fix input validation on required/regex setting

diff --git a/index.php b/index.php
index 24ce25c48237af1baed5e5a5c5fee38b8b5a97bc..ae8f11bb62c8f63ed26269e88db8db82f81f2774 100644 (file)
--- a/index.php
+++ b/index.php
@@ -177,7 +177,12 @@ elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
 </div>
 
 <div id="upload">
 </div>
 
 <div id="upload">

-<fieldset>
+<form id="upload-form" onsubmit="
+            event.preventDefault();
+            document.getElementById('upload').style.display = 'none';
+            document.getElementById('uploading').style.display = '';
+            upload (<?php echo jirafeau_get_max_upload_chunk_size_bytes($cfg['max_upload_chunk_size_bytes']); ?>);
+            "><fieldset>

     <legend>
     <?php echo t('SEL_FILE'); ?>
     </legend>
     <legend>
     <?php echo t('SEL_FILE'); ?>
     </legend>


@@ -279,15 +284,10 @@ if ($cfg['maximal_upload_size'] >= 1024) {
 
         <p id="max_file_size" class="config"></p>
     <p>
 
         <p id="max_file_size" class="config"></p>
     <p>

-    <input type="submit" id="send" value="<?php echo t('SEND'); ?>"
-    onclick="
-        document.getElementById('upload').style.display = 'none';
-        document.getElementById('uploading').style.display = '';
-        upload (<?php echo jirafeau_get_max_upload_chunk_size_bytes($cfg['max_upload_chunk_size_bytes']); ?>);
-    "/>
+    <input type="submit" id="send" value="<?php echo t('SEND'); ?>"/>

     </p>
         </table>
     </p>
         </table>

-    </div> </fieldset>
+    </div> </fieldset></form>

 
     <?php
     if (jirafeau_user_session_logged()) {
 
     <?php
     if (jirafeau_user_session_logged()) {

diff --git a/script.php b/script.php
index 40d26eaf5148aa186052e2b0f9bd6b04974d76b5..600b1d5cc9f702955a9a1d558e27fc1ef3cf0612 100644 (file)
--- a/script.php
+++ b/script.php
@@ -175,6 +175,15 @@ if (isset($_FILES['file']) && is_writable(VAR_FILES)
     $key = '';
     if (isset($_POST['key'])) {
         $key = $_POST['key'];
     $key = '';
     if (isset($_POST['key'])) {
         $key = $_POST['key'];

+        if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex'){
+            if (!preg_match($cfg['download_password_policy_regex'], $key)){
+                echo 'Error 14: The download password is not complying to the security standards.';
+                exit;
+            }
+        }
+    }elseif ($cfg['download_password_requirement'] !== 'optional'){
+        echo 'Error 13: The parameter password is required.';
+        exit;

     }
     $d = '';
     if (isset($_GET['d'])) {
     }
     $d = '';
     if (isset($_GET['d'])) {


@@ -442,6 +451,15 @@ elseif (isset($_GET['init_async'])) {
     $key = '';
     if (isset($_POST['key'])) {
         $key = $_POST['key'];
     $key = '';
     if (isset($_POST['key'])) {
         $key = $_POST['key'];

+        if ($cfg['download_password_requirement'] !== 'generated' && $cfg['download_password_policy'] === 'regex'){
+            if (!preg_match($cfg['download_password_policy_regex'], $key)){
+                echo 'Error 14: The download password is not complying to the security standards.';
+                exit;
+            }
+        }
+    }elseif ($cfg['download_password_requirement'] !== 'optional'){
+        echo 'Error 13: The parameter password is required.';
+        exit;

     }
 
     // Check if one time download is enabled
     }
 
     // Check if one time download is enabled