function testSanitizers() { $this->assertEquals("test.conf", wmeSanitizeConfigFile("test.conf")); $this->assertEquals("te-st.conf", wmeSanitizeConfigFile("te-st.conf")); $this->assertEquals("", wmeSanitizeConfigFile("test")); $this->assertEquals("", wmeSanitizeConfigFile("test.png")); $this->assertEquals("", wmeSanitizeConfigFile("index.php")); $this->assertEquals("", wmeSanitizeConfigFile(".htaccess")); $this->assertEquals("", wmeSanitizeConfigFile("../../conf/apache.conf")); $this->assertEquals("", wmeSanitizeConfigFile("../../etc/passwd")); $this->assertEquals("", wmeSanitizeConfigFile("file*.conf")); $this->assertEquals("fish.ext1", wmeSanitizeFile("fish.ext1", array("ext1", "ext2"))); $this->assertEquals("", wmeSanitizeFile("fish.ext1", array("ext2", "ext3"))); $this->assertEquals("", wmeSanitizeFile("fish", array("ext2", "ext3"))); }
private function validateArgMapFilename($value) { if ($value == wmeSanitizeConfigFile($value)) { return true; } return false; }
function main($request, $from_plugin = false) { $mapname = ""; $action = ""; if (isset($request['action'])) { $action = strtolower(trim($request['action'])); } if (isset($request['mapname'])) { $mapname = $request['mapname']; if ($action == "newmap" || $action == "newmap_copy") { $mapname .= ".conf"; } // If there's something funny with the config filename, just stop. if ($mapname != wmeSanitizeConfigFile($mapname)) { exit; } $this->mapfile = $this->mapDirectory . "/" . $mapname; $this->mapname = $mapname; } if ($mapname == '') { $this->showStartPage(); } else { if ($this->validateRequest($action, $request)) { $editor = new WeatherMapEditor(); $this->setEmbedded($from_plugin); if (!isset($this->commands[$action]['late_load'])) { $editor->loadConfig($this->mapfile); } $result = $this->dispatchRequest($action, $request, $editor); if (!isset($this->commands[$action]['no_save'])) { $editor->saveConfig(); } if ($result !== false) { $this->showMainPage($editor); } } else { print "FAIL"; } } }