# HG changeset patch # User Dan # Date 1232936414 18000 # Node ID dcf5381ce8ba271e5488ab57a1a4413163148baf # Parent 9d5c04c1414fb8c7279d14540a463ee3c7db1f96 Replaced integer checks that used preg_match() to use ctype_digit() instead diff -r 9d5c04c1414f -r dcf5381ce8ba includes/sessions.php --- a/includes/sessions.php Sun Jan 25 21:18:05 2009 -0500 +++ b/includes/sessions.php Sun Jan 25 21:20:14 2009 -0500 @@ -3716,7 +3716,7 @@ // Fetch private key $dh_public = $_POST['dh_public_key']; - if ( !preg_match('/^[0-9]+$/', $dh_public) ) + if ( !ctype_digit($dh_public) ) { throw new Exception('ERR_DH_KEY_NOT_INTEGER'); } @@ -3888,7 +3888,7 @@ $dh_hash = $req['dh_secret_hash']; // Check the key - if ( !preg_match('/^[0-9]+$/', $dh_public) || !preg_match('/^[0-9]+$/', $req['dh_client_key']) ) + if ( !ctype_digit($dh_public) || !ctype_digit($req['dh_client_key']) ) { return array( 'mode' => 'error', diff -r 9d5c04c1414f -r dcf5381ce8ba index.php --- a/index.php Sun Jan 25 21:18:05 2009 -0500 +++ b/index.php Sun Jan 25 21:20:14 2009 -0500 @@ -281,7 +281,7 @@ break; case 'rollback': $id = (isset($_GET['id'])) ? $_GET['id'] : false; - if(!$id || !preg_match('#^([0-9]+)$#', $id)) die_friendly('Invalid action ID', '
The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.
'); + if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', 'The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.
'); $id = intval($id); diff -r 9d5c04c1414f -r dcf5381ce8ba plugins/PrivateMessages.php --- a/plugins/PrivateMessages.php Sun Jan 25 21:18:05 2009 -0500 +++ b/plugins/PrivateMessages.php Sun Jan 25 21:20:14 2009 -0500 @@ -60,7 +60,7 @@ break; case 'View': $id = $argv[1]; - if ( !preg_match('#^([0-9]+)$#', $id) ) + if ( !ctype_digit($id) ) { die_friendly('Message error', 'Invalid message ID
'); } @@ -106,7 +106,7 @@ break; case 'Move': $id = $argv[1]; - if ( !preg_match('#^([0-9]+)$#', $id) ) + if ( !ctype_digit($id) ) { die_friendly('Message error', 'Invalid message ID
'); } @@ -136,7 +136,7 @@ break; case 'Delete': $id = $argv[1]; - if ( !preg_match('#^([0-9]+)$#', $id) ) + if ( !ctype_digit($id) ) { die_friendly('Message error', 'Invalid message ID
'); } @@ -365,7 +365,7 @@ break; case 'Edit': $id = $argv[1]; - if ( !preg_match('#^([0-9]+)$#', $id) ) + if ( !ctype_digit($id) ) { die_friendly('Message error', 'Invalid message ID
'); } diff -r 9d5c04c1414f -r dcf5381ce8ba plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Sun Jan 25 21:18:05 2009 -0500 +++ b/plugins/SpecialAdmin.php Sun Jan 25 21:20:14 2009 -0500 @@ -354,10 +354,10 @@ setConfig('register_tou', RenderMan::preprocess_text($_POST['register_tou'], true, false)); // Account lockout policy - if ( preg_match('/^[0-9]+$/', $_POST['lockout_threshold']) ) + if ( ctype_digit($_POST['lockout_threshold']) ) setConfig('lockout_threshold', $_POST['lockout_threshold']); - if ( preg_match('/^[0-9]+$/', $_POST['lockout_duration']) ) + if ( ctype_digit($_POST['lockout_duration']) ) setConfig('lockout_duration', $_POST['lockout_duration']); if ( in_array($_POST['lockout_policy'], array('disable', 'captcha', 'lockout')) ) diff -r 9d5c04c1414f -r dcf5381ce8ba plugins/admin/LangManager.php --- a/plugins/admin/LangManager.php Sun Jan 25 21:18:05 2009 -0500 +++ b/plugins/admin/LangManager.php Sun Jan 25 21:20:14 2009 -0500 @@ -47,7 +47,7 @@ // Is this parameter in the form of an integer? // (designed to ease validation later) - if ( preg_match('/^[0-9]+$/', $parm) ) + if ( ctype_digit($parm) ) // Yes, run intval(), this enabling is_int()-ish checks $parm = intval($parm);