Fixed: FS#1083 - Make some validation for Redirect paths.

Author: tbrehm

interface/web/sites/form/web_aliasdomain.tform.php

@@ -111,6 +111,10 @@
 		'redirect_path' => array (
 			'datatype'	=> 'VARCHAR',
 			'formtype'	=> 'TEXT',
+			'validators'	=> array ( 	0 => array (	'type'	=> 'REGEX',
+														'regex' => '@^(([.]{0})|(https?://([-\w\.]+)+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?)|(/[\w/_\.\-]{1,255}/))$@',
+														'errmsg'=> 'redirect_error_regex'),
+									),
 			'default'	=> '',
 			'value'		=> '',
 			'width'		=> '30',

interface/web/sites/form/web_domain.tform.php

@@ -223,6 +223,10 @@
 		),
 		'redirect_path' => array (
 			'datatype'	=> 'VARCHAR',
+			'validators'	=> array ( 	0 => array (	'type'	=> 'REGEX',
+														'regex' => '@^(([.]{0})|(https?://([-\w\.]+)+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?)|(/[\w/_\.\-]{1,255}/))$@',
+														'errmsg'=> 'redirect_error_regex'),
+									),
 			'formtype'	=> 'TEXT',
 			'default'	=> '',
 			'value'		=> '',

interface/web/sites/form/web_subdomain.tform.php

@@ -111,6 +111,10 @@
 		'redirect_path' => array (
 			'datatype'	=> 'VARCHAR',
 			'formtype'	=> 'TEXT',
+			'validators'	=> array ( 	0 => array (	'type'	=> 'REGEX',
+														'regex' => '@^(([.]{0})|(https?://([-\w\.]+)+(:\d+)?(/([\w/_\.]*(\?\S+)?)?)?)|(/[\w/_\.\-]{1,255}/))$@',
+														'errmsg'=> 'redirect_error_regex'),
+									),
 			'default'	=> '',
 			'value'		=> '',
 			'width'		=> '30',

interface/web/sites/lib/lang/en_web_domain.lng

@@ -55,4 +55,5 @@ $wb["ssl_organisation_error_regex"] = 'Invalid SSL Organisation. Valid character
 $wb["ssl_organistaion_unit_error_regex"] = 'Invalid SSL Organisation Unit. Valid characters are: a-z, 0-9 and .,-_';
 $wb["ssl_country_error_regex"] = 'Invalid SSL Country. Valid characters are: A-Z';
 $wb["limit_traffic_quota_free_txt"] = 'Max. available Traffic Quota';
+$wb["redirect_error_regex"] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
 ?>

interface/web/sites/lib/lang/en_web_subdomain.lng

@@ -1,39 +1,40 @@
-<?php
-$wb["ssl_state_txt"] = 'State';
-$wb["ssl_locality_txt"] = 'Locality';
-$wb["ssl_organisation_txt"] = 'Organisation';
-$wb["ssl_organisation_unit_txt"] = 'Organisation Unit';
-$wb["ssl_country_txt"] = 'Country';
-$wb["ssl_request_txt"] = 'SSL Request';
-$wb["ssl_cert_txt"] = 'SSL Certificate';
-$wb["ssl_bundle_txt"] = 'SSL Bundle';
-$wb["ssl_action_txt"] = 'SSL Action';
-$wb["server_id_txt"] = 'Server';
-$wb["domain_txt"] = 'Domain';
-$wb["type_txt"] = 'Type';
-$wb["parent_domain_id_txt"] = 'Parent Website';
-$wb["redirect_type_txt"] = 'Redirect Type';
-$wb["redirect_path_txt"] = 'Redirect Path';
-$wb["active_txt"] = 'Active';
-$wb["document_root_txt"] = 'Documentroot';
-$wb["system_user_txt"] = 'Linux User';
-$wb["system_group_txt"] = 'Linux Group';
-$wb["ip_address_txt"] = 'IP-Address';
-$wb["vhost_type_txt"] = 'VHost Type';
-$wb["hd_quota_txt"] = 'Harddisk Quota';
-$wb["traffic_quota_txt"] = 'Traffic Quaota';
-$wb["cgi_txt"] = 'CGI';
-$wb["ssi_txt"] = 'SSI';
-$wb["ssl_txt"] = 'SSL';
-$wb["suexec_txt"] = 'SuEXEC';
-$wb["php_txt"] = 'PHP';
-$wb["client_txt"] = 'Client';
-$wb["limit_web_domain_txt"] = 'The max. number of web domains for your account is reached.';
-$wb["limit_web_aliasdomain_txt"] = 'The max. number of aliasdomains for your account is reached.';
-$wb["limit_web_subdomain_txt"] = 'The max. number of web subdomains for your account is reached.';
-$wb["apache_directives_txt"] = 'Apache directives';
-$wb["domain_error_empty"] = 'Domain is empty.';
-$wb["domain_error_unique"] = 'There is already a website or sub / aliasdomain with this domain name.';
-$wb["domain_error_regex"] = 'Domain name invalid.';
-$wb["host_txt"] = 'Host';
+<?php
+$wb["ssl_state_txt"] = 'State';
+$wb["ssl_locality_txt"] = 'Locality';
+$wb["ssl_organisation_txt"] = 'Organisation';
+$wb["ssl_organisation_unit_txt"] = 'Organisation Unit';
+$wb["ssl_country_txt"] = 'Country';
+$wb["ssl_request_txt"] = 'SSL Request';
+$wb["ssl_cert_txt"] = 'SSL Certificate';
+$wb["ssl_bundle_txt"] = 'SSL Bundle';
+$wb["ssl_action_txt"] = 'SSL Action';
+$wb["server_id_txt"] = 'Server';
+$wb["domain_txt"] = 'Domain';
+$wb["type_txt"] = 'Type';
+$wb["parent_domain_id_txt"] = 'Parent Website';
+$wb["redirect_type_txt"] = 'Redirect Type';
+$wb["redirect_path_txt"] = 'Redirect Path';
+$wb["active_txt"] = 'Active';
+$wb["document_root_txt"] = 'Documentroot';
+$wb["system_user_txt"] = 'Linux User';
+$wb["system_group_txt"] = 'Linux Group';
+$wb["ip_address_txt"] = 'IP-Address';
+$wb["vhost_type_txt"] = 'VHost Type';
+$wb["hd_quota_txt"] = 'Harddisk Quota';
+$wb["traffic_quota_txt"] = 'Traffic Quaota';
+$wb["cgi_txt"] = 'CGI';
+$wb["ssi_txt"] = 'SSI';
+$wb["ssl_txt"] = 'SSL';
+$wb["suexec_txt"] = 'SuEXEC';
+$wb["php_txt"] = 'PHP';
+$wb["client_txt"] = 'Client';
+$wb["limit_web_domain_txt"] = 'The max. number of web domains for your account is reached.';
+$wb["limit_web_aliasdomain_txt"] = 'The max. number of aliasdomains for your account is reached.';
+$wb["limit_web_subdomain_txt"] = 'The max. number of web subdomains for your account is reached.';
+$wb["apache_directives_txt"] = 'Apache directives';
+$wb["domain_error_empty"] = 'Domain is empty.';
+$wb["domain_error_unique"] = 'There is already a website or sub / aliasdomain with this domain name.';
+$wb["domain_error_regex"] = 'Domain name invalid.';
+$wb["host_txt"] = 'Host';
+$wb["redirect_error_regex"] = 'Invalid redirect path. Valid redirects are for example: /test/ or http://www.domain.tld/test/';
 ?>