composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-12 23:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°4367 Security hardening

Browse Source
This commit is contained in:
Pierre Goiffon
2021-10-18 11:38:00 +02:00
parent eaf8a187aa
commit b3f827ed5e
3 changed files with 173 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
js/utils.js
View File

@@ -739,4 +739,70 @@ Dict.Format = function () {
var args = Array.from(arguments);
args[0] = Dict.S(arguments[0]);
return Format(args);
}
/**
* Helper to Sanitize string
*
* Note: Same as in php (see \utils::Sanitize)
*
* @api
* @since 2.6.5 2.7.6 3.0.0 N°4367
*/
const CombodoSanitizer = {
ENUM_SANITIZATION_FILTER_INTEGER: 'integer',
ENUM_SANITIZATION_FILTER_STRING: 'string',
ENUM_SANITIZATION_FILTER_CONTEXT_PARAM: 'context_param',
ENUM_SANITIZATION_FILTER_PARAMETER: 'parameter',
ENUM_SANITIZATION_FILTER_FIELD_NAME: 'field_name',
ENUM_SANITIZATION_FILTER_TRANSACTION_ID: 'transaction_id',
ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER: 'element_identifier',
ENUM_SANITIZATION_FILTER_VARIABLE_NAME: 'variable_name',
/**
* @param {String} sValue The string to sanitize
* @param {String} sDefaultValue The string to return if sValue not match (used for some filters)
* @param {String} sSanitizationFilter one of the ENUM_SANITIZATION_FILTERs
*/
Sanitize: function (sValue, sDefaultValue, sSanitizationFilter) {
switch (sSanitizationFilter) {
case CombodoSanitizer.ENUM_SANITIZATION_FILTER_INTEGER:
return this._CleanString(sValue, sDefaultValue, /[^0-9-+]*/g);
case CombodoSanitizer.ENUM_SANITIZATION_FILTER_STRING:
return $("<div>").text(sValue).text();
case CombodoSanitizer.ENUM_SANITIZATION_FILTER_TRANSACTION_ID:
return this._ReplaceString(sValue, sDefaultValue, /^([\. A-Za-z0-9_=-]*)$/g, '');
case CombodoSanitizer.ENUM_SANITIZATION_FILTER_PARAMETER:
return this._ReplaceString(sValue, sDefaultValue, /^([ A-Za-z0-9_=-]*)$/g);
case CombodoSanitizer.ENUM_SANITIZATION_FILTER_FIELD_NAME:
return this._ReplaceString(sValue, sDefaultValue, /^[A-Za-z0-9_]+(->[A-Za-z0-9_]+)*$/g);
case CombodoSanitizer.ENUM_SANITIZATION_FILTER_CONTEXT_PARAM:
return this._ReplaceString(sValue, sDefaultValue, /^[ A-Za-z0-9_=%:+-]*$/g);
case CombodoSanitizer.ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER:
return this._CleanString(sValue, sDefaultValue, /[^a-zA-Z0-9_]/g);
case CombodoSanitizer.ENUM_SANITIZATION_FILTER_VARIABLE_NAME:
return this._CleanString(sValue, sDefaultValue, /[^a-zA-Z0-9_]/g);
}
return sDefaultValue;
},
_CleanString: function (sValue, sDefaultValue, sRegExp) {
return sValue.replace(sRegExp, '');
},
_ReplaceString: function (sValue, sDefaultValue, sRegExp) {
if (sRegExp.test(sValue)) {
return sValue;
} else {
return sDefaultValue;
}
}
}