Permalink
Browse files

Parse input values through IPB's parsing routine

  • Loading branch information...
haraldpdl committed Feb 21, 2014
1 parent 8d7df35 commit bb9ddff8504277de2efa1a2fece8f12dc4f8d5cc
Showing with 36 additions and 21 deletions.
  1. +36 −21 osCommerce/OM/Custom/Site/Website/Invision.php
@@ -13,6 +13,8 @@
class Invision {
public static function checkMemberExists($search, $key) {
+ $search = static::_parseCleanValue($search);
+
if ( empty($search) ) {
return false;
}
@@ -37,22 +39,14 @@ public static function checkMemberExists($search, $key) {
}
public static function createUser($username, $email, $password) {
- $username = trim(str_replace(array("\r\n", "\n", "\r"), '', $username));
- $email = trim(str_replace(array("\r\n", "\n", "\r"), '', $email));
- $password = str_replace(array("\r\n", "\n", "\r"), '', $password);
-
- if ( (strlen($username) < 3) || (strlen($username) > 26) ) {
- return false;
- }
+ $username = static::_parseCleanValue($username);
+ $email = static::_parseCleanValue($email);
+ $password = static::_parseCleanValue($password);
if ( empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL) ) {
return false;
}
- if ( (strlen($password) < 3) || (strlen($password) > 32) ) {
- return false;
- }
-
$request = xmlrpc_encode_request('createUser', ['api_key' => OSCOM::getConfig('community_api_key'),
'api_module' => 'oscommerce',
'username' => $username,
@@ -90,16 +84,8 @@ public static function verifyUserKey($user_id, $key) {
}
public static function canLogin($username, $password) {
- $username = trim(str_replace(array("\r\n", "\n", "\r"), '', $username));
- $password = str_replace(array("\r\n", "\n", "\r"), '', $password);
-
- if ( (strlen($username) < 3) || (strlen($username) > 26) ) {
- return false;
- }
-
- if ( (strlen($password) < 3) || (strlen($password) > 32) ) {
- return false;
- }
+ $username = static::_parseCleanValue($username);
+ $password = static::_parseCleanValue($password);
$request = xmlrpc_encode_request('verifyMember', ['api_key' => OSCOM::getConfig('community_api_key'),
'api_module' => 'oscommerce',
@@ -160,5 +146,34 @@ public static function canAutoLogin($id, $hash) {
return false;
}
+
+ protected static function _parseCleanValue($val) {
+ if ( empty($val) ) {
+ return '';
+ }
+
+ $val = preg_replace('/\\\(?!&amp;#|\?#)/', '&#092;', $val);
+
+ $val = str_replace('&#032;', ' ', $val);
+
+ $val = str_replace(array("\r\n", "\n\r", "\r"), "\n", $val);
+
+ $val = str_replace('&', '&amp;', $val);
+ $val = str_replace('<!--', '&#60;&#33;--', $val);
+ $val = str_replace('-->', '--&#62;', $val);
+ $val = str_ireplace('<script', '&#60;script', $val);
+ $val = str_replace('>', '&gt;', $val);
+ $val = str_replace('<', '&lt;', $val);
+ $val = str_replace('"', '&quot;', $val);
+ $val = str_replace("\n", '<br />', $val);
+ $val = str_replace('$', '&#036;', $val);
+ $val = str_replace('!', '&#33;', $val);
+ $val = str_replace("'", '&#39;', $val);
+
+ $val = preg_replace('/&amp;#([0-9]+);/s', "&#\\1;", $val);
+ $val = preg_replace('/&#(\d+?)([^\d;])/i', "&#\\1;\\2", $val);
+
+ return $val;
+ }
}
?>

0 comments on commit bb9ddff

Please sign in to comment.