diff --git a/includes/controller/shift_entries_controller.php b/includes/controller/shift_entries_controller.php index c2851c7c..cb2d9bee 100644 --- a/includes/controller/shift_entries_controller.php +++ b/includes/controller/shift_entries_controller.php @@ -12,7 +12,7 @@ function shift_entry_add_controller() global $privileges, $user; $shift_id = 0; - if (isset($_REQUEST['shift_id']) && preg_match('/^[0-9]*$/', $_REQUEST['shift_id'])) { + if (isset($_REQUEST['shift_id']) && preg_match('/^\d*$/', $_REQUEST['shift_id'])) { $shift_id = $_REQUEST['shift_id']; } else { redirect(page_link_to('user_shifts')); @@ -32,7 +32,7 @@ function shift_entry_add_controller() } $type_id = 0; - if (isset($_REQUEST['type_id']) && preg_match('/^[0-9]*$/', $_REQUEST['type_id'])) { + if (isset($_REQUEST['type_id']) && preg_match('/^\d*$/', $_REQUEST['type_id'])) { $type_id = $_REQUEST['type_id']; } else { redirect(page_link_to('user_shifts')); @@ -64,7 +64,7 @@ function shift_entry_add_controller() if ( isset($_REQUEST['user_id']) - && preg_match('/^[0-9]*$/', $_REQUEST['user_id']) + && preg_match('/^\d*$/', $_REQUEST['user_id']) && ( in_array('user_shifts_admin', $privileges) || in_array('shiftentry_edit_angeltype_supporter', $privileges) diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index 989f1a69..71459a10 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -78,7 +78,7 @@ function shift_edit_controller() $title = strip_request_item('title'); // Auswahl der sichtbaren Locations für die Schichten - if (isset($_REQUEST['rid']) && preg_match('/^[0-9]+$/', $_REQUEST['rid']) && isset($room[$_REQUEST['rid']])) { + if (isset($_REQUEST['rid']) && preg_match('/^\d+$/', $_REQUEST['rid']) && isset($room[$_REQUEST['rid']])) { $rid = $_REQUEST['rid']; } else { $valid = false; @@ -192,7 +192,7 @@ function shift_delete_controller() } // Schicht komplett löschen (nur für admins/user mit user_shifts_admin privileg) - if (!isset($_REQUEST['delete_shift']) || !preg_match('/^[0-9]*$/', $_REQUEST['delete_shift'])) { + if (!isset($_REQUEST['delete_shift']) || !preg_match('/^\d*$/', $_REQUEST['delete_shift'])) { redirect(page_link_to('user_shifts')); } $shift_id = $_REQUEST['delete_shift']; @@ -360,7 +360,7 @@ function shifts_json_export_controller() { global $user; - if (!isset($_REQUEST['key']) || !preg_match('/^[0-9a-f]{32}$/', $_REQUEST['key'])) { + if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) { engelsystem_error('Missing key.'); } diff --git a/includes/controller/shifttypes_controller.php b/includes/controller/shifttypes_controller.php index e6ba716f..9a470e29 100644 --- a/includes/controller/shifttypes_controller.php +++ b/includes/controller/shifttypes_controller.php @@ -79,7 +79,7 @@ function shifttype_edit_controller() error(_('Please enter a name.')); } - if (isset($_REQUEST['angeltype_id']) && preg_match('/^[0-9]+$/', $_REQUEST['angeltype_id'])) { + if (isset($_REQUEST['angeltype_id']) && preg_match('/^\d+$/', $_REQUEST['angeltype_id'])) { $angeltype_id = $_REQUEST['angeltype_id']; } else { $angeltype_id = null; diff --git a/includes/model/Message_model.php b/includes/model/Message_model.php index a7da63b8..ebd4b37e 100644 --- a/includes/model/Message_model.php +++ b/includes/model/Message_model.php @@ -41,7 +41,7 @@ function Message_send($receiver_user_id, $text) global $user; $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($text)); - $receiver_user_id = preg_replace('/([^0-9]{1,})/ui', '', strip_tags($receiver_user_id)); + $receiver_user_id = preg_replace('/([^\d]{1,})/ui', '', strip_tags($receiver_user_id)); if ( ($text != '' && is_numeric($receiver_user_id)) diff --git a/includes/pages/admin_active.php b/includes/pages/admin_active.php index d3b290f9..275f50ba 100644 --- a/includes/pages/admin_active.php +++ b/includes/pages/admin_active.php @@ -33,7 +33,7 @@ function admin_active() if (isset($_REQUEST['set_active'])) { $valid = true; - if (isset($_REQUEST['count']) && preg_match('/^[0-9]+$/', $_REQUEST['count'])) { + if (isset($_REQUEST['count']) && preg_match('/^\d+$/', $_REQUEST['count'])) { $count = strip_request_item('count'); if ($count < $forced_count) { error(sprintf( @@ -89,7 +89,7 @@ function admin_active() } } - if (isset($_REQUEST['active']) && preg_match('/^[0-9]+$/', $_REQUEST['active'])) { + if (isset($_REQUEST['active']) && preg_match('/^\d+$/', $_REQUEST['active'])) { $user_id = $_REQUEST['active']; $user_source = User($user_id); if ($user_source != null) { @@ -99,7 +99,7 @@ function admin_active() } else { $msg = error(_('Angel not found.'), true); } - } elseif (isset($_REQUEST['not_active']) && preg_match('/^[0-9]+$/', $_REQUEST['not_active'])) { + } elseif (isset($_REQUEST['not_active']) && preg_match('/^\d+$/', $_REQUEST['not_active'])) { $user_id = $_REQUEST['not_active']; $user_source = User($user_id); if ($user_source != null) { @@ -109,7 +109,7 @@ function admin_active() } else { $msg = error(_('Angel not found.'), true); } - } elseif (isset($_REQUEST['tshirt']) && preg_match('/^[0-9]+$/', $_REQUEST['tshirt'])) { + } elseif (isset($_REQUEST['tshirt']) && preg_match('/^\d+$/', $_REQUEST['tshirt'])) { $user_id = $_REQUEST['tshirt']; $user_source = User($user_id); if ($user_source != null) { @@ -119,7 +119,7 @@ function admin_active() } else { $msg = error('Angel not found.', true); } - } elseif (isset($_REQUEST['not_tshirt']) && preg_match('/^[0-9]+$/', $_REQUEST['not_tshirt'])) { + } elseif (isset($_REQUEST['not_tshirt']) && preg_match('/^\d+$/', $_REQUEST['not_tshirt'])) { $user_id = $_REQUEST['not_tshirt']; $user_source = User($user_id); if ($user_source != null) { diff --git a/includes/pages/admin_arrive.php b/includes/pages/admin_arrive.php index 0080ccf9..77155dae 100644 --- a/includes/pages/admin_arrive.php +++ b/includes/pages/admin_arrive.php @@ -21,7 +21,7 @@ function admin_arrive() $search = strip_request_item('search'); } - if (isset($_REQUEST['reset']) && preg_match('/^[0-9]*$/', $_REQUEST['reset'])) { + if (isset($_REQUEST['reset']) && preg_match('/^\d*$/', $_REQUEST['reset'])) { $user_id = $_REQUEST['reset']; $user_source = User($user_id); if ($user_source != null) { @@ -37,7 +37,7 @@ function admin_arrive() } else { $msg = error(_('Angel not found.'), true); } - } elseif (isset($_REQUEST['arrived']) && preg_match('/^[0-9]*$/', $_REQUEST['arrived'])) { + } elseif (isset($_REQUEST['arrived']) && preg_match('/^\d*$/', $_REQUEST['arrived'])) { $user_id = $_REQUEST['arrived']; $user_source = User($user_id); if ($user_source != null) { diff --git a/includes/pages/admin_groups.php b/includes/pages/admin_groups.php index 104fa274..4011ccf1 100644 --- a/includes/pages/admin_groups.php +++ b/includes/pages/admin_groups.php @@ -53,7 +53,7 @@ function admin_groups() } else { switch ($_REQUEST['action']) { case 'edit': - if (isset($_REQUEST['id']) && preg_match('/^-[0-9]{1,11}$/', $_REQUEST['id'])) { + if (isset($_REQUEST['id']) && preg_match('/^-\d{1,11}$/', $_REQUEST['id'])) { $group_id = $_REQUEST['id']; } else { return error('Incomplete call, missing Groups ID.', true); @@ -99,7 +99,7 @@ function admin_groups() break; case 'save': - if (isset($_REQUEST['id']) && preg_match('/^-[0-9]{1,11}$/', $_REQUEST['id'])) { + if (isset($_REQUEST['id']) && preg_match('/^-\d{1,11}$/', $_REQUEST['id'])) { $group_id = $_REQUEST['id']; } else { return error('Incomplete call, missing Groups ID.', true); @@ -114,7 +114,7 @@ function admin_groups() DB::delete('DELETE FROM `GroupPrivileges` WHERE `group_id`=?', [$group_id]); $privilege_names = []; foreach ($_REQUEST['privileges'] as $privilege) { - if (preg_match('/^[0-9]{1,}$/', $privilege)) { + if (preg_match('/^\d{1,}$/', $privilege)) { $group_privileges_source = DB::select( 'SELECT `name` FROM `Privileges` WHERE `id`=? LIMIT 1', [$privilege] diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index af5dffc6..a814bc33 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -14,7 +14,7 @@ function admin_news() } $html = '

' . _('Edit news entry') . '

' . msg(); - if (isset($_REQUEST['id']) && preg_match('/^[0-9]{1,11}$/', $_REQUEST['id'])) { + if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { $news_id = $_REQUEST['id']; } else { return error('Incomplete call, missing News ID.', true); diff --git a/includes/pages/admin_questions.php b/includes/pages/admin_questions.php index aca9b570..4c84e4f8 100644 --- a/includes/pages/admin_questions.php +++ b/includes/pages/admin_questions.php @@ -98,7 +98,7 @@ function admin_questions() } else { switch ($_REQUEST['action']) { case 'answer': - if (isset($_REQUEST['id']) && preg_match('/^[0-9]{1,11}$/', $_REQUEST['id'])) { + if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { $question_id = $_REQUEST['id']; } else { return error('Incomplete call, missing Question ID.', true); @@ -139,7 +139,7 @@ function admin_questions() } break; case 'delete': - if (isset($_REQUEST['id']) && preg_match('/^[0-9]{1,11}$/', $_REQUEST['id'])) { + if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { $question_id = $_REQUEST['id']; } else { return error('Incomplete call, missing Question ID.', true); diff --git a/includes/pages/admin_rooms.php b/includes/pages/admin_rooms.php index 50be15f3..d483f99e 100644 --- a/includes/pages/admin_rooms.php +++ b/includes/pages/admin_rooms.php @@ -112,7 +112,7 @@ function admin_rooms() foreach ($angeltypes as $angeltype_id => $angeltype) { if ( isset($_REQUEST['angeltype_count_' . $angeltype_id]) - && preg_match('/^[0-9]{1,4}$/', $_REQUEST['angeltype_count_' . $angeltype_id]) + && preg_match('/^\d{1,4}$/', $_REQUEST['angeltype_count_' . $angeltype_id]) ) { $angeltypes_count[$angeltype_id] = $_REQUEST['angeltype_count_' . $angeltype_id]; } else { diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index c543e827..06071233 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -72,7 +72,7 @@ function admin_shifts() // Auswahl der sichtbaren Locations für die Schichten if ( isset($_REQUEST['rid']) - && preg_match('/^[0-9]+$/', $_REQUEST['rid']) + && preg_match('/^\d+$/', $_REQUEST['rid']) && isset($room_array[$_REQUEST['rid']]) ) { $rid = $_REQUEST['rid']; @@ -105,7 +105,7 @@ function admin_shifts() if ($_REQUEST['mode'] == 'single') { $mode = 'single'; } elseif ($_REQUEST['mode'] == 'multi') { - if (isset($_REQUEST['length']) && preg_match('/^[0-9]+$/', trim($_REQUEST['length']))) { + if (isset($_REQUEST['length']) && preg_match('/^\d+$/', trim($_REQUEST['length']))) { $mode = 'multi'; $length = trim($_REQUEST['length']); } else { @@ -115,7 +115,7 @@ function admin_shifts() } elseif ($_REQUEST['mode'] == 'variable') { if ( isset($_REQUEST['change_hours']) - && preg_match('/^([0-9]{2}(,|$))/', trim(str_replace(' ', '', $_REQUEST['change_hours']))) + && preg_match('/^(\d{2}(,|$))/', trim(str_replace(' ', '', $_REQUEST['change_hours']))) ) { $mode = 'variable'; $change_hours = array_map('trim', explode(',', $_REQUEST['change_hours'])); @@ -137,7 +137,7 @@ function admin_shifts() foreach ($types as $type) { if ( isset($_REQUEST['type_' . $type['id']]) - && preg_match('/^[0-9]+$/', trim($_REQUEST['type_' . $type['id']])) + && preg_match('/^\d+$/', trim($_REQUEST['type_' . $type['id']])) ) { $needed_angel_types[$type['id']] = trim($_REQUEST['type_' . $type['id']]); } else { diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 647fa585..66a06116 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -155,7 +155,7 @@ function guest_register() if (isset($_REQUEST['prename'])) { $preName = strip_request_item('prename'); } - if (isset($_REQUEST['age']) && preg_match('/^[0-9]{0,4}$/', $_REQUEST['age'])) { + if (isset($_REQUEST['age']) && preg_match('/^\d{0,4}$/', $_REQUEST['age'])) { $age = strip_request_item('age'); } if (isset($_REQUEST['tel'])) { diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index 04edf03f..3c4b631d 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -9,7 +9,7 @@ function user_atom() { global $user, $display_news; - if (!isset($_REQUEST['key']) || !preg_match('/^[0-9a-f]{32}$/', $_REQUEST['key'])) { + if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) { engelsystem_error('Missing key.'); } $key = $_REQUEST['key']; @@ -48,7 +48,7 @@ function make_atom_entries_from_news($news_entries) Engelsystem ' . $_SERVER['HTTP_HOST'] . htmlspecialchars(preg_replace( - '#[&?]key=[a-f0-9]{32}#', + '#[&?]key=[a-f\d]{32}#', '', $_SERVER['REQUEST_URI'] )) diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index f9c364e6..ce474a9e 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -7,7 +7,7 @@ function user_ical() { global $user; - if (!isset($_REQUEST['key']) || !preg_match('/^[0-9a-f]{32}$/', $_REQUEST['key'])) { + if (!isset($_REQUEST['key']) || !preg_match('/^[\da-f]{32}$/', $_REQUEST['key'])) { engelsystem_error('Missing key.'); } $key = $_REQUEST['key']; diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index e4669411..dd22cd66 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -123,7 +123,7 @@ function user_messages() } else { switch ($_REQUEST['action']) { case 'read': - if (isset($_REQUEST['id']) && preg_match('/^[0-9]{1,11}$/', $_REQUEST['id'])) { + if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { $message_id = $_REQUEST['id']; } else { return error(_('Incomplete call, missing Message ID.'), true); @@ -145,7 +145,7 @@ function user_messages() break; case 'delete': - if (isset($_REQUEST['id']) && preg_match('/^[0-9]{1,11}$/', $_REQUEST['id'])) { + if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { $message_id = $_REQUEST['id']; } else { return error(_('Incomplete call, missing Message ID.'), true); diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index 76b79032..acb78875 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -23,7 +23,7 @@ function user_myshifts() if ( isset($_REQUEST['id']) && in_array('user_shifts_admin', $privileges) - && preg_match('/^[0-9]{1,}$/', $_REQUEST['id']) + && preg_match('/^\d{1,}$/', $_REQUEST['id']) && count(DB::select('SELECT `UID` FROM `User` WHERE `UID`=?', [$_REQUEST['id']])) > 0 ) { $user_id = $_REQUEST['id']; @@ -47,7 +47,7 @@ function user_myshifts() ), button(page_link_to('user_myshifts') . '&reset=ack', _('Continue'), 'btn-danger') ]); - } elseif (isset($_REQUEST['edit']) && preg_match('/^[0-9]*$/', $_REQUEST['edit'])) { + } elseif (isset($_REQUEST['edit']) && preg_match('/^\d*$/', $_REQUEST['edit'])) { $user_id = $_REQUEST['edit']; $shift = DB::select(' SELECT @@ -129,7 +129,7 @@ function user_myshifts() } else { redirect(page_link_to('user_myshifts')); } - } elseif (isset($_REQUEST['cancel']) && preg_match('/^[0-9]*$/', $_REQUEST['cancel'])) { + } elseif (isset($_REQUEST['cancel']) && preg_match('/^\d*$/', $_REQUEST['cancel'])) { $user_id = $_REQUEST['cancel']; $shift = DB::select(' SELECT * diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php index 7dfc7d0c..69d20e69 100644 --- a/includes/pages/user_news.php +++ b/includes/pages/user_news.php @@ -35,7 +35,7 @@ function user_meetings() $html = '

' . meetings_title() . '

' . msg(); - if (isset($_REQUEST['page']) && preg_match('/^[0-9]{1,}$/', $_REQUEST['page'])) { + if (isset($_REQUEST['page']) && preg_match('/^\d{1,}$/', $_REQUEST['page'])) { $page = $_REQUEST['page']; } else { $page = 0; @@ -120,7 +120,7 @@ function user_news_comments() $html = '

' . user_news_comments_title() . '

'; if ( isset($_REQUEST['nid']) - && preg_match('/^[0-9]{1,}$/', $_REQUEST['nid']) + && preg_match('/^\d{1,}$/', $_REQUEST['nid']) && count(DB::select('SELECT `ID` FROM `News` WHERE `ID`=? LIMIT 1', [$_REQUEST['nid']])) > 0 ) { $nid = $_REQUEST['nid']; @@ -203,7 +203,7 @@ function user_news() redirect(page_link_to('news')); } - if (isset($_REQUEST['page']) && preg_match('/^[0-9]{1,}$/', $_REQUEST['page'])) { + if (isset($_REQUEST['page']) && preg_match('/^\d{1,}$/', $_REQUEST['page'])) { $page = $_REQUEST['page']; } else { $page = 0; diff --git a/includes/pages/user_questions.php b/includes/pages/user_questions.php index 04ae8914..5cb60db3 100644 --- a/includes/pages/user_questions.php +++ b/includes/pages/user_questions.php @@ -56,7 +56,7 @@ function user_questions() } break; case 'delete': - if (isset($_REQUEST['id']) && preg_match('/^[0-9]{1,11}$/', $_REQUEST['id'])) { + if (isset($_REQUEST['id']) && preg_match('/^\d{1,11}$/', $_REQUEST['id'])) { $question_id = $_REQUEST['id']; } else { return error(_('Incomplete call, missing Question ID.'), true); diff --git a/includes/sys_page.php b/includes/sys_page.php index fd03e291..b2199988 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -164,7 +164,7 @@ function strip_request_item($name, $default_value = null) function test_request_int($name) { if (isset($_REQUEST[$name])) { - return preg_match('/^[0-9]*$/', $_REQUEST[$name]); + return preg_match('/^\d*$/', $_REQUEST[$name]); } return false; } diff --git a/public/index.php b/public/index.php index 92a71c6d..12d6f744 100644 --- a/public/index.php +++ b/public/index.php @@ -30,7 +30,7 @@ if (!isset($_REQUEST['p'])) { if ( isset($_REQUEST['p']) - && preg_match('/^[a-z0-9_]*$/i', $_REQUEST['p']) + && preg_match('/^\w*$/i', $_REQUEST['p']) && ( in_array($_REQUEST['p'], $free_pages) || (isset($privileges) && in_array($_REQUEST['p'], $privileges))