[FIX] banning: Prevent bad rules being saved, add a default title if …

…not supplied and set mode by input focus git-svn-id: https://svn.code.sf.net/p/tikiwiki/code/branches/14.x@55447 b456876b-0849-0410-b77d-98878d47e9d5
changi67 · May 16, 2015 · 5e12499 · 5e12499
1 parent 62c2e10
commit 5e12499
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 26 deletions.
diff --git a/lib/ban/banlib.php b/lib/ban/banlib.php
@@ -232,6 +232,9 @@ function importCSV($fname, $import_as_new)
      */
     function replace_rule($banId, $mode, $title, $ip1, $ip2, $ip3, $ip4, $user, $date_from, $date_to, $use_dates, $message, $sections)
 	{
+		if (empty($title)) {
+			$title = empty($user) ? "$ip1.$ip2.$ip3.$ip4" : $user;
+		}
 
 		$count = TikiDb::get()->table('tiki_banning')->fetchCount(array('banId' => $banId));
 		if ($banId && $count > 0) {

diff --git a/templates/tiki-admin_banning.tpl b/templates/tiki-admin_banning.tpl
@@ -70,7 +70,7 @@
 		<label class="col-sm-4 control-label" for="banning-userregex">{tr}Username regex matching{/tr}</label>
 		<div class="col-sm-8">
 			<input type="radio" name="mode" value="user" {if $info.mode eq 'user'}checked="checked"{/if}>
-			<input type="text" name="userreg" id="banning-userregex" value="{$info.user|escape}">
+			<input type="text" name="userreg" id="banning-userregex" value="{$info.user|escape}" onfocus="$('input[name=mode]').val(['user']);">
 		</div>
 	</div>
 	{if isset($mass_ban_ip)}
@@ -95,7 +95,7 @@
 			<label class="col-sm-4 control-label" for="banning-ipregex">{tr}IP regex matching{/tr}</label></label>
 			<div class="col-sm-8">
 				<input type="radio" name="mode" value="ip" {if $info.mode eq 'ip'}checked="checked"{/if}>
-				<input type="text" name="ip1" id="banning-ipregex" value="{$info.ip1|escape}" size="3">.
+				<input type="text" name="ip1" id="banning-ipregex" value="{$info.ip1|escape}" size="3" onfocus="$('input[name=mode]').val(['ip']);">.
 				<input type="text" name="ip2" value="{$info.ip2|escape}" size="3">.
 				<input type="text" name="ip3" value="{$info.ip3|escape}" size="3">.
 				<input type="text" name="ip4" value="{$info.ip4|escape}" size="3">

diff --git a/tiki-admin_banning.php b/tiki-admin_banning.php
@@ -42,32 +42,39 @@
 
 if (isset($_REQUEST['save'])) {
 	check_ticket('admin-banning');
-	$_REQUEST['use_dates'] = isset($_REQUEST['use_dates']) ? 'y' : 'n';
-	$_REQUEST['date_from'] = $tikilib->make_time(0, 0, 0, $_REQUEST['date_fromMonth'], $_REQUEST['date_fromDay'], $_REQUEST['date_fromYear']);
-	$_REQUEST['date_to'] = $tikilib->make_time(0, 0, 0, $_REQUEST['date_toMonth'], $_REQUEST['date_toDay'], $_REQUEST['date_toYear']);
-	$sections = isset($_REQUEST['section']) ? array_keys($_REQUEST['section']) : array();
-	// Handle case when many IPs are banned
-	if ($_REQUEST['mode'] == 'mass_ban_ip') {
-		foreach ($_REQUEST['multi_banned_ip'] as $ip => $value) {
-			list($ip1,$ip2,$ip3,$ip4) = explode('.', $ip);
-			$banlib->replace_rule($_REQUEST['banId'], 'ip', $_REQUEST['title'], $ip1, $ip2, $ip3, $ip4, $_REQUEST['userreg'], $_REQUEST['date_from'], $_REQUEST['date_to'], $_REQUEST['use_dates'], $_REQUEST['message'], $sections);
-		}
+	if ($_REQUEST['mode'] === 'user' && empty($_REQUEST['userreg'])) {
+		TikiLib::lib('errorreport')->report(tra("Not saved:") . ' ' . tra("Username pattern empty"));
+	} else if ($_REQUEST['mode'] === 'ip' && $_REQUEST['ip1'] == 255 && $_REQUEST['ip2'] == 255 && $_REQUEST['ip3'] == 255 && $_REQUEST['ip4'] == 255) {
+		TikiLib::lib('errorreport')->report(tra("Not saved:") . ' ' . tra("Default IP pattern still set"));
 	} else {
-		$banlib->replace_rule($_REQUEST['banId'], $_REQUEST['mode'], $_REQUEST['title'], $_REQUEST['ip1'], $_REQUEST['ip2'], $_REQUEST['ip3'], $_REQUEST['ip4'], $_REQUEST['userreg'], $_REQUEST['date_from'], $_REQUEST['date_to'], $_REQUEST['use_dates'], $_REQUEST['message'], $sections);
+
+		$_REQUEST['use_dates'] = isset($_REQUEST['use_dates']) ? 'y' : 'n';
+		$_REQUEST['date_from'] = $tikilib->make_time(0, 0, 0, $_REQUEST['date_fromMonth'], $_REQUEST['date_fromDay'], $_REQUEST['date_fromYear']);
+		$_REQUEST['date_to'] = $tikilib->make_time(0, 0, 0, $_REQUEST['date_toMonth'], $_REQUEST['date_toDay'], $_REQUEST['date_toYear']);
+		$sections = isset($_REQUEST['section']) ? array_keys($_REQUEST['section']) : array();
+		// Handle case when many IPs are banned
+		if ($_REQUEST['mode'] == 'mass_ban_ip') {
+			foreach ($_REQUEST['multi_banned_ip'] as $ip => $value) {
+				list($ip1,$ip2,$ip3,$ip4) = explode('.', $ip);
+				$banlib->replace_rule($_REQUEST['banId'], 'ip', $_REQUEST['title'], $ip1, $ip2, $ip3, $ip4, $_REQUEST['userreg'], $_REQUEST['date_from'], $_REQUEST['date_to'], $_REQUEST['use_dates'], $_REQUEST['message'], $sections);
+			}
+		} else {
+			$banlib->replace_rule($_REQUEST['banId'], $_REQUEST['mode'], $_REQUEST['title'], $_REQUEST['ip1'], $_REQUEST['ip2'], $_REQUEST['ip3'], $_REQUEST['ip4'], $_REQUEST['userreg'], $_REQUEST['date_from'], $_REQUEST['date_to'], $_REQUEST['use_dates'], $_REQUEST['message'], $sections);
+		}
+		$info['sections'] = array();
+		$info['title'] = '';
+		$info['mode'] = 'user';
+		$info['ip1'] = 255;
+		$info['ip2'] = 255;
+		$info['ip3'] = 255;
+		$info['ip4'] = 255;
+		$info['use_dates'] = 'n';
+		$info['date_from'] = $tikilib->now;
+		$info['date_to'] = $tikilib->now + 7 * 24 * 3600;
+		$info['message'] = '';
+		$smarty->assign_by_ref('info', $info);
+		unset($_REQUEST['banId']);
 	}
-	$info['sections'] = array();
-	$info['title'] = '';
-	$info['mode'] = 'user';
-	$info['ip1'] = 255;
-	$info['ip2'] = 255;
-	$info['ip3'] = 255;
-	$info['ip4'] = 255;
-	$info['use_dates'] = 'n';
-	$info['date_from'] = $tikilib->now;
-	$info['date_to'] = $tikilib->now + 7 * 24 * 3600;
-	$info['message'] = '';
-	$smarty->assign_by_ref('info', $info);
-	unset($_REQUEST['banId']);
 }
 
 if ( !empty($_REQUEST['export']) ) {