X-Git-Url: https://git.p6c8.net/selfforum.git/blobdiff_plain/cee4397796b2a1015b88addca2de54fe50dbc3f8..12cb924004788df3066c77db8a723b32235bccf0:/selfforum-cgi/user/fo_posting.pl?ds=sidebyside diff --git a/selfforum-cgi/user/fo_posting.pl b/selfforum-cgi/user/fo_posting.pl index f4c6da0..3126881 100644 --- a/selfforum-cgi/user/fo_posting.pl +++ b/selfforum-cgi/user/fo_posting.pl @@ -16,6 +16,7 @@ use vars qw( $Shared $Script $Config + $VERSION ); # locate the script @@ -27,13 +28,17 @@ BEGIN { $Config = "$Bin/config"; $Script = ($null =~ /^.*\/(.*)$/)? $1 : $null; -# my $null = $0; #$null =~ s/\\/\//g; # for win :-( +# my $null = $0; # $Bin = ($null =~ /^(.*)\/.*$/)? $1 : '.'; -# $Config = "$Bin/../../../cgi-config/devforum"; -# $Shared = "$Bin/../../../cgi-shared"; +# $Config = "$Bin/../../daten/forum/config"; +# $Shared = "$Bin/../../cgi-shared"; # $Script = ($null =~ /^.*\/(.*)$/)? $1 : $null; } +# setting umask, remove or comment it, if you don't need +# +umask 006; + use lib "$Shared"; use CGI::Carp qw(fatalsToBrowser); @@ -41,6 +46,10 @@ use Conf; use Conf::Admin; use Posting::Cache; +# Version check +# +$VERSION = do { my @r =(q$Revision$ =~ /\d+/g); sprintf "%d."."%02d" x $#r, @r }; + # load script configuration and admin default conf. # my $conf = read_script_conf ($Config, $Shared, $Script); @@ -783,7 +792,7 @@ sub check_cgi { # my ($ftid, $fmid) = split /;/ => $q -> param ($formdata -> {followUp} -> {name}) => 2; - unless ($ftid =~ /\d+/ and $fmid =~ /\d+/) { + unless ($ftid =~ /^\d+$/ and $fmid =~ /^\d+$/) { $self -> {error} = { spec => 'unknown_followup', type => 'fatal' @@ -837,8 +846,28 @@ sub check_cgi { # (my $val_ww = $val) =~ s/\s+//g; - $val_ww =~ y/a-zA-Z//cd - if (exists ($formdata -> {$name {$_}} -> {type}) and $formdata -> {$name {$_}} -> {type} eq 'name'); + if (exists ($formdata -> {$name {$_}} -> {type}) and $formdata -> {$name {$_}} -> {type} eq 'name') { + $val_ww =~ y/a-zA-Z//cd; + + my @badlist = map {qr/\Q$_/i} qw ( + # insert badmatchlist here + ); + + push @badlist => map {qr/\b\Q$_\E\b/i} qw( + # insert badwordlist here + ); + + for (@badlist) { + if ($val_ww =~ /$_/) { + $self -> {error} = { + spec => 'undesired', + desc => $name{$_}, + type => 'fatal' + }; + return; + } + } + } if (length $val_ww < $formdata -> {$name {$_}} -> {minlength}) { $self -> {error} = { @@ -880,6 +909,16 @@ sub check_cgi { }; $self -> kill_param or return; } + + elsif ($formdata -> {$name {$_}} -> {type} eq 'unique-id' and not may_id $val) { + $self -> {error} = { + spec => 'wrong_unique_id', + desc => $name{$_}, + type => $formdata -> {$name {$_}} -> {errorType} + }; + print STDERR "Manipuliert!"; + $self -> kill_param or return; + } } if (exists ($formdata -> {$name {$_}} -> {values})