Changeset 415


Ignore:
Timestamp:
Jul 1, 2013 7:45:33 PM (11 years ago)
Author:
anonymous
Message:

Disabled MX record check for email validation. Updated PEdit to work better with AcceptPathInfo? enabled.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/bin/acl.cli.php

    r398 r415  
    118118        break;
    119119    case 'perms' :
    120         default :
     120    default :
    121121        listPerms();
    122122        break;

  • trunk/lib/PEdit.inc.php

    r396 r415  
    168168       
    169169        // The location of the data file. (i.e.: "COMMON_DIR/html/_pedit_data/news/index.xml")
    170         $this->_data_file = sprintf('%s%s.xml', $this->getParam('data_dir'), $_SERVER['PHP_SELF']);
     170        $this->_data_file = sprintf('%s%s.xml', $this->getParam('data_dir'), $_SERVER['SCRIPT_NAME']);
     171       
     172        // Make certain the evaluated path matches the assumed path (realpath will expand /../../);
     173        // if realpath returns FALSE we're not concerned because it means the file doesn't exist (_initializeDataFile() will create it).
     174        if (false !== realpath($this->_data_file) && $this->_data_file !== realpath($this->_data_file)) {
     175            $app->logMsg(sprintf('PEdit data file not a real path: %s', $this->_data_file), LOG_CRIT, __FILE__, __LINE__);
     176            trigger_error(sprintf('PEdit data file not a real path: %s', $this->_data_file), E_USER_ERROR);
     177        }
    171178
    172179        // op is used throughout the script to determine state.
     
    559566        // Ensure requested filename is within the pedit data dir.
    560567        if (mb_strpos($filename, $this->getParam('data_dir')) === false) {
    561             $app->logMsg(sprintf('Failed writing file outside pedit _data_dir: %s', $filename), LOG_ERR, __FILE__, __LINE__);
     568            $app->logMsg(sprintf('Failed writing file outside pedit data_dir: %s', $filename), LOG_ERR, __FILE__, __LINE__);
    562569            return false;
    563570        }
     
    565572        // Recursively create directories.
    566573        $subdirs = preg_split('!/!', str_replace($this->getParam('data_dir'), '', dirname($filename)), -1, PREG_SPLIT_NO_EMPTY);
    567         // Start with the pedit _data_dir base.
     574        // Start with the pedit data_dir base.
    568575        $curr_path = $this->getParam('data_dir');
    569576        while (!empty($subdirs)) {

  • trunk/lib/Upload.inc.php

    r396 r415  
    279279            // Check to be sure the file has a valid file name extension.
    280280            if (!in_array(mb_strtolower($this->getFilenameExtension($file_name)), $this->getParam('valid_file_extensions'))) {
     281                /// TODO: Add option to allow any extention to be uploaded.
    281282                $this->_raiseMsg(sprintf(_("The file %s failed uploading: it is an unrecognized type. Files must have one of the following file name extensions: %s."), $file_name, join(', ', $this->getParam('valid_file_extensions'))), MSG_ERR, __FILE__, __LINE__);
    282283                $app->logMsg(sprintf('The uploaded file %s has an unrecognized file name extension.', $file_name), LOG_WARNING, __FILE__, __LINE__);
     
    295296            // If the file name has no extension, use the mime-type to choose one.
    296297            if (!preg_match('/\.[^.]{1,5}$/', $file_name) && function_exists('mime_content_type')) {
     298                // TODO: will this run if an extention is filtered by 'valid_file_extensions'?
    297299                if ($ext = array_search(mime_content_type($files['tmp_name'][$i]), $this->mime_extension_map)) {
    298300                    $file_name .= ".$ext";

  • trunk/lib/Validator.inc.php

    r396 r415  
    4040
    4141// validateEmail return types.
     42define('VALIDATE_EMAIL_SUCCESS', 0);
    4243define('VALIDATE_EMAIL_REGEX_FAIL', 1);
    4344define('VALIDATE_EMAIL_LENGTH_FAIL', 2);
    4445define('VALIDATE_EMAIL_MX_FAIL', 3);
    45 define('VALIDATE_EMAIL_SUCCESS', 4);
    4646
    4747class Validator {
     
    179179     *
    180180     * @access  public
    181      * @param   string  $val  The input data to validate..
    182      * @return  bool    Validity of address.
     181     * @param   string  $val    The input data to validate..
     182     * @return  const           One of the constant values: VALIDATE_EMAIL_SUCCESS|VALIDATE_EMAIL_REGEX_FAIL|VALIDATE_EMAIL_LENGTH_FAIL|VALIDATE_EMAIL_MX_FAIL
    183183     * @author  Quinn Comendant <quinn@strangecode.com>
    184184     */
     
    209209        // Compare ip2long twice for php4 backwards compat.
    210210        if ((ip2long($domain) == '-1' || ip2long($domain) === false) && function_exists('checkdnsrr') && !checkdnsrr($domain . '.', 'MX') && gethostbyname($domain) == $domain) {
    211             return VALIDATE_EMAIL_MX_FAIL;
     211            // FIXME: Do we care?
     212            // return VALIDATE_EMAIL_MX_FAIL;
    212213        }
    213214
Note: See TracChangeset for help on using the changeset viewer.