Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
important security update
- SQL Injection found in login page via x-forwarded-for header
- Loading branch information
Administrator
authored and
Administrator
committed
Feb 13, 2021
1 parent
2d432f7
commit 29e1ead
Showing
8 changed files
with
818 additions
and
699 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,102 @@ | ||
| <?php | ||
|
|
||
| /* | ||
| * To change this license header, choose License Headers in Project Properties. | ||
| * To change this template file, choose Tools | Templates | ||
| * and open the template in the editor. | ||
| */ | ||
|
|
||
| class Validator { | ||
| static function phone($input) { | ||
| return preg_match('/^(\d{9,9}|\+48\d{9,9})$/',$input); | ||
| } | ||
|
|
||
| static function email($input) { | ||
| return preg_match('/^([\-\_\.\w\d]+)\@(.+\.\w+)$/',$input); | ||
| } | ||
|
|
||
| static function ipv4($input) { | ||
| return preg_match('/^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])$/',$input); | ||
| } | ||
|
|
||
| static function postCode($input) { | ||
| return preg_match('/^(\d{2,2})\-(\d{3,3})$/',$input); | ||
| } | ||
|
|
||
| static function password($input) { | ||
| return preg_match('/[a-z]/',$input) && preg_match('/[A-Z]/',$input) && preg_match('/[0-9]/',$input); | ||
| } | ||
|
|
||
| static function nip($input) { | ||
| if(!empty($input)) { | ||
| $weights = array(6, 5, 7, 2, 3, 4, 5, 6, 7); | ||
| $nip = preg_replace('/[\s-]/', '', $input); | ||
| if (strlen($nip) == 10 && is_numeric($nip)) { | ||
| $sum = 0; | ||
| for($i = 0; $i < 9; $i++) | ||
| $sum += $nip[$i] * $weights[$i]; | ||
| return ($sum % 11) == $nip[9]; | ||
| } | ||
| } | ||
| return false; | ||
| } | ||
|
|
||
| static function regon($input) { | ||
| return (Validator::regon9($input) || Validator::regon14($input)); | ||
| } | ||
|
|
||
| static function regon9($input) { | ||
| if(!empty($input)) { | ||
| $weights = array(8, 9, 2, 3, 4, 5, 6, 7); | ||
| $regon = preg_replace('/[\s-]/', '', $input); | ||
| if (strlen($regon) == 9 && is_numeric($regon)) { | ||
| $sum = 0; | ||
| for($i = 0; $i < 8; $i++) | ||
| $sum += $regon[$i] * $weights[$i]; | ||
| return ($sum % 11) == $regon[8]; | ||
| } | ||
| } | ||
| return false; | ||
| } | ||
|
|
||
| static function regon14($input) { | ||
| if(!empty($input)) { | ||
| $weights = array(2, 4, 8, 5, 0, 9, 7, 3, 6, 1, 2, 4, 8 ); | ||
| $regon = preg_replace('/[\s-]/', '', $input); | ||
| if (strlen($regon) == 14 && is_numeric($regon)) { | ||
| $sum = 0; | ||
| for($i = 0; $i < 13; $i++) | ||
| $sum += $regon[$i] * $weights[$i]; | ||
| return ($sum % 11) == $regon[13]; | ||
| } | ||
| } | ||
| return false; | ||
| } | ||
|
|
||
| static function notEmpty($input) { | ||
| if (strlen($input) > 0) { return TRUE; } else { return FALSE; } | ||
| } | ||
|
|
||
| static function filterScriptTags($html) { | ||
| $dom = new DOMDocument(); | ||
|
|
||
| $dom->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD); | ||
|
|
||
| $script = $dom->getElementsByTagName('script'); | ||
| $remove = []; | ||
| foreach($script as $item) | ||
| { | ||
| $remove[] = $item; | ||
| } | ||
| foreach ($remove as $item) | ||
| { | ||
| $item->parentNode->removeChild($item); | ||
| } | ||
| $html = $dom->saveHTML(); | ||
| return $html; | ||
| } | ||
|
|
||
| static function filterNonAlphanum($input) { | ||
| return preg_replace("/[^a-z0-9_\-.:!?;ąćęłńóśźżĄĆĘŁŃÓŚŹŻ ]/is", "", $input); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
Oops, something went wrong.