From 4b530faa88b9afb8467805a9dde8204b9b0bd9fa Mon Sep 17 00:00:00 2001
From: Tom N Harris <tnharris@whoopdedo.org>
Date: Sun, 24 Jun 2012 18:24:07 -0400
Subject: [PATCH] validate inputs to install form

---
 install.php | 100 +++++++++++++++++++++++++++++++++-------------------
 1 file changed, 63 insertions(+), 37 deletions(-)

diff --git a/install.php b/install.php
index 80e9ad407..698cd64c4 100644
--- a/install.php
+++ b/install.php
@@ -29,8 +29,10 @@ if (get_magic_quotes_gpc() && !defined('MAGIC_QUOTES_STRIPPED')) {
 
 // language strings
 require_once(DOKU_INC.'inc/lang/en/lang.php');
-$LC = preg_replace('/[^a-z\-]+/','',$_REQUEST['l']);
-if(!$LC) $LC = 'en';
+if(isset($_REQUEST['l']) && !is_array($_REQUEST['l'])) {
+    $LC = preg_replace('/[^a-z\-]+/','',$_REQUEST['l']);
+}
+if(empty($LC)) $LC = 'en';
 if($LC && $LC != 'en' ) {
     require_once(DOKU_INC.'inc/lang/'.$LC.'/lang.php');
 }
@@ -56,7 +58,6 @@ $dokuwiki_hash = array(
 );
 
 
-
 // begin output
 header('Content-Type: text/html; charset=utf-8');
 ?>
@@ -131,17 +132,16 @@ header('Content-Type: text/html; charset=utf-8');
             }elseif(!check_configs()){
                 echo '<p>'.$lang['i_modified'].'</p>';
                 print_errors();
-            }elseif($_REQUEST['submit']){
-                if(!check_data($_REQUEST['d'])){
-                    print_errors();
-                    print_form($_REQUEST['d']);
-                }elseif(!store_data($_REQUEST['d'])){
+            }elseif(check_data($_REQUEST['d'])){
+                // check_data has sanitized all input parameters
+                if(!store_data($_REQUEST['d'])){
                     echo '<p>'.$lang['i_failure'].'</p>';
                     print_errors();
                 }else{
                     echo '<p>'.$lang['i_success'].'</p>';
                 }
             }else{
+                print_errors();
                 print_form($_REQUEST['d']);
             }
         ?>
@@ -252,41 +252,65 @@ function print_retry() {
  * @author Andreas Gohr
  */
 function check_data(&$d){
+    static $form_default = array(
+        'title'     => '',
+        'acl'       => '0',
+        'superuser' => '',
+        'fullname'  => '',
+        'email'     => '',
+        'password'  => '',
+        'confirm'   => '',
+        'policy'    => '0',
+        'license'   => 'cc-by-sa'
+    );
     global $lang;
     global $error;
 
+    if(!is_array($d)) $d = array();
+    foreach($d as $k => $v) {
+        if(is_array($v))
+            unset($d[$k]);
+        else
+            $d[$k] = (string)$v;
+    }
+
     //autolowercase the username
-    $d['superuser'] = strtolower($d['superuser']);
+    $d['superuser'] = isset($d['superuser']) ? strtolower($d['superuser']) : "";
 
-    $ok = true;
+    $ok = false;
 
-    // check input
-    if(empty($d['title'])){
-        $error[] = sprintf($lang['i_badval'],$lang['i_wikiname']);
-        $ok      = false;
-    }
-    if($d['acl']){
-        if(!preg_match('/^[a-z0-9_]+$/',$d['superuser'])){
-            $error[] = sprintf($lang['i_badval'],$lang['i_superuser']);
-            $ok      = false;
-        }
-        if(empty($d['password'])){
-            $error[] = sprintf($lang['i_badval'],$lang['pass']);
-            $ok      = false;
-        }
-        if($d['confirm'] != $d['password']){
-            $error[] = sprintf($lang['i_badval'],$lang['passchk']);
-            $ok      = false;
-        }
-        if(empty($d['fullname']) || strstr($d['fullname'],':')){
-            $error[] = sprintf($lang['i_badval'],$lang['fullname']);
+    if(isset($_REQUEST['submit'])) {
+        $ok = true;
+
+        // check input
+        if(empty($d['title'])){
+            $error[] = sprintf($lang['i_badval'],$lang['i_wikiname']);
             $ok      = false;
         }
-        if(empty($d['email']) || strstr($d['email'],':') || !strstr($d['email'],'@')){
-            $error[] = sprintf($lang['i_badval'],$lang['email']);
-            $ok      = false;
+        if(isset($d['acl'])){
+            if(!preg_match('/^[a-z0-9_]+$/',$d['superuser'])){
+                $error[] = sprintf($lang['i_badval'],$lang['i_superuser']);
+                $ok      = false;
+            }
+            if(empty($d['password'])){
+                $error[] = sprintf($lang['i_badval'],$lang['pass']);
+                $ok      = false;
+            }
+            elseif(!isset($d['confirm']) || $d['confirm'] != $d['password']){
+                $error[] = sprintf($lang['i_badval'],$lang['passchk']);
+                $ok      = false;
+            }
+            if(empty($d['fullname']) || strstr($d['fullname'],':')){
+                $error[] = sprintf($lang['i_badval'],$lang['fullname']);
+                $ok      = false;
+            }
+            if(empty($d['email']) || strstr($d['email'],':') || !strstr($d['email'],'@')){
+                $error[] = sprintf($lang['i_badval'],$lang['email']);
+                $ok      = false;
+            }
         }
     }
+    $d = array_merge($form_default, $d);
     return $ok;
 }
 
@@ -531,11 +555,13 @@ function langsel(){
  */
 function print_errors(){
     global $error;
-    echo '<ul>';
-    foreach ($error as $err){
-        echo "<li>$err</li>";
+    if(!empty($error)) {
+        echo '<ul>';
+        foreach ($error as $err){
+            echo "<li>$err</li>";
+        }
+        echo '</ul>';
     }
-    echo '</ul>';
 }
 
 /**
-- 
GitLab