMembers").'</a></td>';
}
}
// Affichage des menus personnalises
// Affichage des menus personnalises
require_once(DOL_DOCUMENT_ROOT."/core/menubase.class.php");
$menuArbo = new Menubase($this->db,'eldy','top');
$tabMenu = $menuArbo->menuTopCharger(0,$_SESSION['mainmenu'],'eldy');
for($i=0; $i<count($tabMenu); $i++)
$tabMenu = $menuArbo->menuTopCharger(0,$_SESSION['mainmenu'],'eldy');
for($i=0; $i<count($tabMenu); $i++)
{
if ($tabMenu[$i]['enabled'] == true)
{
$idsel=(empty($tabMenu[$i]['mainmenu'])?'id="none" ':'id="'.$tabMenu[$i]['mainmenu'].'" ');
if ($tabMenu[$i]['right'] == true)
{
$url=DOL_URL_ROOT.$tabMenu[$i]['url'];
if (! eregi('\?',DOL_URL_ROOT.$tabMenu[$i]['url'])) $url.='?';
else $url.='&';
$url.='mainmenu='.$tabMenu[$i]['mainmenu'].'&leftmenu=';
$url.="&idmenu=".$tabMenu[$i]['rowid'];
if (! empty($_SESSION['idmenu']) && $tabMenu[$i]['rowid'] == $_SESSION['idmenu']) $class='class="tmenusel"';
else $class='class="tmenu"';
print '<td class="tmenu"><a '.$class.' '.$idsel.'href="'.$url.'"'.($this->atarget?" target=$this->atarget":"").'>';
print $tabMenu[$i]['titre'];
print '</a></td>';
$url=DOL_URL_ROOT.$tabMenu[$i]['url'];
if (! eregi('\?',DOL_URL_ROOT.$tabMenu[$i]['url'])) $url.='?';
else $url.='&';
$url.='mainmenu='.$tabMenu[$i]['mainmenu'].'&leftmenu=';
$url.="&idmenu=".$tabMenu[$i]['rowid'];
if (! empty($_SESSION['idmenu']) && $tabMenu[$i]['rowid'] == $_SESSION['idmenu']) $class='class="tmenusel"';
else $class='class="tmenu"';
print '<td class="tmenu"><a '.$class.' '.$idsel.'href="'.$url.'"'.($this->atarget?" target=$this->atarget":"").'>';
print $tabMenu[$i]['titre'];
print '</a></td>';
}
else
{

1
htdocs/langs/en_US/errors.lang
View File

@ -18,6 +18,7 @@ ErrorBadCustomerCodeSyntax=Bad syntax for customer code
ErrorCustomerCodeRequired=Customer code required
ErrorCustomerCodeAlreadyUsed=Customer code already used
ErrorPrefixRequired=Prefix required
ErrorUrlNotValid=The website address is incorrect
ErrorBadSupplierCodeSyntax=Bad syntax for supplier code
ErrorSupplierCodeRequired=Supplier code required
ErrorSupplierCodeAlreadyUsed=Supplier code already used

1
htdocs/langs/fr_FR/errors.lang
View File

@ -18,6 +18,7 @@ ErrorBadCustomerCodeSyntax=La syntaxe du code client est incorrect
ErrorCustomerCodeRequired=Code client obligatoire
ErrorCustomerCodeAlreadyUsed=Code client deja utilise
ErrorPrefixRequired=Prefix obligatoire
ErrorUrlNotValid=L'adresse du site web est incorrect
ErrorBadSupplierCodeSyntax=La syntaxe du code fournisseur est incorrect
ErrorSupplierCodeRequired=Code fournisseur obligatoire
ErrorSupplierCodeAlreadyUsed=Code fournisseur deja utilise

51
htdocs/lib/functions.lib.php
View File

@ -2379,13 +2379,60 @@ function clean_url($url,$http=1)
}
// On passe le nom de domaine en minuscule
$url = eregi_replace('^'.$proto.$domain, $newproto.strtolower($domain), $url);
$CleanUrl = eregi_replace('^'.$proto.$domain, $newproto.strtolower($domain), $url);
return $url;
return $CleanUrl;
}
}
/**
* \brief Url string validation
* \remarks <http[s]> :// [user[:pass]@] hostname [port] [/path] [?getquery] [anchor]
* \param url Url
* \param http 1: verify http, 0: not verify http
* \param pass 1: verify user and pass, 0: not verify user and pass
* \param port 1: verify port, 0: not verify port
* \param path 1: verify path, 0: not verify path
* \param query 1: verify query, 0: not verify query
* \param anchor 1: verify anchor, 0: not verify anchor
* \return string ValidUrl
*/
function valid_url($url,$http=0,$pass=0,$port=0,$path=0,$query=0,$anchor=0)
{
$ValidUrl = 0;
$urlregex = '';
// SCHEME
if ($http) $urlregex .= "^(http:\/\/|https:\/\/)";
// USER AND PASS
if ($pass) $urlregex .= "([a-z0-9+!*(),;?&=\$_.-]+(\:[a-z0-9+!*(),;?&=\$_.-]+)?@)";
// HOSTNAME OR IP
//$urlregex .= "[a-z0-9+\$_-]+(\.[a-z0-9+\$_-]+)*"; // http://x = allowed (ex. http://localhost, http://routerlogin)
//$urlregex .= "[a-z0-9+\$_-]+(\.[a-z0-9+\$_-]+)+"; // http://x.x = minimum
$urlregex .= "([a-z0-9+\$_-]+\.)*[a-z0-9+\$_-]{2,3}"; // http://x.xx(x) = minimum
//use only one of the above
// PORT
if ($port) $urlregex .= "(\:[0-9]{2,5})";
// PATH
if ($path) $urlregex .= "(\/([a-z0-9+\$_-]\.?)+)*\/";
// GET Query
if ($query) $urlregex .= "(\?[a-z+&\$_.-][a-z0-9;:@/&%=+\$_.-]*)";
// ANCHOR
if($anchor) $urlregex .= "(#[a-z_.-][a-z0-9+\$_.-]*)\$";
// check
if (eregi($urlregex, $url))
{
$ValidUrl = 1;
}
return $ValidUrl;
}
/**
* \brief Clean a string from all HTML tags and entities

5
htdocs/societe.class.php
View File

@ -294,6 +294,11 @@ class Societe extends CommonObject
$result = -3;
}
}
if (valid_url($this->url) == 0)
{
$this->errors[] = 'ErrorUrlNotValid';
$result = -4;
}
return $result;
}