From 61c77268159454a8db8b52b7494b451cadf9f698 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Wed, 3 Mar 2010 13:31:25 +0000
Subject: [PATCH] Fixed: FS#1083 - Make some validation for Redirect paths.

---
 .../web/sites/form/web_aliasdomain.tform.php  |  4 +
 interface/web/sites/form/web_domain.tform.php |  4 +
 .../web/sites/form/web_subdomain.tform.php    |  4 +
 .../web/sites/lib/lang/en_web_domain.lng      |  1 +
 .../web/sites/lib/lang/en_web_subdomain.lng   | 77 ++++++++++---------
 5 files changed, 52 insertions(+), 38 deletions(-)

diff --git a/interface/web/sites/form/web_aliasdomain.tform.php b/interface/web/sites/form/web_aliasdomain.tform.php
index ef360680a..e9753a486 100644
--- a/interface/web/sites/form/web_aliasdomain.tform.php
+++ b/interface/web/sites/form/web_aliasdomain.tform.php
@@ -111,6 +111,10 @@ $form["tabs"]['domain'] = array (
 		'redirect_path' => array (
 			'datatype'	=> 'VARCHAR',
 			'formtype'	=> 'TEXT',
+			'validators'	=> array ( 	0 => array (	'type'	=> 'REGEX',
+														'regex' => '@^(([.]{0})|(https?://([-\w\.]+)+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?)|(/[\w/_\.\-]{1,255}/))$@',
+														'errmsg'=> 'redirect_error_regex'),
+									),
 			'default'	=> '',
 			'value'		=> '',
 			'width'		=> '30',
diff --git a/interface/web/sites/form/web_domain.tform.php b/interface/web/sites/form/web_domain.tform.php
index 1e5afad80..d5ef328e6 100644
--- a/interface/web/sites/form/web_domain.tform.php
+++ b/interface/web/sites/form/web_domain.tform.php
@@ -223,6 +223,10 @@ $form["tabs"]['redirect'] = array (
 		),
 		'redirect_path' => array (
 			'datatype'	=> 'VARCHAR',
+			'validators'	=> array ( 	0 => array (	'type'	=> 'REGEX',
+														'regex' => '@^(([.]{0})|(https?://([-\w\.]+)+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?)|(/[\w/_\.\-]{1,255}/))$@',
+														'errmsg'=> 'redirect_error_regex'),
+									),
 			'formtype'	=> 'TEXT',
 			'default'	=> '',
 			'value'		=> '',
diff --git a/interface/web/sites/form/web_subdomain.tform.php b/interface/web/sites/form/web_subdomain.tform.php
index f6cc6f8bf..f9bfcd53a 100644
--- a/interface/web/sites/form/web_subdomain.tform.php
+++ b/interface/web/sites/form/web_subdomain.tform.php
@@ -111,6 +111,10 @@ $form["tabs"]['domain'] = array (
 		'redirect_path' => array (
 			'datatype'	=> 'VARCHAR',
 			'formtype'	=> 'TEXT',
+			'validators'	=> array ( 	0 => array (	'type'	=> 'REGEX',
+														'regex' => '@^(([.]{0})|(https?://([-\w\.]+)+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?)|(/[\w/_\.\-]{1,255}/))$@',
+														'errmsg'=> 'redirect_error_regex'),
+									),
 			'default'	=> '',
 			'value'		=> '',
 			'width'		=> '30',
diff --git a/interface/web/sites/lib/lang/en_web_domain.lng b/interface/web/sites/lib/lang/en_web_domain.lng
index ba874b5a6..fa15cda42 100644
--- a/interface/web/sites/lib/lang/en_web_domain.lng
+++ b/interface/web/sites/lib/lang/en_web_domain.lng
@@ -55,4 +55,5 @@ $wb["ssl_organisation_error_regex"] = 'Invalid SSL Organisation. Valid character
 $wb["ssl_organistaion_unit_error_regex"] = 'Invalid SSL Organisation Unit. Valid characters are: a-z, 0-9 and .,-_';
 $wb["ssl_country_error_regex"] = 'Invalid SSL Country. Valid characters are: A-Z';
 $wb["limit_traffic_quota_free_txt"] = 'Max. available Traffic Quota';
+$wb["redirect_error_regex"] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
 ?>
diff --git a/interface/web/sites/lib/lang/en_web_subdomain.lng b/interface/web/sites/lib/lang/en_web_subdomain.lng
index ef710039d..6bd3b0895 100644
--- a/interface/web/sites/lib/lang/en_web_subdomain.lng
+++ b/interface/web/sites/lib/lang/en_web_subdomain.lng
@@ -1,39 +1,40 @@
-<?php
-$wb["ssl_state_txt"] = 'State';
-$wb["ssl_locality_txt"] = 'Locality';
-$wb["ssl_organisation_txt"] = 'Organisation';
-$wb["ssl_organisation_unit_txt"] = 'Organisation Unit';
-$wb["ssl_country_txt"] = 'Country';
-$wb["ssl_request_txt"] = 'SSL Request';
-$wb["ssl_cert_txt"] = 'SSL Certificate';
-$wb["ssl_bundle_txt"] = 'SSL Bundle';
-$wb["ssl_action_txt"] = 'SSL Action';
-$wb["server_id_txt"] = 'Server';
-$wb["domain_txt"] = 'Domain';
-$wb["type_txt"] = 'Type';
-$wb["parent_domain_id_txt"] = 'Parent Website';
-$wb["redirect_type_txt"] = 'Redirect Type';
-$wb["redirect_path_txt"] = 'Redirect Path';
-$wb["active_txt"] = 'Active';
-$wb["document_root_txt"] = 'Documentroot';
-$wb["system_user_txt"] = 'Linux User';
-$wb["system_group_txt"] = 'Linux Group';
-$wb["ip_address_txt"] = 'IP-Address';
-$wb["vhost_type_txt"] = 'VHost Type';
-$wb["hd_quota_txt"] = 'Harddisk Quota';
-$wb["traffic_quota_txt"] = 'Traffic Quaota';
-$wb["cgi_txt"] = 'CGI';
-$wb["ssi_txt"] = 'SSI';
-$wb["ssl_txt"] = 'SSL';
-$wb["suexec_txt"] = 'SuEXEC';
-$wb["php_txt"] = 'PHP';
-$wb["client_txt"] = 'Client';
-$wb["limit_web_domain_txt"] = 'The max. number of web domains for your account is reached.';
-$wb["limit_web_aliasdomain_txt"] = 'The max. number of aliasdomains for your account is reached.';
-$wb["limit_web_subdomain_txt"] = 'The max. number of web subdomains for your account is reached.';
-$wb["apache_directives_txt"] = 'Apache directives';
-$wb["domain_error_empty"] = 'Domain is empty.';
-$wb["domain_error_unique"] = 'There is already a website or sub / aliasdomain with this domain name.';
-$wb["domain_error_regex"] = 'Domain name invalid.';
-$wb["host_txt"] = 'Host';
+<?php
+$wb["ssl_state_txt"] = 'State';
+$wb["ssl_locality_txt"] = 'Locality';
+$wb["ssl_organisation_txt"] = 'Organisation';
+$wb["ssl_organisation_unit_txt"] = 'Organisation Unit';
+$wb["ssl_country_txt"] = 'Country';
+$wb["ssl_request_txt"] = 'SSL Request';
+$wb["ssl_cert_txt"] = 'SSL Certificate';
+$wb["ssl_bundle_txt"] = 'SSL Bundle';
+$wb["ssl_action_txt"] = 'SSL Action';
+$wb["server_id_txt"] = 'Server';
+$wb["domain_txt"] = 'Domain';
+$wb["type_txt"] = 'Type';
+$wb["parent_domain_id_txt"] = 'Parent Website';
+$wb["redirect_type_txt"] = 'Redirect Type';
+$wb["redirect_path_txt"] = 'Redirect Path';
+$wb["active_txt"] = 'Active';
+$wb["document_root_txt"] = 'Documentroot';
+$wb["system_user_txt"] = 'Linux User';
+$wb["system_group_txt"] = 'Linux Group';
+$wb["ip_address_txt"] = 'IP-Address';
+$wb["vhost_type_txt"] = 'VHost Type';
+$wb["hd_quota_txt"] = 'Harddisk Quota';
+$wb["traffic_quota_txt"] = 'Traffic Quaota';
+$wb["cgi_txt"] = 'CGI';
+$wb["ssi_txt"] = 'SSI';
+$wb["ssl_txt"] = 'SSL';
+$wb["suexec_txt"] = 'SuEXEC';
+$wb["php_txt"] = 'PHP';
+$wb["client_txt"] = 'Client';
+$wb["limit_web_domain_txt"] = 'The max. number of web domains for your account is reached.';
+$wb["limit_web_aliasdomain_txt"] = 'The max. number of aliasdomains for your account is reached.';
+$wb["limit_web_subdomain_txt"] = 'The max. number of web subdomains for your account is reached.';
+$wb["apache_directives_txt"] = 'Apache directives';
+$wb["domain_error_empty"] = 'Domain is empty.';
+$wb["domain_error_unique"] = 'There is already a website or sub / aliasdomain with this domain name.';
+$wb["domain_error_regex"] = 'Domain name invalid.';
+$wb["host_txt"] = 'Host';
+$wb["redirect_error_regex"] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
 ?>
\ No newline at end of file
-- 
GitLab