function validateData() { $required = $_GET["required"]; $type = $_GET["type"]; $value = $_GET["value"]; validateRequired($required, $value, $type); switch ($type) { case 'number': validateNumber($value); break; case 'alphanum': validateAlphanum($value); break; case 'alpha': validateAlpha($value); break; case 'date': validateDate($value); break; case 'email': validateEmail($value); break; case 'url': validateUrl($value); case 'all': validateAll($value); break; } }
/** * this functions validates a given value as ErrorDocument * refs #267 * * @param string error-document-string * * @return string error-document-string * */ function correctErrorDocument($errdoc = null) { global $idna_convert; if ($errdoc !== null && $errdoc != '') { // not a URL if (strtoupper(substr($errdoc, 0, 5)) != 'HTTP:' && strtoupper(substr($errdoc, 0, 6)) != 'HTTPS:' || !validateUrl($errdoc)) { // a file if (substr($errdoc, 0, 1) != '"') { $errdoc = makeCorrectFile($errdoc); // apache needs a starting-slash (starting at the domains-docroot) if (!substr($errdoc, 0, 1) == '/') { $errdoc = '/' . $errdoc; } } else { // string won't work for lighty if (Settings::Get('system.webserver') == 'lighttpd') { standard_error('stringerrordocumentnotvalidforlighty'); } elseif (substr($errdoc, -1) != '"') { $errdoc .= '"'; } } } else { if (Settings::Get('system.webserver') == 'lighttpd') { standard_error('urlerrordocumentnotvalidforlighty'); } } } return $errdoc; }
function fitsUrl($url) { if (!preg_match('/^(ftp|http|https):\\/\\//', $url)) { $url = 'http://' . $url; } if (!validateUrl($url)) { return FALSE; } return $url; }
/** * This file is part of the SysCP project. * Copyright (c) 2003-2009 the SysCP Team (see authors). * * For the full copyright and license information, please view the COPYING * file that was distributed with this source code. You can also view the * COPYING file online at http://files.syscp.org/misc/COPYING.txt * * @copyright (c) the authors * @author Florian Lippert <*****@*****.**> * @license GPLv2 http://files.syscp.org/misc/COPYING.txt * @package Functions * @version $Id$ */ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue) { if (isset($fielddata['string_delimiter']) && $fielddata['string_delimiter'] != '') { $newfieldvalues = explode($fielddata['string_delimiter'], $newfieldvalue); unset($fielddata['string_delimiter']); $returnvalue = true; foreach ($newfieldvalues as $single_newfieldvalue) { $single_returnvalue = validateFormFieldString($fieldname, $fielddata, $single_newfieldvalue); if ($single_returnvalue !== true) { $returnvalue = $single_returnvalue; break; } } } else { $returnvalue = false; if (isset($fielddata['string_type']) && $fielddata['string_type'] == 'mail') { $returnvalue = filter_var($newfieldvalue, FILTER_VALIDATE_EMAIL) == $newfieldvalue; } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'url') { $returnvalue = validateUrl($newfieldvalue); } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'dir') { $returnvalue = $newfieldvalue == makeCorrectDir($newfieldvalue); } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'file') { $returnvalue = $newfieldvalue == makeCorrectFile($newfieldvalue); } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'filedir') { $returnvalue = $newfieldvalue == makeCorrectDir($newfieldvalue) || $newfieldvalue == makeCorrectFile($newfieldvalue); } elseif (preg_match('/^[^\\r\\n\\t\\f\\0]*$/D', $newfieldvalue)) { $returnvalue = true; } if (isset($fielddata['string_regexp']) && $fielddata['string_regexp'] != '') { if (preg_match($fielddata['string_regexp'], $newfieldvalue)) { $returnvalue = true; } else { $returnvalue = false; } } if (isset($fielddata['string_emptyallowed']) && $fielddata['string_emptyallowed'] === true && $newfieldvalue === '') { $returnvalue = true; } elseif (isset($fielddata['string_emptyallowed']) && $fielddata['string_emptyallowed'] === false && $newfieldvalue === '') { $returnvalue = 'stringmustntbeempty'; } } if ($returnvalue === true) { return true; } elseif ($returnvalue === false) { return 'stringformaterror'; } else { return $returnvalue; } }
function servicegroup_validate($app, $deployment, $serviceGroupsInfo) { foreach ($serviceGroupsInfo as $key => $value) { switch ($key) { case "notes": validateForbiddenChars($app, $deployment, '/[^\\w.-\\s]/s', $key, $value); break; case "notes_url": case "action_url": validateUrl($app, $deployment, $key, $value); break; default: break; } } return $serviceGroupsInfo; }
inserttask('1'); // Using nameserver, insert a task which rebuilds the server config inserttask('4'); } redirectTo($filename, array('page' => $page, 's' => $s)); } } else { $result['domain'] = $idna_convert->decode($result['domain']); $domains = makeoption($lng['domains']['noaliasdomain'], 0, $result['aliasdomain'], true); // also check ip/port combination to be the same, #176 $domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d` , `" . TABLE_PANEL_CUSTOMERS . "` `c` , `" . TABLE_DOMAINTOIP . "` `dip`\n\t\t\t\t\tWHERE `d`.`aliasdomain` IS NULL\n\t\t\t\t\tAND `d`.`id` <> :id\n\t\t\t\t\tAND `c`.`standardsubdomain` <> `d`.`id`\n\t\t\t\t\tAND `d`.`parentdomainid` = '0'\n\t\t\t\t\tAND `d`.`customerid` = :customerid\n\t\t\t\t\tAND `c`.`customerid` = `d`.`customerid`\n\t\t\t\t\tAND `d`.`id` = `dip`.`id_domain`\n\t\t\t\t\tAND `dip`.`id_ipandports`\n\t\t\t\t\tIN (SELECT `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "`\n\t\t\t\t\t\tWHERE `id_domain` = :id)\n\t\t\t\t\tGROUP BY `d`.`id`, `d`.`domain`\n\t\t\t\t\tORDER BY `d`.`domain` ASC"); Database::pexecute($domains_stmt, array("id" => $result['id'], "customerid" => $userinfo['customerid'])); while ($row_domain = $domains_stmt->fetch(PDO::FETCH_ASSOC)) { $domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']); } if (preg_match('/^https?\\:\\/\\//', $result['documentroot']) && validateUrl($result['documentroot'])) { if (Settings::Get('panel.pathedit') == 'Dropdown') { $urlvalue = $result['documentroot']; $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']); } else { $urlvalue = ''; $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $result['documentroot'], true); } } else { $urlvalue = ''; $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $result['documentroot']); } $redirectcode = ''; if (Settings::Get('customredirect.enabled') == '1') { $def_code = getDomainRedirectId($id); $codes = getRedirectCodesArray();
inserttask('1'); // Using nameserver, insert a task which rebuilds the server config inserttask('4'); } redirectTo($filename, array('page' => $page, 's' => $s)); } } else { $result['domain'] = $idna_convert->decode($result['domain']); $domains = makeoption($lng['domains']['noaliasdomain'], 0, $result['aliasdomain'], true); // also check ip/port combination to be the same, #176 $domains_stmt = Database::prepare("SELECT `d`.`id`, `d`.`domain` FROM `" . TABLE_PANEL_DOMAINS . "` `d` , `" . TABLE_PANEL_CUSTOMERS . "` `c` , `" . TABLE_DOMAINTOIP . "` `dip`\n\t\t\t\t\tWHERE `d`.`aliasdomain` IS NULL\n\t\t\t\t\tAND `d`.`id` <> :id\n\t\t\t\t\tAND `c`.`standardsubdomain` <> `d`.`id`\n\t\t\t\t\tAND `d`.`parentdomainid` = '0'\n\t\t\t\t\tAND `d`.`customerid` = :customerid\n\t\t\t\t\tAND `c`.`customerid` = `d`.`customerid`\n\t\t\t\t\tAND `d`.`id` = `dip`.`id_domain`\n\t\t\t\t\tAND `dip`.`id_ipandports`\n\t\t\t\t\tIN (SELECT `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "`\n\t\t\t\t\t\tWHERE `id_domain` = :id)\n\t\t\t\t\tGROUP BY `d`.`domain`\n\t\t\t\t\tORDER BY `d`.`domain` ASC"); Database::pexecute($domains_stmt, array("id" => $result['id'], "customerid" => $userinfo['customerid'])); while ($row_domain = $domains_stmt->fetch(PDO::FETCH_ASSOC)) { $domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']); } if (preg_match('/^https?\\:\\/\\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot']))) { if (Settings::Get('panel.pathedit') == 'Dropdown') { $urlvalue = $result['documentroot']; $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid']); } else { $urlvalue = ''; $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $result['documentroot'], true); } } else { $urlvalue = ''; $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $result['documentroot']); } $redirectcode = ''; if (Settings::Get('customredirect.enabled') == '1') { $def_code = getDomainRedirectId($id); $codes = getRedirectCodesArray();
protected function create_pathOptions($domain) { $result_stmt = Database::prepare("\n\t\t\tSELECT * FROM " . TABLE_PANEL_HTACCESS . "\n\t\t\tWHERE `path` LIKE :docroot\n\t\t"); Database::pexecute($result_stmt, array('docroot' => $domain['documentroot'] . '%')); $path_options = ''; $error_string = ''; while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if (!empty($row['error404path'])) { $defhandler = $row['error404path']; if (!validateUrl($defhandler)) { $defhandler = makeCorrectFile($domain['documentroot'] . '/' . $defhandler); } $error_string .= ' server.error-handler-404 = "' . $defhandler . '"' . "\n\n"; } if ($row['options_indexes'] != '0') { if (!empty($error_string)) { $path_options .= $error_string; // reset $error_string here to prevent duplicate entries $error_string = ''; } $path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1)); mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']); // We need to remove the last slash, otherwise the regex wouldn't work if ($row['path'] != $domain['documentroot']) { $path = substr($path, 0, -1); } $path_options .= ' $HTTP["url"] =~ "^' . $path . '($|/)" {' . "\n"; $path_options .= "\t" . 'dir-listing.activate = "enable"' . "\n"; $path_options .= ' }' . "\n\n"; } else { $path_options = $error_string; } if (customerHasPerlEnabled($domain['customerid']) && $row['options_cgi'] != '0') { $path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1)); mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']); // We need to remove the last slash, otherwise the regex wouldn't work if ($row['path'] != $domain['documentroot']) { $path = substr($path, 0, -1); } $path_options .= ' $HTTP["url"] =~ "^' . $path . '($|/)" {' . "\n"; $path_options .= "\t" . 'cgi.assign = (' . "\n"; $path_options .= "\t\t" . '".pl" => "' . makeCorrectFile(Settings::Get('system.perl_path')) . '",' . "\n"; $path_options .= "\t\t" . '".cgi" => "' . makeCorrectFile(Settings::Get('system.perl_path')) . '"' . "\n"; $path_options .= "\t" . ')' . "\n"; $path_options .= ' }' . "\n\n"; } } return $path_options; }
protected function create_pathOptions($domain) { $has_location = false; $result_stmt = Database::prepare("\n\t\t\tSELECT * FROM " . TABLE_PANEL_HTACCESS . "\n\t\t\tWHERE `path` LIKE :docroot\n\t\t"); Database::pexecute($result_stmt, array('docroot' => $domain['documentroot'] . '%')); $path_options = ''; $htpasswds = $this->getHtpasswds($domain); // for each entry in the htaccess table while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if (!empty($row['error404path'])) { $defhandler = $row['error404path']; if (!validateUrl($defhandler)) { $defhandler = makeCorrectFile($defhandler); } $path_options .= "\t" . 'error_page 404 ' . $defhandler . ';' . "\n"; } if (!empty($row['error403path'])) { $defhandler = $row['error403path']; if (!validateUrl($defhandler)) { $defhandler = makeCorrectFile($defhandler); } $path_options .= "\t" . 'error_page 403 ' . $defhandler . ';' . "\n"; } if (!empty($row['error500path'])) { $defhandler = $row['error500path']; if (!validateUrl($defhandler)) { $defhandler = makeCorrectFile($defhandler); } $path_options .= "\t" . 'error_page 500 502 503 504 ' . $defhandler . ';' . "\n"; } // if ($row['options_indexes'] != '0') { $path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1)); mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']); $path_options .= "\t" . '# ' . $path . "\n"; if ($path == '/') { if ($row['options_indexes'] != '0') { $this->vhost_root_autoindex = true; } $path_options .= "\t" . 'location ' . $path . ' {' . "\n"; if ($this->vhost_root_autoindex) { $path_options .= "\t\t" . 'autoindex on;' . "\n"; $this->vhost_root_autoindex = false; } else { $path_options .= "\t\t" . 'index index.php index.html index.htm;' . "\n"; } // $path_options.= "\t\t" . 'try_files $uri $uri/ @rewrites;'."\n"; // check if we have a htpasswd for this path // (damn nginx does not like more than one // 'location'-part with the same path) if (count($htpasswds) > 0) { foreach ($htpasswds as $idx => $single) { switch ($single['path']) { case '/awstats/': case '/webalizer/': // no stats-alias in "location /"-context break; default: if ($single['path'] == '/') { $path_options .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n"; $path_options .= "\t\t" . 'auth_basic_user_file ' . makeCorrectFile($single['usrf']) . ';' . "\n"; // remove already used entries so we do not have doubles unset($htpasswds[$idx]); } } } } $path_options .= "\t" . '}' . "\n"; $this->vhost_root_autoindex = false; } else { $path_options .= "\t" . 'location ' . $path . ' {' . "\n"; if ($this->vhost_root_autoindex || $row['options_indexes'] != '0') { $path_options .= "\t\t" . 'autoindex on;' . "\n"; $this->vhost_root_autoindex = false; } else { $path_options .= "\t\t" . 'index index.php index.html index.htm;' . "\n"; } $path_options .= "\t" . '} ' . "\n"; } // } /** * Perl support * required the fastCGI wrapper to be running to receive the CGI requests. */ if (customerHasPerlEnabled($domain['customerid']) && $row['options_cgi'] != '0') { $path = makeCorrectDir(substr($row['path'], strlen($domain['documentroot']) - 1)); mkDirWithCorrectOwnership($domain['documentroot'], $row['path'], $domain['guid'], $domain['guid']); // We need to remove the last slash, otherwise the regex wouldn't work if ($row['path'] != $domain['documentroot']) { $path = substr($path, 0, -1); } $path_options .= "\t" . 'location ~ \\(.pl|.cgi)$ {' . "\n"; $path_options .= "\t\t" . 'gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped' . "\n"; $path_options .= "\t\t" . 'fastcgi_pass ' . Settings::Get('system.perl_server') . ';' . "\n"; $path_options .= "\t\t" . 'fastcgi_index index.cgi;' . "\n"; $path_options .= "\t\t" . 'include ' . Settings::Get('nginx.fastcgiparams') . ';' . "\n"; $path_options .= "\t" . '}' . "\n"; } } // now the rest of the htpasswds if (count($htpasswds) > 0) { foreach ($htpasswds as $idx => $single) { //if ($single['path'] != '/') { switch ($single['path']) { case '/awstats/': case '/webalizer/': $path_options .= $this->getStats($domain, $single); unset($htpasswds[$idx]); break; default: $path_options .= "\t" . 'location ' . makeCorrectDir($single['path']) . ' {' . "\n"; $path_options .= "\t\t" . 'auth_basic "' . $single['authname'] . '";' . "\n"; $path_options .= "\t\t" . 'auth_basic_user_file ' . makeCorrectFile($single['usrf']) . ';' . "\n"; $path_options .= "\t" . '}' . "\n"; } //} unset($htpasswds[$idx]); } } return $path_options; }
if (isset($_POST['send']) && $_POST['send'] == 'send') { $option_indexes = intval($_POST['options_indexes']); if ($option_indexes != '1') { $option_indexes = '0'; } if ($_POST['error404path'] === '' || validateUrl($idna_convert->encode($_POST['error404path']))) { $error404path = $_POST['error404path']; } else { standard_error('mustbeurl'); } if ($_POST['error403path'] === '' || validateUrl($idna_convert->encode($_POST['error403path']))) { $error403path = $_POST['error403path']; } else { standard_error('mustbeurl'); } if ($_POST['error500path'] === '' || validateUrl($idna_convert->encode($_POST['error500path']))) { $error500path = $_POST['error500path']; } else { standard_error('mustbeurl'); } if ($option_indexes != $result['options_indexes'] || $error404path != $result['error404path'] || $error403path != $result['error403path'] || $error500path != $result['error500path']) { inserttask('1'); $db->query('UPDATE `' . TABLE_PANEL_HTACCESS . '` SET `options_indexes` = "' . $db->escape($option_indexes) . '", `error404path` = "' . $db->escape($error404path) . '", `error403path` = "' . $db->escape($error403path) . '", `error500path` = "' . $db->escape($error500path) . '" WHERE `customerid` = "' . (int) $userinfo['customerid'] . '" AND `id` = "' . (int) $id . '"'); $log->logAction(USR_ACTION, LOG_INFO, "edited htaccess for '" . str_replace($userinfo['documentroot'], '', $result['path']) . "'"); } redirectTo($filename, array('page' => $page, 's' => $s)); } else { if (strpos($result['path'], $userinfo['documentroot']) === 0) { $result['path'] = substr($result['path'], strlen($userinfo['documentroot'])); } $result['error404path'] = $result['error404path'];
function validateType($target, $value, $type) { switch ($type) { case "boolean": return is_bool($value); break; case "int": return is_int($value); break; case "float": return is_float($value); break; case "hex": return ctype_xdigit($value); break; case "string": return validateString($target, $value); break; case "date": global $date_format; return dateFormat($value, $date_format, ""); break; case "hour": return validateHour($value); break; case "url": return validateUrl($value); break; case "email": return validateEmail($value); break; default: return false; } }
function service_validate($app, $deployment, $serviceInfo) { foreach ($serviceInfo as $key => $value) { switch ($key) { case "use": case "check_period": case "notification_period": case "icon_image": validateForbiddenChars($app, $deployment, '/[^\\w.-]/s', $key, $value); break; case "contacts": case "contact_groups": case "servicegroups": if (is_array($value)) { $value = implode(',', $value); } validateForbiddenChars($app, $deployment, '/[^\\w.-]/s', $key, $value); break; case "is_volatile": case "active_checks_enabled": case "passive_checks_enabled": case "obsess_over_service": case "check_freshness": case "event_handler_enabled": case "flap_detection_enabled": case "parallelize_check": case "process_perf_data": case "retain_status_information": case "retain_nonstatus_information": case "notifications_enabled": validateBinary($app, $deployment, $key, $value); break; case "check_command": case "event_handler": validateForbiddenChars($app, $deployment, '/[^\\w.-$\\/]/s', $key, $value); break; case "initial_state": $opts = validateOptions($app, $deployment, $key, $value, array('o', 'w', 'u', 'c'), true); $serviceInfo[$key] = $opts; break; case "max_check_attempts": validateInterval($app, $deployment, $key, $value, 1, 20); break; case "check_interval": validateInterval($app, $deployment, $key, $value, 1, 1440); break; case "retry_interval": validateInterval($app, $deployment, $key, $value, 1, 720); break; case "freshness_threshold": validateInterval($app, $deployment, $key, $value, 0, 86400); break; case "low_flap_threshold": validateInterval($app, $deployment, $key, $value, 0, 99); break; case "high_flap_threshold": validateInterval($app, $deployment, $key, $value, 0, 100); break; case "flap_detection_options": $opts = validateOptions($app, $deployment, $key, $value, array('o', 'w', 'c', 'u'), true); $serviceInfo[$key] = $opts; break; case "notification_interval": case "first_notification_delay": validateInterval($app, $deployment, $key, $value, 0, 1440); break; case "notification_options": $opts = validateOptions($app, $deployment, $key, $value, array('w', 'u', 'c', 'r', 'f', 's'), true); $serviceInfo[$key] = $opts; break; case "stalking_options": $opts = validateOptions($app, $deployment, $key, $value, array('o', 'w', 'u', 'c'), true); $serviceInfo[$key] = $opts; break; case "icon_image_alt": case "notes": validateForbiddenChars($app, $deployment, '/[^\\w.-\\s]/s', $key, $value); break; case "notes_url": case "action_url": validateUrl($app, $deployment, $key, $value); break; default: break; } } // We never want to see single threaded checks running, force this... if (!isset($serviceInfo['parallelize_check']) || empty($serviceInfo['parallelize_check'])) { $serviceInfo['parallelize_check'] = 1; } return $serviceInfo; }
/** * We compose the diroption entries for the paths */ public function createFileDirOptions() { $result_stmt = Database::query("\n\t\t\tSELECT `htac`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot`\n\t\t\tFROM `" . TABLE_PANEL_HTACCESS . "` `htac`\n\t\t\tLEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING (`customerid`)\n\t\t\tORDER BY `htac`.`path`\n\t\t"); $diroptions = array(); while ($row_diroptions = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if ($row_diroptions['customerid'] != 0 && isset($row_diroptions['customerroot']) && $row_diroptions['customerroot'] != '') { $diroptions[$row_diroptions['path']] = $row_diroptions; $diroptions[$row_diroptions['path']]['htpasswds'] = array(); } } $result_stmt = Database::query("\n\t\t\tSELECT `htpw`.*, `c`.`guid`, `c`.`documentroot` AS `customerroot`\n\t\t\tFROM `" . TABLE_PANEL_HTPASSWDS . "` `htpw`\n\t\t\tLEFT JOIN `" . TABLE_PANEL_CUSTOMERS . "` `c` USING (`customerid`)\n\t\t\tORDER BY `htpw`.`path`, `htpw`.`username`\n\t\t"); while ($row_htpasswds = $result_stmt->fetch(PDO::FETCH_ASSOC)) { if ($row_htpasswds['customerid'] != 0 && isset($row_htpasswds['customerroot']) && $row_htpasswds['customerroot'] != '') { if (!isset($diroptions[$row_htpasswds['path']]) || !is_array($diroptions[$row_htpasswds['path']])) { $diroptions[$row_htpasswds['path']] = array(); } $diroptions[$row_htpasswds['path']]['path'] = $row_htpasswds['path']; $diroptions[$row_htpasswds['path']]['guid'] = $row_htpasswds['guid']; $diroptions[$row_htpasswds['path']]['customerroot'] = $row_htpasswds['customerroot']; $diroptions[$row_htpasswds['path']]['customerid'] = $row_htpasswds['customerid']; $diroptions[$row_htpasswds['path']]['htpasswds'][] = $row_htpasswds; } } foreach ($diroptions as $row_diroptions) { $row_diroptions['path'] = makeCorrectDir($row_diroptions['path']); mkDirWithCorrectOwnership($row_diroptions['customerroot'], $row_diroptions['path'], $row_diroptions['guid'], $row_diroptions['guid']); $diroptions_filename = makeCorrectFile(Settings::Get('system.apacheconf_diroptions') . '/40_froxlor_diroption_' . md5($row_diroptions['path']) . '.conf'); if (!isset($this->diroptions_data[$diroptions_filename])) { $this->diroptions_data[$diroptions_filename] = ''; } if (is_dir($row_diroptions['path'])) { $cperlenabled = customerHasPerlEnabled($row_diroptions['customerid']); $this->diroptions_data[$diroptions_filename] .= '<Directory "' . $row_diroptions['path'] . '">' . "\n"; if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' Options +Indexes'; // add perl options if enabled if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n"; } else { $this->diroptions_data[$diroptions_filename] .= "\n"; } fwrite($this->debugHandler, ' cron_tasks: Task3 - Setting Options +Indexes' . "\n"); } if (isset($row_diroptions['options_indexes']) && $row_diroptions['options_indexes'] == '0') { $this->diroptions_data[$diroptions_filename] .= ' Options -Indexes'; // add perl options if enabled if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks' . "\n"; } else { $this->diroptions_data[$diroptions_filename] .= "\n"; } fwrite($this->debugHandler, ' cron_tasks: Task3 - Setting Options -Indexes' . "\n"); } $statusCodes = array('404', '403', '500'); foreach ($statusCodes as $statusCode) { if (isset($row_diroptions['error' . $statusCode . 'path']) && $row_diroptions['error' . $statusCode . 'path'] != '') { $defhandler = $row_diroptions['error' . $statusCode . 'path']; if (!validateUrl($defhandler)) { if (substr($defhandler, 0, 1) != '"' && substr($defhandler, -1, 1) != '"') { $defhandler = '"' . makeCorrectFile($defhandler) . '"'; } } $this->diroptions_data[$diroptions_filename] .= ' ErrorDocument ' . $statusCode . ' ' . $defhandler . "\n"; } } if ($cperlenabled && isset($row_diroptions['options_cgi']) && $row_diroptions['options_cgi'] == '1') { $this->diroptions_data[$diroptions_filename] .= ' AllowOverride None' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AddHandler cgi-script .cgi .pl' . "\n"; // >=apache-2.4 enabled? if (Settings::Get('system.apache24') == '1') { $mypath_dir = new frxDirectory($row_diroptions['path']); // only create the require all granted if there is not active directory-protection // for this path, as this would be the first require and therefore grant all access if ($mypath_dir->isUserProtected() == false) { $this->diroptions_data[$diroptions_filename] .= ' Require all granted' . "\n"; } } else { $this->diroptions_data[$diroptions_filename] .= ' Order allow,deny' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' Allow from all' . "\n"; } fwrite($this->debugHandler, ' cron_tasks: Task3 - Enabling perl execution' . "\n"); // check for suexec-workaround, #319 if ((int) Settings::Get('perl.suexecworkaround') == 1) { // symlink this directory to suexec-safe-path $loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname'); $suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/'); if (!file_exists($suexecpath)) { safe_exec('mkdir -p ' . escapeshellarg($suexecpath)); safe_exec('chown -R ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($suexecpath)); } // symlink to {$givenpath}/cgi-bin // NOTE: symlinks are FILES, so do not append a / here $perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin'); if (!file_exists($perlsymlink)) { safe_exec('ln -s ' . escapeshellarg($suexecpath) . ' ' . escapeshellarg($perlsymlink)); } safe_exec('chown ' . escapeshellarg($row_diroptions['guid']) . ':' . escapeshellarg($row_diroptions['guid']) . ' ' . escapeshellarg($perlsymlink)); } } else { // if no perl-execution is enabled but the workaround is, // we have to remove the symlink and folder in suexecpath if ((int) Settings::Get('perl.suexecworkaround') == 1) { $loginname = getCustomerDetail($row_diroptions['customerid'], 'loginname'); $suexecpath = makeCorrectDir(Settings::Get('perl.suexecpath') . '/' . $loginname . '/' . md5($row_diroptions['path']) . '/'); $perlsymlink = makeCorrectFile($row_diroptions['path'] . '/cgi-bin'); // remove symlink if (file_exists($perlsymlink)) { safe_exec('rm -f ' . escapeshellarg($perlsymlink)); } // remove folder in suexec-path if (file_exists($suexecpath)) { safe_exec('rm -rf ' . escapeshellarg($suexecpath)); } } } if (count($row_diroptions['htpasswds']) > 0) { $htpasswd_filename = makeCorrectFile(Settings::Get('system.apacheconf_htpasswddir') . '/' . $row_diroptions['customerid'] . '-' . md5($row_diroptions['path']) . '.htpasswd'); if (!isset($this->htpasswds_data[$htpasswd_filename])) { $this->htpasswds_data[$htpasswd_filename] = ''; } foreach ($row_diroptions['htpasswds'] as $row_htpasswd) { $this->htpasswds_data[$htpasswd_filename] .= $row_htpasswd['username'] . ':' . $row_htpasswd['password'] . "\n"; } $this->diroptions_data[$diroptions_filename] .= ' AuthType Basic' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AuthName "' . $row_htpasswd['authname'] . '"' . "\n"; $this->diroptions_data[$diroptions_filename] .= ' AuthUserFile ' . $htpasswd_filename . "\n"; $this->diroptions_data[$diroptions_filename] .= ' require valid-user' . "\n"; } $this->diroptions_data[$diroptions_filename] .= '</Directory>' . "\n"; } } }
<?php if (isset($_POST['url'])){ $url = urldecode($_POST['url']); //Validate the URL if ( validateUrl($url) ){ //Append http to the url if it's not already there if ( substr($url,0,7) != 'http://') $url = 'http://' . $url; //Fetch the redirects list $redirects = redirects($url); //Prepare the list of redirects for display $output = "<ul class='redirects'>"; //Append each redirect to the list $i = 1; //Used to count redirects foreach ( $redirects as $redirect ){ $output .= "<li>" . "<h2>Step " . $i . "</h2>" . "<div class='location'>" . $redirect['location'] . "<a href='" . $redirect['location'] . "' rel='nofollow' target='_blank' title='Visit this link'><img class='externallink' src='external-link.gif'/></a></div>" . "<div class='response'>" . $redirect['response'] . "</div>" . "<div class='floatfix'></div>" . "</li>"; $i++; } $output .= "</ul>"; $output .= "<p class='subtle'>This is the path web browsers and search engine crawlers follow to get to the page. The response code tells search engines where the content went. Beware of URL's that lead to nowhere and make sure permanently redirected content uses the 301 Moved Permanently response code so that search engines know which URL to index.</p>"; }
var_dump($isValidUrl()); var_dump($isValidUrl->isValid()); echo '</pre>'; } $url = 'http://google.com'; validateUrl($url); // true $url = 'http:/google.com'; validateUrl($url); // false $url = 'www.google.com'; validateUrl($url); // false $url = 'http://192.168.2.0'; validateUrl($url); // true $url = 'http://mail.google.com'; validateUrl($url); // true $url = 'http://www.google.com'; validateUrl($url); // true $url = 'http://www'; validateUrl($url); // true $url = 'http://www.com'; validateUrl($url); // true $url = 'http://www.türsteher.de'; validateUrl($url);
/** * This file is part of the Froxlor project. * Copyright (c) 2003-2009 the SysCP Team (see authors). * Copyright (c) 2010 the Froxlor Team (see authors). * * For the full copyright and license information, please view the COPYING * file that was distributed with this source code. You can also view the * COPYING file online at http://files.froxlor.org/misc/COPYING.txt * * @copyright (c) the authors * @author Florian Lippert <*****@*****.**> (2003-2009) * @author Froxlor team <*****@*****.**> (2010-) * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt * @package Functions * */ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue) { if (isset($fielddata['string_delimiter']) && $fielddata['string_delimiter'] != '') { $newfieldvalues = explode($fielddata['string_delimiter'], $newfieldvalue); unset($fielddata['string_delimiter']); $returnvalue = true; foreach ($newfieldvalues as $single_newfieldvalue) { /** * don't use tabs in value-fields, #81 */ $single_newfieldvalue = str_replace("\t", " ", $single_newfieldvalue); $single_returnvalue = validateFormFieldString($fieldname, $fielddata, $single_newfieldvalue); if ($single_returnvalue !== true) { $returnvalue = $single_returnvalue; break; } } } else { $returnvalue = false; /** * don't use tabs in value-fields, #81 */ $newfieldvalue = str_replace("\t", " ", $newfieldvalue); if (isset($fielddata['string_type']) && $fielddata['string_type'] == 'mail') { $returnvalue = filter_var($newfieldvalue, FILTER_VALIDATE_EMAIL) == $newfieldvalue; } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'url') { $returnvalue = validateUrl($newfieldvalue); } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'dir') { // add trailing slash to validate path if needed // refs #331 if (substr($newfieldvalue, -1) != '/') { $newfieldvalue .= '/'; } $returnvalue = $newfieldvalue == makeCorrectDir($newfieldvalue); } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'file') { $returnvalue = $newfieldvalue == makeCorrectFile($newfieldvalue); } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'filedir') { $returnvalue = $newfieldvalue == makeCorrectDir($newfieldvalue) || $newfieldvalue == makeCorrectFile($newfieldvalue); } elseif (preg_match('/^[^\\r\\n\\t\\f\\0]*$/D', $newfieldvalue)) { $returnvalue = true; } if (isset($fielddata['string_regexp']) && $fielddata['string_regexp'] != '') { if (preg_match($fielddata['string_regexp'], $newfieldvalue)) { $returnvalue = true; } else { $returnvalue = false; } } if (isset($fielddata['string_emptyallowed']) && $fielddata['string_emptyallowed'] === true && $newfieldvalue === '') { $returnvalue = true; } elseif (isset($fielddata['string_emptyallowed']) && $fielddata['string_emptyallowed'] === false && $newfieldvalue === '') { $returnvalue = 'stringmustntbeempty'; } } if ($returnvalue === true) { return true; } elseif ($returnvalue === false) { return 'stringformaterror'; } else { return $returnvalue; } }
<head> <meta charset="UTF-8"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css"><!-- css style sheet --> <title></title> </head> <body> <header><h1>Url Finder by Site Given</h1></header> <?php include_once './functions/dbconnect.php'; //includes include_once './functions/until.php'; include './functions/validation.php'; include './functions/Curl.php'; if (isPostRequest() === TRUE) { //check if there was a post request to display correct information $isValidUrl = validateUrl(); //if there is a post request validate url $isValidUrlInDB = doesExistInDB(); //check if this url is already in the database if ($isValidUrl === TRUE && $isValidUrlInDB === FALSE) { $output = specialOPCurl(); $htmlMatch = array(); $urlRegEx = "/(https?:\\/\\/[\\da-z\\.-]+\\.[a-z\\.]{2,6}[\\/\\w \\.-]+)/"; //grab all urls on page and store in a string variable $ExtractedHtml = filter_input(INPUT_POST, 'ExtractedHtml'); //extract urls and store in an array preg_match_all($urlRegEx, $output, $htmlMatch); //remove duplicates from array $finalMatches = array_unique($htmlMatch[0]); $url = filter_input(INPUT_POST, 'URL'); $db = dbconnect();
function hosttemplate_validate($app, $deployment, $hostTemplateInfo) { foreach ($hostTemplateInfo as $key => $value) { switch ($key) { case "check_command": validateForbiddenChars($app, $deployment, '/[^\\w.-$\\/]/s', $key, $value); break; case "initial_state": $opts = validateOptions($app, $deployment, $key, $value, array('o', 'd', 'u'), true); $hostTemplateInfo[$key] = $opts; break; case "max_check_attempts": validateInterval($app, $deployment, $key, $value, 1, 20); break; case "check_interval": case "notification_interval": case "first_notification_delay": validateInterval($app, $deployment, $key, $value, 1, 1440); break; case "retry_interval": validateInterval($app, $deployment, $key, $value, 1, 720); break; case "active_checks_enabled": case "passive_checks_enabled": case "obsess_over_host": case "check_freshness": case "event_handler_enabled": case "flap_detection_enabled": case "process_perf_data": case "retain_status_information": case "retain_nonstatus_information": case "notifications_enabled": validateBinary($app, $deployment, $key, $value); break; case "check_period": case "event_handler": case "notification_period": case "icon_image": case "vrml_image": case "statusmap_image": case "use": validateForbiddenChars($app, $deployment, '/[^\\w.-]/s', $key, $value); break; case "freshness_threshold": validateInterval($app, $deployment, $key, $value, 0, 86400); break; case "low_flap_threshold": validateInterval($app, $deployment, $key, $value, 0, 99); break; case "high_flap_threshold": validateInterval($app, $deployment, $key, $value, 0, 100); break; case "flap_detection_options": $opts = validateOptions($app, $deployment, $key, $value, array('o', 'd', 'u'), true); $hostTemplateInfo[$key] = $opts; break; case "notification_options": $opts = validateOptions($app, $deployment, $key, $value, array('d', 'u', 'r', 'f', 's'), true); $hostTemplateInfo[$key] = $opts; break; case "stalking_options": $opts = validateOptions($app, $deployment, $key, $value, array('o', 'd', 'u'), true); $hostTemplateInfo[$key] = $opts; break; case "notes_url": case "action_url": validateUrl($app, $deployment, $key, $value); break; case "icon_image_alt": case "notes": validateForbiddenChars($app, $deployment, '/[^\\w.-\\s]/s', $key, $value); break; case "hostgroups": case "parents": if (is_array($value)) { $value = implode(',', $value); } validateForbiddenChars($app, $deployment, '/[^\\w.-]/s', $key, $value); break; default: break; } } // Don't register since we are a template $hostTemplateInfo['register'] = 0; return $hostTemplateInfo; }
if ($pos !== false && $url[$pos - 1] !== '&') { return substr_replace($url, '&key=', $pos, strlen('key=')); } return $url; } $calendar = array_get($_GET, "calendar"); if ($calendar) { if (isset($_GET["base64"])) { $fbCal = base64_decode($calendar); } else { $fbCal = urldecode($calendar); } if (strpos($fbCal, 'webcal') === 0) { $fbCal = substr_replace($fbCal, "https", 0, strlen('webcal')); } validateUrl($fbCal); $fbCal = addAmpersandIfMissing($fbCal); // Facebook blocks requests without user agent $content = @file_get_contents($fbCal, false, stream_context_create(['http' => ['header' => "User-Agent: eventcal.flown.io\r\n"]])); if ($content === false) { http_response_code(400); die("Could not fetch calendar"); } if (strpos($content, 'BEGIN:VCALENDAR') !== 0) { http_response_code(400); die("Calendar not valid. Facebook error: " . $content); } foreach (status() as $status) { $content = removeEvents($content, $status); } $content = fixFields($content);
/** * This file is part of the Froxlor project. * Copyright (c) 2003-2009 the SysCP Team (see authors). * Copyright (c) 2010 the Froxlor Team (see authors). * * For the full copyright and license information, please view the COPYING * file that was distributed with this source code. You can also view the * COPYING file online at http://files.froxlor.org/misc/COPYING.txt * * @copyright (c) the authors * @author Florian Lippert <*****@*****.**> (2003-2009) * @author Froxlor team <*****@*****.**> (2010-) * @license GPLv2 http://files.froxlor.org/misc/COPYING.txt * @package Functions * */ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue) { if (isset($fielddata['string_delimiter']) && $fielddata['string_delimiter'] != '') { $newfieldvalues = array_map('trim', explode($fielddata['string_delimiter'], $newfieldvalue)); unset($fielddata['string_delimiter']); $returnvalue = true; foreach ($newfieldvalues as $single_newfieldvalue) { /** * don't use tabs in value-fields, #81 */ $single_newfieldvalue = str_replace("\t", " ", $single_newfieldvalue); $single_returnvalue = validateFormFieldString($fieldname, $fielddata, $single_newfieldvalue); if ($single_returnvalue !== true) { $returnvalue = $single_returnvalue; break; } } } else { $returnvalue = false; /** * don't use tabs in value-fields, #81 */ $newfieldvalue = str_replace("\t", " ", $newfieldvalue); if (isset($fielddata['string_type']) && $fielddata['string_type'] == 'mail') { $returnvalue = filter_var($newfieldvalue, FILTER_VALIDATE_EMAIL) == $newfieldvalue; } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'url') { $returnvalue = validateUrl($newfieldvalue); } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'dir') { // check for empty value (it might be allowed) if (trim($newfieldvalue) == '') { $newfieldvalue = ''; $returnvalue = 'stringmustntbeempty'; } else { // add trailing slash to validate path if needed // refs #331 if (substr($newfieldvalue, -1) != '/') { $newfieldvalue .= '/'; } $returnvalue = $newfieldvalue == makeCorrectDir($newfieldvalue); } } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'confdir') { // check for empty value (it might be allowed) if (trim($newfieldvalue) == '') { $newfieldvalue = ''; $returnvalue = 'stringmustntbeempty'; } else { // add trailing slash to validate path if needed // refs #331 if (substr($newfieldvalue, -1) != '/') { $newfieldvalue .= '/'; } // if this is a configuration directory, check for stupidity of admins :p if (checkDisallowedPaths($newfieldvalue) !== true) { $newfieldvalue = ''; $returnvalue = 'givendirnotallowed'; } else { $returnvalue = $newfieldvalue == makeCorrectDir($newfieldvalue); } } } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'file') { // check for empty value (it might be allowed) if (trim($newfieldvalue) == '') { $newfieldvalue = ''; $returnvalue = 'stringmustntbeempty'; } else { $returnvalue = $newfieldvalue == makeCorrectFile($newfieldvalue); } } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'filedir') { // check for empty value (it might be allowed) if (trim($newfieldvalue) == '') { $newfieldvalue = ''; $returnvalue = 'stringmustntbeempty'; } else { $returnvalue = $newfieldvalue == makeCorrectDir($newfieldvalue) || $newfieldvalue == makeCorrectFile($newfieldvalue); } } elseif (isset($fielddata['string_type']) && $fielddata['string_type'] == 'validate_ip') { $newfieldvalue = validate_ip2($newfieldvalue); $returnvalue = $newfieldvalue !== false ? true : 'invalidip'; } elseif (preg_match('/^[^\\r\\n\\t\\f\\0]*$/D', $newfieldvalue)) { $returnvalue = true; } if (isset($fielddata['string_regexp']) && $fielddata['string_regexp'] != '') { if (preg_match($fielddata['string_regexp'], $newfieldvalue)) { $returnvalue = true; } else { $returnvalue = false; } } if (isset($fielddata['string_emptyallowed']) && $fielddata['string_emptyallowed'] === true && $newfieldvalue === '') { $returnvalue = true; } elseif (isset($fielddata['string_emptyallowed']) && $fielddata['string_emptyallowed'] === false && $newfieldvalue === '') { $returnvalue = 'stringmustntbeempty'; } } if ($returnvalue === true) { return true; } elseif ($returnvalue === false) { return 'stringformaterror'; } else { return $returnvalue; } }
if ($path != $result['documentroot'] || $isemaildomain != $result['isemaildomain'] || $iswildcarddomain != $result['iswildcarddomain'] || $aliasdomain != $result['aliasdomain'] || $openbasedir_path != $result['openbasedir_path'] || $ssl_redirect != $result['ssl_redirect']) { $log->logAction(USR_ACTION, LOG_INFO, "edited domain '" . $idna_convert->decode($result['domain']) . "'"); inserttask('1'); inserttask('4'); $result = $db->query('UPDATE `' . TABLE_PANEL_DOMAINS . "` SET `documentroot`='" . $db->escape($path) . "', `isemaildomain`='" . (int) $isemaildomain . "', `iswildcarddomain`='" . (int) $iswildcarddomain . "', `aliasdomain`=" . ($aliasdomain != 0 && $alias_check == 0 ? '\'' . $db->escape($aliasdomain) . '\'' : 'NULL') . ",`openbasedir_path`='" . $db->escape($openbasedir_path) . "', `ssl_redirect`='" . $ssl_redirect . "' WHERE `customerid`='" . (int) $userinfo['customerid'] . "' AND `id`='" . (int) $id . "'"); } redirectTo($filename, array('page' => $page, 's' => $s)); } } else { $result['domain'] = $idna_convert->decode($result['domain']); $domains = makeoption($lng['domains']['noaliasdomain'], 0, $result['aliasdomain'], true); $result_domains = $db->query('SELECT `d`.`id`, `d`.`domain` FROM `' . TABLE_PANEL_DOMAINS . '` `d`, `' . TABLE_PANEL_CUSTOMERS . "` `c` WHERE `d`.`aliasdomain` IS NULL AND `d`.`id`<>'" . (int) $result['id'] . "' AND `c`.`standardsubdomain`<>`d`.`id` AND `d`.`customerid`='" . (int) $userinfo['customerid'] . "' AND `c`.`customerid`=`d`.`customerid` ORDER BY `d`.`domain` ASC"); while ($row_domain = $db->fetch_array($result_domains)) { $domains .= makeoption($idna_convert->decode($row_domain['domain']), $row_domain['id'], $result['aliasdomain']); } if (preg_match('/^https?\\:\\/\\//', $result['documentroot']) && validateUrl($idna_convert->encode($result['documentroot'])) && $settings['panel']['pathedit'] == 'Dropdown') { $urlvalue = $result['documentroot']; $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit']); } else { $urlvalue = ''; $pathSelect = makePathfield($userinfo['documentroot'], $userinfo['guid'], $userinfo['guid'], $settings['panel']['pathedit'], $result['documentroot']); } $ssl_redirect = makeyesno('ssl_redirect', '1', '0', $result['ssl_redirect']); $iswildcarddomain = makeyesno('iswildcarddomain', '1', '0', $result['iswildcarddomain']); $isemaildomain = makeyesno('isemaildomain', '1', '0', $result['isemaildomain']); $openbasedir = makeoption($lng['domain']['docroot'], 0, $result['openbasedir_path'], true) . makeoption($lng['domain']['homedir'], 1, $result['openbasedir_path'], true); $result = htmlentities_array($result); if ($settings['system']['use_ssl'] == '1') { } eval('echo "' . getTemplate('domains/domains_edit') . '";'); }