Added regex check for next_tab variable in form handler.

Till Brehm · Till Brehm · commit 5309338c286e · 2017-12-30T17:27:42.000+01:00
diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
@@ -115,11 +115,18 @@ function getNextTab() {
 			// Show the same tab again in case of an error
 			$active_tab = $_SESSION["s"]["form"]["tab"];
 		}
+		
+		if(!preg_match('/^[a-zA-Z0-9_]{0,50}$/',$active_tab)) {
+			die('Invalid next tab name.');
+		}
 
 		return $active_tab;
 	}
 
 	function getCurrentTab() {
+		if(!preg_match('/^[a-zA-Z0-9_]{0,50}$/',$_SESSION["s"]["form"]["tab"])) {
+			die('Invalid current tab name.');
+		}
 		return $_SESSION["s"]["form"]["tab"];
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -115,11 +115,18 @@ function getNextTab() {`
`115`	`115`	`// Show the same tab again in case of an error`
`116`	`116`	`$active_tab = $_SESSION["s"]["form"]["tab"];`
`117`	`117`	`}`
	`118`	`+`
	`119`	`+ if(!preg_match('/^[a-zA-Z0-9_]{0,50}$/',$active_tab)) {`
	`120`	`+ die('Invalid next tab name.');`
	`121`	`+ }`
`118`	`122`
`119`	`123`	`return $active_tab;`
`120`	`124`	`}`
`121`	`125`
`122`	`126`	`function getCurrentTab() {`
	`127`	`+ if(!preg_match('/^[a-zA-Z0-9_]{0,50}$/',$_SESSION["s"]["form"]["tab"])) {`
	`128`	`+ die('Invalid current tab name.');`
	`129`	`+ }`
`123`	`130`	`return $_SESSION["s"]["form"]["tab"];`
`124`	`131`	`}`
`125`	`132`