Still fixing regressions caused by Trac#446: XSS vulnerabilities...

SVN:trunk[1450]
2026-04-23 18:48:51 +02:00 · 2011-08-12 10:06:33 +00:00
parent 96f3350029
commit b02021a4ff
7 changed files with 53 additions and 41 deletions
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -181,6 +181,7 @@ class utils
 			break;
 			
 			case 'parameter':
+			case 'field_name':
 			if (is_array($value))
 			{
 				$retValue = array();
@@ -196,10 +197,21 @@ class utils
 			}
 			else
 			{
-				$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>'/^[ A-Za-z0-9_=-]*$/'))); // the '=' equal character is used in serialized filters
+				switch($sSanitizationFilter)
+				{
+					case 'parameter':
+					$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>'/^[ A-Za-z0-9_=-]*$/'))); // the '=' equal character is used in serialized filters
+					break;
+					
+					case 'field_name':
+					$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>'/^[A-Za-z0-9_]+(->[A-Za-z0-9_]+)*$/'))); // att_code or att_code->name or AttCode->Name or AttCode->Key2->Name
+					break;
+				}
 			}
 			break;
 			
+			break;
+			
 			default:
 			case 'raw_data':
 			$retValue = $value;