diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php
index c2851c7c..cb2d9bee 100644
--- a/includes/controller/shift_entries_controller.php
+++ b/includes/controller/shift_entries_controller.php
@@ -12,7 +12,7 @@ function shift_entry_add_controller()
global $privileges, $user;
$shift_id = 0;
- if (isset($_REQUEST['shift_id']) && preg_match('/^[0-9]*$/', $_REQUEST['shift_id'])) {
+ if (isset($_REQUEST['shift_id']) && preg_match('/^\d*$/', $_REQUEST['shift_id'])) {
$shift_id = $_REQUEST['shift_id'];
} else {
redirect(page_link_to('user_shifts'));
@@ -32,7 +32,7 @@ function shift_entry_add_controller()
}
$type_id = 0;
- if (isset($_REQUEST['type_id']) && preg_match('/^[0-9]*$/', $_REQUEST['type_id'])) {
+ if (isset($_REQUEST['type_id']) && preg_match('/^\d*$/', $_REQUEST['type_id'])) {
$type_id = $_REQUEST['type_id'];
} else {
redirect(page_link_to('user_shifts'));
@@ -64,7 +64,7 @@ function shift_entry_add_controller()
if (
isset($_REQUEST['user_id'])
- && preg_match('/^[0-9]*$/', $_REQUEST['user_id'])
+ && preg_match('/^\d*$/', $_REQUEST['user_id'])
&& (
in_array('user_shifts_admin', $privileges)
|| in_array('shiftentry_edit_angeltype_supporter', $privileges)
diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php
index 989f1a69..71459a10 100644
--- a/includes/controller/shifts_controller.php
+++ b/includes/controller/shifts_controller.php
@@ -78,7 +78,7 @@ function shift_edit_controller()
$title = strip_request_item('title');
// Auswahl der sichtbaren Locations für die Schichten
- if (isset($_REQUEST['rid']) && preg_match('/^[0-9]+$/', $_REQUEST['rid']) && isset($room[$_REQUEST['rid']])) {
+ if (isset($_REQUEST['rid']) && preg_match('/^\d+$/', $_REQUEST['rid']) && isset($room[$_REQUEST['rid']])) {
$rid = $_REQUEST['rid'];
} else {
$valid = false;
@@ -192,7 +192,7 @@ function shift_delete_controller()
}
// Schicht komplett löschen (nur für admins/user mit user_shifts_admin privileg)
- if (!isset($_REQUEST['delete_shift']) || !preg_match('/^[0-9]*$/', $_REQUEST['delete_shift'])) {
+ if (!isset($_REQUEST['delete_shift']) || !preg_match('/^\d*$/', $_REQUEST['delete_shift'])) {
redirect(page_link_to('user_shifts'));
}
$shift_id = $_REQUEST['delete_shift'];
@@ -360,7 +360,7 @@ function shifts_json_export_controller()
{
global $user;
- if (!isset($_REQUEST['key']) || !preg_match('/^[0-9a-f]{32}$/', $_REQUEST['key'])) {
+ if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) {
engelsystem_error('Missing key.');
}
diff --git a/includes/controller/shifttypes_controller.php b/includes/controller/shifttypes_controller.php
index e6ba716f..9a470e29 100644
--- a/includes/controller/shifttypes_controller.php
+++ b/includes/controller/shifttypes_controller.php
@@ -79,7 +79,7 @@ function shifttype_edit_controller()
error(_('Please enter a name.'));
}
- if (isset($_REQUEST['angeltype_id']) && preg_match('/^[0-9]+$/', $_REQUEST['angeltype_id'])) {
+ if (isset($_REQUEST['angeltype_id']) && preg_match('/^\d+$/', $_REQUEST['angeltype_id'])) {
$angeltype_id = $_REQUEST['angeltype_id'];
} else {
$angeltype_id = null;
diff --git a/includes/model/Message_model.php b/includes/model/Message_model.php
index a7da63b8..ebd4b37e 100644
--- a/includes/model/Message_model.php
+++ b/includes/model/Message_model.php
@@ -41,7 +41,7 @@ function Message_send($receiver_user_id, $text)
global $user;
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text));
- $receiver_user_id = preg_replace('/([^0-9]{1,})/ui', '', strip_tags($receiver_user_id));
+ $receiver_user_id = preg_replace('/([^\d]{1,})/ui', '', strip_tags($receiver_user_id));
if (
($text != '' && is_numeric($receiver_user_id))
diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php
index d3b290f9..275f50ba 100644
--- a/includes/pages/admin_active.php
+++ b/includes/pages/admin_active.php
@@ -33,7 +33,7 @@ function admin_active()
if (isset($_REQUEST['set_active'])) {
$valid = true;
- if (isset($_REQUEST['count']) && preg_match('/^[0-9]+$/', $_REQUEST['count'])) {
+ if (isset($_REQUEST['count']) && preg_match('/^\d+$/', $_REQUEST['count'])) {
$count = strip_request_item('count');
if ($count < $forced_count) {
error(sprintf(
@@ -89,7 +89,7 @@ function admin_active()
}
}
- if (isset($_REQUEST['active']) && preg_match('/^[0-9]+$/', $_REQUEST['active'])) {
+ if (isset($_REQUEST['active']) && preg_match('/^\d+$/', $_REQUEST['active'])) {
$user_id = $_REQUEST['active'];
$user_source = User($user_id);
if ($user_source != null) {
@@ -99,7 +99,7 @@ function admin_active()
} else {
$msg = error(_('Angel not found.'), true);
}
- } elseif (isset($_REQUEST['not_active']) && preg_match('/^[0-9]+$/', $_REQUEST['not_active'])) {
+ } elseif (isset($_REQUEST['not_active']) && preg_match('/^\d+$/', $_REQUEST['not_active'])) {
$user_id = $_REQUEST['not_active'];
$user_source = User($user_id);
if ($user_source != null) {
@@ -109,7 +109,7 @@ function admin_active()
} else {
$msg = error(_('Angel not found.'), true);
}
- } elseif (isset($_REQUEST['tshirt']) && preg_match('/^[0-9]+$/', $_REQUEST['tshirt'])) {
+ } elseif (isset($_REQUEST['tshirt']) && preg_match('/^\d+$/', $_REQUEST['tshirt'])) {
$user_id = $_REQUEST['tshirt'];
$user_source = User($user_id);
if ($user_source != null) {
@@ -119,7 +119,7 @@ function admin_active()
} else {
$msg = error('Angel not found.', true);
}
- } elseif (isset($_REQUEST['not_tshirt']) && preg_match('/^[0-9]+$/', $_REQUEST['not_tshirt'])) {
+ } elseif (isset($_REQUEST['not_tshirt']) && preg_match('/^\d+$/', $_REQUEST['not_tshirt'])) {
$user_id = $_REQUEST['not_tshirt'];
$user_source = User($user_id);
if ($user_source != null) {
diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php
index 0080ccf9..77155dae 100644
--- a/includes/pages/admin_arrive.php
+++ b/includes/pages/admin_arrive.php
@@ -21,7 +21,7 @@ function admin_arrive()
$search = strip_request_item('search');
}
- if (isset($_REQUEST['reset']) && preg_match('/^[0-9]*$/', $_REQUEST['reset'])) {
+ if (isset($_REQUEST['reset']) && preg_match('/^\d*$/', $_REQUEST['reset'])) {
$user_id = $_REQUEST['reset'];
$user_source = User($user_id);
if ($user_source != null) {
@@ -37,7 +37,7 @@ function admin_arrive()
} else {
$msg = error(_('Angel not found.'), true);
}
- } elseif (isset($_REQUEST['arrived']) && preg_match('/^[0-9]*$/', $_REQUEST['arrived'])) {
+ } elseif (isset($_REQUEST['arrived']) && preg_match('/^\d*$/', $_REQUEST['arrived'])) {
$user_id = $_REQUEST['arrived'];
$user_source = User($user_id);
if ($user_source != null) {
diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php
index 104fa274..4011ccf1 100644
--- a/includes/pages/admin_groups.php
+++ b/includes/pages/admin_groups.php
@@ -53,7 +53,7 @@ function admin_groups()
} else {
switch ($_REQUEST['action']) {
case 'edit':
- if (isset($_REQUEST['id']) && preg_match('/^-[0-9]{1,11}$/', $_REQUEST['id'])) {
+ if (isset($_REQUEST['id']) && preg_match('/^-\d{1,11}$/', $_REQUEST['id'])) {
$group_id = $_REQUEST['id'];
} else {
return error('Incomplete call, missing Groups ID.', true);
@@ -99,7 +99,7 @@ function admin_groups()
break;
case 'save':
- if (isset($_REQUEST['id']) && preg_match('/^-[0-9]{1,11}$/', $_REQUEST['id'])) {
+ if (isset($_REQUEST['id']) && preg_match('/^-\d{1,11}$/', $_REQUEST['id'])) {
$group_id = $_REQUEST['id'];
} else {
return error('Incomplete call, missing Groups ID.', true);
@@ -114,7 +114,7 @@ function admin_groups()
DB::delete('DELETE FROM `GroupPrivileges` WHERE `group_id`=?', [$group_id]);
$privilege_names = [];
foreach ($_REQUEST['privileges'] as $privilege) {
- if (preg_match('/^[0-9]{1,}$/', $privilege)) {
+ if (preg_match('/^\d{1,}$/', $privilege)) {
$group_privileges_source = DB::select(
'SELECT `name` FROM `Privileges` WHERE `id`=? LIMIT 1',
[$privilege]
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index af5dffc6..a814bc33 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -14,7 +14,7 @@ function admin_news()
}
$html = '
' . _('Edit news entry') . '
' . msg();
- if (isset($_REQUEST['id']) && preg_match('/^[0-9]{1,11}$/', $_REQUEST['id'])) {
+ if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
$news_id = $_REQUEST['id'];
} else {
return error('Incomplete call, missing News ID.', true);
diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php
index aca9b570..4c84e4f8 100644
--- a/includes/pages/admin_questions.php
+++ b/includes/pages/admin_questions.php
@@ -98,7 +98,7 @@ function admin_questions()
} else {
switch ($_REQUEST['action']) {
case 'answer':
- if (isset($_REQUEST['id']) && preg_match('/^[0-9]{1,11}$/', $_REQUEST['id'])) {
+ if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
$question_id = $_REQUEST['id'];
} else {
return error('Incomplete call, missing Question ID.', true);
@@ -139,7 +139,7 @@ function admin_questions()
}
break;
case 'delete':
- if (isset($_REQUEST['id']) && preg_match('/^[0-9]{1,11}$/', $_REQUEST['id'])) {
+ if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
$question_id = $_REQUEST['id'];
} else {
return error('Incomplete call, missing Question ID.', true);
diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php
index 50be15f3..d483f99e 100644
--- a/includes/pages/admin_rooms.php
+++ b/includes/pages/admin_rooms.php
@@ -112,7 +112,7 @@ function admin_rooms()
foreach ($angeltypes as $angeltype_id => $angeltype) {
if (
isset($_REQUEST['angeltype_count_' . $angeltype_id])
- && preg_match('/^[0-9]{1,4}$/', $_REQUEST['angeltype_count_' . $angeltype_id])
+ && preg_match('/^\d{1,4}$/', $_REQUEST['angeltype_count_' . $angeltype_id])
) {
$angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id];
} else {
diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php
index c543e827..06071233 100644
--- a/includes/pages/admin_shifts.php
+++ b/includes/pages/admin_shifts.php
@@ -72,7 +72,7 @@ function admin_shifts()
// Auswahl der sichtbaren Locations für die Schichten
if (
isset($_REQUEST['rid'])
- && preg_match('/^[0-9]+$/', $_REQUEST['rid'])
+ && preg_match('/^\d+$/', $_REQUEST['rid'])
&& isset($room_array[$_REQUEST['rid']])
) {
$rid = $_REQUEST['rid'];
@@ -105,7 +105,7 @@ function admin_shifts()
if ($_REQUEST['mode'] == 'single') {
$mode = 'single';
} elseif ($_REQUEST['mode'] == 'multi') {
- if (isset($_REQUEST['length']) && preg_match('/^[0-9]+$/', trim($_REQUEST['length']))) {
+ if (isset($_REQUEST['length']) && preg_match('/^\d+$/', trim($_REQUEST['length']))) {
$mode = 'multi';
$length = trim($_REQUEST['length']);
} else {
@@ -115,7 +115,7 @@ function admin_shifts()
} elseif ($_REQUEST['mode'] == 'variable') {
if (
isset($_REQUEST['change_hours'])
- && preg_match('/^([0-9]{2}(,|$))/', trim(str_replace(' ', '', $_REQUEST['change_hours'])))
+ && preg_match('/^(\d{2}(,|$))/', trim(str_replace(' ', '', $_REQUEST['change_hours'])))
) {
$mode = 'variable';
$change_hours = array_map('trim', explode(',', $_REQUEST['change_hours']));
@@ -137,7 +137,7 @@ function admin_shifts()
foreach ($types as $type) {
if (
isset($_REQUEST['type_' . $type['id']])
- && preg_match('/^[0-9]+$/', trim($_REQUEST['type_' . $type['id']]))
+ && preg_match('/^\d+$/', trim($_REQUEST['type_' . $type['id']]))
) {
$needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]);
} else {
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index 647fa585..66a06116 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -155,7 +155,7 @@ function guest_register()
if (isset($_REQUEST['prename'])) {
$preName = strip_request_item('prename');
}
- if (isset($_REQUEST['age']) && preg_match('/^[0-9]{0,4}$/', $_REQUEST['age'])) {
+ if (isset($_REQUEST['age']) && preg_match('/^\d{0,4}$/', $_REQUEST['age'])) {
$age = strip_request_item('age');
}
if (isset($_REQUEST['tel'])) {
diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php
index 04edf03f..3c4b631d 100644
--- a/includes/pages/user_atom.php
+++ b/includes/pages/user_atom.php
@@ -9,7 +9,7 @@ function user_atom()
{
global $user, $display_news;
- if (!isset($_REQUEST['key']) || !preg_match('/^[0-9a-f]{32}$/', $_REQUEST['key'])) {
+ if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) {
engelsystem_error('Missing key.');
}
$key = $_REQUEST['key'];
@@ -48,7 +48,7 @@ function make_atom_entries_from_news($news_entries)
Engelsystem
' . $_SERVER['HTTP_HOST']
. htmlspecialchars(preg_replace(
- '#[&?]key=[a-f0-9]{32}#',
+ '#[&?]key=[a-f\d]{32}#',
'',
$_SERVER['REQUEST_URI']
))
diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php
index f9c364e6..ce474a9e 100644
--- a/includes/pages/user_ical.php
+++ b/includes/pages/user_ical.php
@@ -7,7 +7,7 @@ function user_ical()
{
global $user;
- if (!isset($_REQUEST['key']) || !preg_match('/^[0-9a-f]{32}$/', $_REQUEST['key'])) {
+ if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) {
engelsystem_error('Missing key.');
}
$key = $_REQUEST['key'];
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index e4669411..dd22cd66 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -123,7 +123,7 @@ function user_messages()
} else {
switch ($_REQUEST['action']) {
case 'read':
- if (isset($_REQUEST['id']) && preg_match('/^[0-9]{1,11}$/', $_REQUEST['id'])) {
+ if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
$message_id = $_REQUEST['id'];
} else {
return error(_('Incomplete call, missing Message ID.'), true);
@@ -145,7 +145,7 @@ function user_messages()
break;
case 'delete':
- if (isset($_REQUEST['id']) && preg_match('/^[0-9]{1,11}$/', $_REQUEST['id'])) {
+ if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
$message_id = $_REQUEST['id'];
} else {
return error(_('Incomplete call, missing Message ID.'), true);
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index 76b79032..acb78875 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -23,7 +23,7 @@ function user_myshifts()
if (
isset($_REQUEST['id'])
&& in_array('user_shifts_admin', $privileges)
- && preg_match('/^[0-9]{1,}$/', $_REQUEST['id'])
+ && preg_match('/^\d{1,}$/', $_REQUEST['id'])
&& count(DB::select('SELECT `UID` FROM `User` WHERE `UID`=?', [$_REQUEST['id']])) > 0
) {
$user_id = $_REQUEST['id'];
@@ -47,7 +47,7 @@ function user_myshifts()
),
button(page_link_to('user_myshifts') . '&reset=ack', _('Continue'), 'btn-danger')
]);
- } elseif (isset($_REQUEST['edit']) && preg_match('/^[0-9]*$/', $_REQUEST['edit'])) {
+ } elseif (isset($_REQUEST['edit']) && preg_match('/^\d*$/', $_REQUEST['edit'])) {
$user_id = $_REQUEST['edit'];
$shift = DB::select('
SELECT
@@ -129,7 +129,7 @@ function user_myshifts()
} else {
redirect(page_link_to('user_myshifts'));
}
- } elseif (isset($_REQUEST['cancel']) && preg_match('/^[0-9]*$/', $_REQUEST['cancel'])) {
+ } elseif (isset($_REQUEST['cancel']) && preg_match('/^\d*$/', $_REQUEST['cancel'])) {
$user_id = $_REQUEST['cancel'];
$shift = DB::select('
SELECT *
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index 7dfc7d0c..69d20e69 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -35,7 +35,7 @@ function user_meetings()
$html = '' . meetings_title() . '
' . msg();
- if (isset($_REQUEST['page']) && preg_match('/^[0-9]{1,}$/', $_REQUEST['page'])) {
+ if (isset($_REQUEST['page']) && preg_match('/^\d{1,}$/', $_REQUEST['page'])) {
$page = $_REQUEST['page'];
} else {
$page = 0;
@@ -120,7 +120,7 @@ function user_news_comments()
$html = '
' . user_news_comments_title() . '
';
if (
isset($_REQUEST['nid'])
- && preg_match('/^[0-9]{1,}$/', $_REQUEST['nid'])
+ && preg_match('/^\d{1,}$/', $_REQUEST['nid'])
&& count(DB::select('SELECT `ID` FROM `News` WHERE `ID`=? LIMIT 1', [$_REQUEST['nid']])) > 0
) {
$nid = $_REQUEST['nid'];
@@ -203,7 +203,7 @@ function user_news()
redirect(page_link_to('news'));
}
- if (isset($_REQUEST['page']) && preg_match('/^[0-9]{1,}$/', $_REQUEST['page'])) {
+ if (isset($_REQUEST['page']) && preg_match('/^\d{1,}$/', $_REQUEST['page'])) {
$page = $_REQUEST['page'];
} else {
$page = 0;
diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php
index 04ae8914..5cb60db3 100644
--- a/includes/pages/user_questions.php
+++ b/includes/pages/user_questions.php
@@ -56,7 +56,7 @@ function user_questions()
}
break;
case 'delete':
- if (isset($_REQUEST['id']) && preg_match('/^[0-9]{1,11}$/', $_REQUEST['id'])) {
+ if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) {
$question_id = $_REQUEST['id'];
} else {
return error(_('Incomplete call, missing Question ID.'), true);
diff --git a/includes/sys_page.php b/includes/sys_page.php
index fd03e291..b2199988 100644
--- a/includes/sys_page.php
+++ b/includes/sys_page.php
@@ -164,7 +164,7 @@ function strip_request_item($name, $default_value = null)
function test_request_int($name)
{
if (isset($_REQUEST[$name])) {
- return preg_match('/^[0-9]*$/', $_REQUEST[$name]);
+ return preg_match('/^\d*$/', $_REQUEST[$name]);
}
return false;
}
diff --git a/public/index.php b/public/index.php
index 92a71c6d..12d6f744 100644
--- a/public/index.php
+++ b/public/index.php
@@ -30,7 +30,7 @@ if (!isset($_REQUEST['p'])) {
if (
isset($_REQUEST['p'])
- && preg_match('/^[a-z0-9_]*$/i', $_REQUEST['p'])
+ && preg_match('/^\w*$/i', $_REQUEST['p'])
&& (
in_array($_REQUEST['p'], $free_pages)
|| (isset($privileges) && in_array($_REQUEST['p'], $privileges))