$version_lst = array(
'empty' => "SELECT ONE",
+ '206' => "3.0.x",
'200' => "1.36.x",
'201' => "1.38.x",
'202' => "2.0.x",
'203' => "2.2.x",
'206' => "2.4.x",
- '206' => "3.0.x",
'204' => "GIT master version"
);
<script type="text/javascript" language="JavaScript">
-function validate_testimonial (form) {
+function validate_testimonial () {
var alertstr = '';
var invalid = 0;
var invalid_fields = new Array();
var ok;
+ var form = document.forms['form1'];
// email: standard text, hidden, password, or textarea box
var email = form.elements['email_address'].value;
if (email == null || ! email.match(/^[\w\-\+\._]+\@[a-zA-Z0-9][-a-zA-Z0-9\.]*\.[a-zA-Z]+$/)) {
}
var number = form.elements['orgtype_id'].value;
if (number == null || ! number.match(/^[0-9]+$/)) {
- alertstr += '- Choose one of the "Organization type" options\n';
+ alertstr += '- Choose one of the "Organization type" options\n';
invalid_fields.push('orgtype_id');
invalid++;
}
}
var ostype = form.elements['ostype_id'].value;
if (ostype == null || ! ostype.match(/^[0-9]+$/)) {
- alertstr += '- Choose one of the "Director OS" field\n';
+ alertstr += '- Choose one of the "Director OS" field\n';
invalid_fields.push('ostype_id');
invalid++;
}
var catalog = form.elements['catalog_id'].value;
if (catalog == null || ! catalog.match(/^[0-9]+$/)) {
- alertstr += '- Choose one of the "Catalog type" field\n';
+ alertstr += '- Choose one of the "Catalog type" field\n';
invalid_fields.push('catalog_id');
invalid++;
}
+ var comments = form.elements['comments'].value;
+ if (comments != null && comments.match(/http:\/\//)) {
+ alertstr += '- Invalid entry for the "Comments" field, we disallow spam url\n';
+ invalid_fields.push('comments');
+ invalid++;
+ }
+ comments = form.elements['hardware_comments'].value;
+ if (comments != null && comments.match(/http:\/\//)) {
+ alertstr += '- Invalid entry for the "Hardware comments" field, we disallow spam url\n';
+ invalid_fields.push('hardware_comments');
+ invalid++;
+ }
var number = form.elements['number_fd'].value;
if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "Number of Client" field\n';
+ alertstr += '- Invalid entry for the "Number of Client" field\n';
invalid_fields.push('number_fd');
invalid++;
}
number = form.elements['number_sd'].value;
if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "Number of Storage" field\n';
+ alertstr += '- Invalid entry for the "Number of Storage" field\n';
invalid_fields.push('number_sd');
invalid++;
}
number = form.elements['number_dir'].value;
- if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "Number of Director" field\n';
+ if (number == null || ! number.match(/^[0-9,\.]+$/) || number > 100) {
+ alertstr += '- Invalid entry for the "Number of Director" field\n';
invalid_fields.push('number_dir');
invalid++;
}
number = form.elements['month_gb'].value;
if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "Number GB/month" field\n';
+ alertstr += '- Invalid entry for the "Number GB/month" field\n';
invalid_fields.push('month_gb');
invalid++;
}
number = form.elements['number_files'].value;
if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "File number" field\n';
+ alertstr += '- Invalid entry for the "File number" field\n';
invalid_fields.push('number_files');
invalid++;
- }
+ }
if (invalid > 0 || alertstr != '') {
if (! invalid) invalid = 'The following'; // catch for programmer error
alert(''+invalid+' error(s) were encountered with your submission:'+'\n\n'
<?
if ($_REQUEST['action'] == 'Modify') {
echo "<input type='hidden' title='testimonial id' id='id' name='id' class='ItemValue' value=''>";
- echo "<input type='submit' name='action' class='ItemValue' onclick='return validate_testimonial(this);' value='Save'>";
+ echo "<input type='submit' name='action' class='ItemValue' onclick='return validate_testimonial();' value='Save'>";
echo "<input type='submit' name='action' class='ItemValue' onclick='confirm(\"Are you sure ?\");' value='Delete'><br>";
echo "<input type='hidden' name='page' class='ItemValue' value='testimonial'><br>";
foreach ($attribs as $arr) {
$formul[$arr] = preg_replace('/[^a-zA-Z0-9!\.?\:\/,;_()@\n -]/', " ", $_REQUEST[$arr]);
}
-
+ /* Disallow http:// links into comments field */
+ $m = array();
+ preg_match('/http:\/\//', $_REQUEST['comments'], $m);
+ if (sizeof($m) > 2) {
+ return '';
+ }
+ $m = array();
+ preg_match('/http:\/\//', $_REQUEST['hardware_comments'], $m);
+ if (sizeof($m) > 2) {
+ return '';
+ }
+ /* Disallow when number of dir too big or > number of fd */
+ if (intval($_REQUEST['number_dir']) > 100 ||
+ intval($_REQUEST['number_dir']) > intval($_REQUEST['number_fd'])) {
+ return '';
+ }
$attribs = array('publish_contact','publish_email', 'publish_orgname', 'orgtype_id',
'orgindustry_id','org_size', 'publish_orgsize','publish_website', 'bacula_version',
'country_id','ostype_id', 'redundant_setup','number_fd','number_sd','support',
$version_lst = array(
'empty' => "SELECT ONE",
+ '206' => "3.0.x",
'200' => "1.36.x",
'201' => "1.38.x",
'202' => "2.0.x",
'203' => "2.2.x",
'206' => "2.4.x",
- '206' => "3.0.x",
'204' => "GIT master version"
);
<script type="text/javascript" language="JavaScript">
-function validate_testimonial (form) {
+function validate_testimonial () {
var alertstr = '';
var invalid = 0;
var invalid_fields = new Array();
var ok;
+ var form = document.forms['form1'];
// email: standard text, hidden, password, or textarea box
var email = form.elements['email_address'].value;
if (email == null || ! email.match(/^[\w\-\+\._]+\@[a-zA-Z0-9][-a-zA-Z0-9\.]*\.[a-zA-Z]+$/)) {
}
var number = form.elements['orgtype_id'].value;
if (number == null || ! number.match(/^[0-9]+$/)) {
- alertstr += '- Choose one of the "Organization type" options\n';
+ alertstr += '- Choose one of the "Organization type" options\n';
invalid_fields.push('orgtype_id');
invalid++;
}
}
var ostype = form.elements['ostype_id'].value;
if (ostype == null || ! ostype.match(/^[0-9]+$/)) {
- alertstr += '- Choose one of the "Director OS" field\n';
+ alertstr += '- Choose one of the "Director OS" field\n';
invalid_fields.push('ostype_id');
invalid++;
}
var catalog = form.elements['catalog_id'].value;
if (catalog == null || ! catalog.match(/^[0-9]+$/)) {
- alertstr += '- Choose one of the "Catalog type" field\n';
+ alertstr += '- Choose one of the "Catalog type" field\n';
invalid_fields.push('catalog_id');
invalid++;
}
+ var comments = form.elements['comments'].value;
+ if (comments != null && comments.match(/http:\/\//)) {
+ alertstr += '- Invalid entry for the "Comments" field, we disallow spam url\n';
+ invalid_fields.push('comments');
+ invalid++;
+ }
+ comments = form.elements['hardware_comments'].value;
+ if (comments != null && comments.match(/http:\/\//)) {
+ alertstr += '- Invalid entry for the "Hardware comments" field, we disallow spam url\n';
+ invalid_fields.push('hardware_comments');
+ invalid++;
+ }
var number = form.elements['number_fd'].value;
if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "Number of Client" field\n';
+ alertstr += '- Invalid entry for the "Number of Client" field\n';
invalid_fields.push('number_fd');
invalid++;
}
number = form.elements['number_sd'].value;
if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "Number of Storage" field\n';
+ alertstr += '- Invalid entry for the "Number of Storage" field\n';
invalid_fields.push('number_sd');
invalid++;
}
number = form.elements['number_dir'].value;
- if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "Number of Director" field\n';
+ if (number == null || ! number.match(/^[0-9,\.]+$/) || number > 100) {
+ alertstr += '- Invalid entry for the "Number of Director" field\n';
invalid_fields.push('number_dir');
invalid++;
}
number = form.elements['month_gb'].value;
if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "Number GB/month" field\n';
+ alertstr += '- Invalid entry for the "Number GB/month" field\n';
invalid_fields.push('month_gb');
invalid++;
}
number = form.elements['number_files'].value;
if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "File number" field\n';
+ alertstr += '- Invalid entry for the "File number" field\n';
invalid_fields.push('number_files');
invalid++;
- }
+ }
if (invalid > 0 || alertstr != '') {
if (! invalid) invalid = 'The following'; // catch for programmer error
alert(''+invalid+' error(s) were encountered with your submission:'+'\n\n'
<?
if ($_REQUEST['action'] == 'Modify') {
echo "<input type='hidden' title='testimonial id' id='id' name='id' class='ItemValue' value=''>";
- echo "<input type='submit' name='action' class='ItemValue' onclick='return validate_testimonial(this);' value='Save'>";
+ echo "<input type='submit' name='action' class='ItemValue' onclick='return validate_testimonial();' value='Save'>";
echo "<input type='submit' name='action' class='ItemValue' onclick='confirm(\"Are you sure ?\");' value='Delete'><br>";
echo "<input type='hidden' name='page' class='ItemValue' value='testimonial'><br>";
foreach ($attribs as $arr) {
$formul[$arr] = preg_replace('/[^a-zA-Z0-9!\.?\:\/,;_()@\n -]/', " ", $_REQUEST[$arr]);
}
-
+ /* Disallow http:// links into comments field */
+ $m = array();
+ preg_match('/http:\/\//', $_REQUEST['comments'], $m);
+ if (sizeof($m) > 2) {
+ return '';
+ }
+ $m = array();
+ preg_match('/http:\/\//', $_REQUEST['hardware_comments'], $m);
+ if (sizeof($m) > 2) {
+ return '';
+ }
+ /* Disallow when number of dir too big or > number of fd */
+ if (intval($_REQUEST['number_dir']) > 100 ||
+ intval($_REQUEST['number_dir']) > intval($_REQUEST['number_fd'])) {
+ return '';
+ }
$attribs = array('publish_contact','publish_email', 'publish_orgname', 'orgtype_id',
'orgindustry_id','org_size', 'publish_orgsize','publish_website', 'bacula_version',
'country_id','ostype_id', 'redundant_setup','number_fd','number_sd','support',
projects / bacula / docs / commitdiff