4 # Copyright (C) 2012 Alexander Weidinger <aw@sz9i.net>
6 # This program is free software; you can redistribute it and/or modify
7 # it under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 2 of the License, or
9 # (at your option) any later version.
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
18 function validate($value, $constraint, $regex='') {
19 switch ($constraint) {
20 case 'empty_or_numeric':
21 return empty($value) or validate($value, 'numeric');
23 return (validate($value, 'regex', '/^[a-z0-9 ._\/-]+$/i')
24 and validate($value, 'inverse_regex', '/\.\./'));
26 return is_numeric($value);
28 return preg_match($regex, $value);
30 return ! preg_match($regex, $value);
36 function valid_or_dead($key, $constraint, $regex='') {
37 foreach(array($_GET, $_POST, $_SERVER) as $_arr) {
38 if (!array_key_exists($key, $_arr)) {
42 if (!validate($value, $constraint, $regex)) {
43 die('Input validation of '.$key.' failed! <br/>'
44 .'Constraint: "'.$constraint.'" <br/>'
45 .'Value: "'.strip_tags(htmlspecialchars($value)).'"');
51 valid_or_dead('action', 'regex', '/[a-z0-9]*/i');
53 valid_or_dead('brightness', 'empty_or_numeric');
55 valid_or_dead('contrast', 'empty_or_numeric');
57 valid_or_dead('depth', 'numeric');
59 valid_or_dead('first', 'regex', '/^[01]$/i');
61 valid_or_dead('format', 'regex', '/^[a-z]+$/i');
63 valid_or_dead('pos_x', 'numeric');
65 valid_or_dead('pos_y', 'numeric');
67 valid_or_dead('geometry_x', 'numeric');
69 valid_or_dead('geometry_y', 'numeric');
71 valid_or_dead('lang_id', 'numeric');
73 valid_or_dead('mode', 'regex', '/^[a-z]+$/i');
75 valid_or_dead('file_name', 'filepath');
77 valid_or_dead('preview_images', 'filepath');
79 valid_or_dead('resolution', 'regex', '/^(|auto|[0-9]+)$/i');
81 valid_or_dead('sid', 'filepath');
83 valid_or_dead('usr_opt', 'inverse_regex', '(;|&&|\|\||<|>|<<|>>)');
85 valid_or_dead('file_save', 'filepath');
87 valid_or_dead('first', 'regex', '/^[01]$/i');
90 valid_or_dead('REMOTE_ADDR', 'regex', '/^[0-9.:]+$/i');