From patchwork Fri Feb 18 14:33:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 5184 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4K0Z2R2ytwz3wtR for ; Fri, 18 Feb 2022 14:34:07 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4K0Z2Q6fYTz5MG; Fri, 18 Feb 2022 14:34:06 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4K0Z2Q643Vz2xhV; Fri, 18 Feb 2022 14:34:06 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4K0Z2P4zh3z2xW7 for ; Fri, 18 Feb 2022 14:34:05 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4K0Z2P2GKTz1dX; Fri, 18 Feb 2022 14:34:05 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1645194845; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=cswxaGZmjYcNUDZO973nAfaY5McqaCUOoZwT2zk5fag=; b=pWhGaKaRg9UuR7yOTu1SRYl34xfVEqIc6ADi3lsUKL0nJV6eI1C1mkMv3y37JL5LqfON9D CBJNl7VTHX9qteAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1645194845; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=cswxaGZmjYcNUDZO973nAfaY5McqaCUOoZwT2zk5fag=; b=XF8bkkD6XzY8cA4mLwYz35P5AySKDtcsOiLBzzvVjwzgcWQFnZ+CN8NDhlwIO/FlOZk0qU yo6DkprA04qnANCePrMS52gbZi/OnT0BgWkPzcng2pdfU/pjhoBqfNjEJfEg4OhbSjdQKl RlrhUbSu5FTJdBigvLAPHT2MrgtHMlAILQa2tbw/sv5TEHzI3VZ65qYjoGWw327HDFAzXU JNyG/djRX+uvDF/m+APdizBScr3juIofkx2e/UFbhXmY/7cAiCJniNtWBMjvtP2EWh87lM 36PWDlaTrtRlJFL1W3cd9Mn1nSZVHCa4OOTbvwY0O1mlbkUT8pj+YIIK07M9jA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] accounting.cgi: Change some variables to alphanumeric - Bug#12777 Date: Fri, 18 Feb 2022 15:33:52 +0100 Message-Id: <20220218143352.5927-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - The Postcode in the address only allowed numeric postcodes. The Netherlands and Great Britain are at lease two countries that use alphanumeric postcodes with spaces. Changed the postcode check from numeric to alphanumeric. - The Bank Code in the Providers details only allowed numeric Bank Codes. In Great Britain the Bank Code, also known as the Sort Code is made up of three groups of digits separated by a - . - Adjusted the regex for the alphanumeric check to include a space and a - . The original comment indicated that a - was allowed but it was not included in the regex. - Tested on a vm system and confirmed that a postcode from The Netherlands and Great Britain and a Sort Code from Breat Britain are now accepted. Fixes: Bug#12777 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Reviewed-by: Bernhard Bitsch --- src/squid-accounting/accounting.cgi | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/squid-accounting/accounting.cgi b/src/squid-accounting/accounting.cgi index 751b6e8a5..e1e2346da 100755 --- a/src/squid-accounting/accounting.cgi +++ b/src/squid-accounting/accounting.cgi @@ -1488,7 +1488,7 @@ sub checkaddress{ if (! $cgiparams{'txt_plz'}){ $errormessage.="$Lang::tr{'acct empty field'} $Lang::tr{'acct plz'}
"; }else{ - if(! &validnumfield($cgiparams{'txt_plz'})){ + if(! &validalphanumfield($cgiparams{'txt_plz'})){ $errormessage.="$Lang::tr{'acct invalid'} $Lang::tr{'acct plz'}
"; } } @@ -1523,7 +1523,7 @@ sub checkaddress{ } if(($cgiparams{'txt_iban'} && $cgiparams{'txt_blz'})||(!$cgiparams{'txt_iban'} && $cgiparams{'txt_blz'})){ #Check BLZ - if(! &validnumfield($cgiparams{'txt_blz'})){ + if(! &validalphanumfield($cgiparams{'txt_blz'})){ $errormessage.="$Lang::tr{'acct invalid'} $Lang::tr{'acct blz'}
"; } #Check BANKACCOUNT @@ -1653,7 +1653,7 @@ sub validphonefield{ } sub validalphanumfield{ - #GET: Input from a numeric field + #GET: Input from an alphanumeric field #GIVES: True if valid, false if not valid my $remark = $_[0]; @@ -1661,8 +1661,8 @@ sub validalphanumfield{ # but no more than 63 characters if (length ($remark) < 1 || length ($remark) > 255) { return 0;} - # Only valid characters are a-z, A-Z, 0-9 and - - if ($remark !~ /^[0-9a-zA-Z]*$/) { + # Only valid characters are a-z, A-Z, 0-9 - and space + if ($remark !~ /^[0-9a-zA-Z- ]*$/) { return 0;} # First character can only be a letter or a digit if (substr ($remark, 0, 1) !~ /^[0-9A-Za-z]*$/) {