zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-07-24 03:20:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

Sanitize and validate

Browse source
This commit is contained in:
Pinga 2023-12-14 09:50:48 +02:00
parent 0e135befc2
commit e00a2985e9
6 changed files with 141 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

21
cp/app/Controllers/ContactsController.php
View file

@ -528,6 +528,13 @@ class ContactsController extends Controller
$uri = $request->getUri()->getPath();
if ($args) {
$args = trim($args);
if (!preg_match('/^[a-zA-Z0-9\-]+$/', $args)) {
$this->container->get('flash')->addMessage('error', 'Invalid contact ID format');
return $response->withHeader('Location', '/contacts')->withStatus(302);
}
$contact = $db->selectRow('SELECT id, identifier, voice, fax, email, nin, nin_type, crdate, clid, disclose_voice, disclose_fax, disclose_email FROM contact WHERE identifier = ?',
[ $args ]);
@ -585,6 +592,13 @@ class ContactsController extends Controller
$uri = $request->getUri()->getPath();
if ($args) {
$args = trim($args);
if (!preg_match('/^[a-zA-Z0-9\-]+$/', $args)) {
$this->container->get('flash')->addMessage('error', 'Invalid contact ID format');
return $response->withHeader('Location', '/contacts')->withStatus(302);
}
$contact = $db->selectRow('SELECT id, identifier, voice, fax, email, nin, nin_type, crdate, clid, disclose_voice, disclose_fax, disclose_email FROM contact WHERE identifier = ?',
[ $args ]);
@ -992,6 +1006,13 @@ class ContactsController extends Controller
$uri = $request->getUri()->getPath();
if ($args) {
$args = trim($args);
if (!preg_match('/^[a-zA-Z0-9\-]+$/', $args)) {
$this->container->get('flash')->addMessage('error', 'Invalid contact ID format');
return $response->withHeader('Location', '/contacts')->withStatus(302);
}
$contact_id = $db->selectValue('SELECT id FROM contact WHERE identifier = ?',
[ $args ]);