From 99e53f6b183efb2da6fdcc9ecf066705541b0e50 Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Fri, 3 Apr 2020 13:12:00 +0200 Subject: [PATCH 1/2] FIX preg_math --- htdocs/api/class/api_setup.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php index 1b619acfeb7..5dbccb69fb4 100644 --- a/htdocs/api/class/api_setup.class.php +++ b/htdocs/api/class/api_setup.class.php @@ -1426,7 +1426,7 @@ class Setup extends DolibarrApi throw new RestException(403, 'Error API open to admin users only or to the login user defined with constant API_LOGIN_ALLOWED_FOR_ADMIN_CHECK'); } - if (! preg_match('/[^a-zA-Z0-9_]/', $confname) || ! isset($conf->global->$confname)) { + if (! preg_match('/[a-zA-Z0-9_]/', $confname) || ! isset($conf->global->$confname)) { throw new RestException(500, 'Error Bad or unknown value for constname'); } if (preg_match('/(_pass|password|secret|_key|key$)/i', $confname)) { From 7818b1515142a38bd9aeaa03531241dce28bd06a Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Sun, 5 Apr 2020 10:50:38 +0200 Subject: [PATCH 2/2] Update api_setup.class.php --- htdocs/api/class/api_setup.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php index 5dbccb69fb4..7b47c59dbb7 100644 --- a/htdocs/api/class/api_setup.class.php +++ b/htdocs/api/class/api_setup.class.php @@ -1426,7 +1426,7 @@ class Setup extends DolibarrApi throw new RestException(403, 'Error API open to admin users only or to the login user defined with constant API_LOGIN_ALLOWED_FOR_ADMIN_CHECK'); } - if (! preg_match('/[a-zA-Z0-9_]/', $confname) || ! isset($conf->global->$confname)) { + if (! preg_match('/^[a-zA-Z0-9_]+$/', $confname) || ! isset($conf->global->$confname)) { throw new RestException(500, 'Error Bad or unknown value for constname'); } if (preg_match('/(_pass|password|secret|_key|key$)/i', $confname)) {