function testSanitizers()
{
$this->assertEquals("test.conf", wmeSanitizeConfigFile("test.conf"));
$this->assertEquals("te-st.conf", wmeSanitizeConfigFile("te-st.conf"));
$this->assertEquals("", wmeSanitizeConfigFile("test"));
$this->assertEquals("", wmeSanitizeConfigFile("test.png"));
$this->assertEquals("", wmeSanitizeConfigFile("index.php"));
$this->assertEquals("", wmeSanitizeConfigFile(".htaccess"));
$this->assertEquals("", wmeSanitizeConfigFile("../../conf/apache.conf"));
$this->assertEquals("", wmeSanitizeConfigFile("../../etc/passwd"));
$this->assertEquals("", wmeSanitizeConfigFile("file*.conf"));
$this->assertEquals("fish.ext1", wmeSanitizeFile("fish.ext1", array("ext1", "ext2")));
$this->assertEquals("", wmeSanitizeFile("fish.ext1", array("ext2", "ext3")));
$this->assertEquals("", wmeSanitizeFile("fish", array("ext2", "ext3")));
}
private function validateArgMapFilename($value)
{
if ($value == wmeSanitizeConfigFile($value)) {
return true;
}
return false;
}
function main($request, $from_plugin = false)
{
$mapname = "";
$action = "";
if (isset($request['action'])) {
$action = strtolower(trim($request['action']));
}
if (isset($request['mapname'])) {
$mapname = $request['mapname'];
if ($action == "newmap" || $action == "newmap_copy") {
$mapname .= ".conf";
}
// If there's something funny with the config filename, just stop.
if ($mapname != wmeSanitizeConfigFile($mapname)) {
exit;
}
$this->mapfile = $this->mapDirectory . "/" . $mapname;
$this->mapname = $mapname;
}
if ($mapname == '') {
$this->showStartPage();
} else {
if ($this->validateRequest($action, $request)) {
$editor = new WeatherMapEditor();
$this->setEmbedded($from_plugin);
if (!isset($this->commands[$action]['late_load'])) {
$editor->loadConfig($this->mapfile);
}
$result = $this->dispatchRequest($action, $request, $editor);
if (!isset($this->commands[$action]['no_save'])) {
$editor->saveConfig();
}
if ($result !== false) {
$this->showMainPage($editor);
}
} else {
print "FAIL";
}
}
}
