Improved DB handling

Fixes hestiacp#1045 hestiacp#1084

See hestiacp#1045 for notes

Author: jaapmarcus

func/main.sh

@@ -724,9 +724,14 @@ is_common_format_valid() {
 
 # Database format validator
 is_database_format_valid() {
-    exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|/|\|\"|'|;|%|\`| ]"
-    if [[ "$1" =~ $exclude ]] || [ 65 -le ${#1} ]; then
-        check_result $E_INVALID "invalid $2 format :: $1"
+    if [ "$3" == "mysql" ]; then
+        if ! [[ "$1" =~ ^[0-9a-zA-Z_]{1,64}$ ]]; then
+            check_result $E_INVALID "invalid $2 format :: $1"
+        fi
+    else
+        if ! [[ "$1" =~ ^[0-9a-z_]{1,63}$ ]]; then
+            check_result $E_INVALID "invalid $2 format :: $1"
+        fi    
     fi
 }
 
@@ -739,12 +744,17 @@ is_date_format_valid() {
 
 # Database user validator
 is_dbuser_format_valid() {
-    exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|/|\|\"|'|;|%|\`| ]"
-    if [ 31 -le ${#1} ]; then
-        check_result $E_INVALID "mysql username can be up to 30 characters long"
-    fi
-    if [[ "$1" =~ $exclude ]]; then
-        check_result $E_INVALID "invalid $2 format :: $1"
+    if [ "$3" == "mysql" ]; then
+        if [ 33 -le ${#1} ]; then
+            check_result $E_INVALID "mysql username can be up to 32 characters long"
+        fi
+        if ! [[ "$1" =~ ^[0-9a-zA-Z_]{1,64}$ ]]; then
+            check_result $E_INVALID "invalid $2 format :: $1"
+        fi
+    else
+        if ! [[ "$1" =~ ^[0-9a-z_]{1,63}$ ]]; then
+            check_result $E_INVALID "invalid $2 format :: $1"
+        fi    
     fi
 }
 
@@ -931,10 +941,10 @@ is_format_valid() {
                 charset)        is_object_format_valid "$arg" "$arg_name" ;;
                 charsets)       is_common_format_valid "$arg" 'charsets' ;;
                 comment)        is_object_format_valid "$arg" 'comment' ;;
-                database)       is_database_format_valid "$arg" 'database';;
+                database)       is_database_format_valid "$arg" 'database' $type;;
                 day)            is_cron_format_valid "$arg" $arg_name ;;
                 dbpass)         is_password_format_valid "$arg" ;;
-                dbuser)         is_dbuser_format_valid "$arg" 'dbuser';;
+                dbuser)         is_dbuser_format_valid "$arg" 'dbuser' $type;;
                 dkim)           is_boolean_format_valid "$arg" 'dkim' ;;
                 dkim_size)      is_int_format_valid "$arg" ;;
                 domain)         is_domain_format_valid "$arg" ;;

web/add/db/index.php

@@ -40,6 +40,39 @@
         }
     }
 
+    if (empty($_SESSION['error_msg'])) {
+        if($_POST['v_type'] == 'mysql'){  
+            if (strlen($user.'_'.$_POST['v_database']) > 64){
+                $_SESSION['error_msg'] = __('Maximum length of database is %s characters', 64);
+            }else if (!preg_match('/^[0-9a-zA-Z_]{1,64}$/',$user.'_'.$_POST['v_database'])){
+                $_SESSION['error_msg'] = __('Database name may only contain lowercase/uppercase letters, numbers or a _');
+            } 
+        }else{
+            if (strlen($user.'_'.$_POST['v_database']) > 63){
+                $_SESSION['error_msg'] = __('Maximum length of database is %s characters', 63);
+            }else if (!preg_match('/^[0-9a-z_]{1,63}$/',$user.'_'.$_POST['v_database'])){
+                var_dump(preg_match('/^[0-9a-z_]{1,63}$/',$user.'_'.$_POST['v_database']));
+                $_SESSION['error_msg'] = __('Database name may only contain lowercase letters, numbers or a _');
+            }           
+        }
+    }
+
+    if (empty($_SESSION['error_msg'])) {
+        if($_POST['v_type'] == 'mysql'){  
+            if (strlen($user.'_'.$_POST['v_dbuser']) > 32){
+                $_SESSION['error_msg'] = __('Maximum length of database is %s characters', 32);
+            }else if (!preg_match('/^[0-9a-zA-Z_]{1,32}$/',$user.'_'.$_POST['v_dbuser'])){
+                $_SESSION['error_msg'] = __('Username may only contain lowercase/uppercase letters, numbers or a _');
+            } 
+        }else{
+            if (strlen($user.'_'.$_POST['v_dbuser']) > 63){
+                $_SESSION['error_msg'] = __('Maximum length of database is %s characters', 63);
+            }else if (!preg_match('/^[0-9a-z_]{1,63}$/',$user.'_'.$_POST['v_dbuser'])){
+                $_SESSION['error_msg'] = __('Username may only contain lowercase letters, numbers or a _');
+            }  
+        }         
+    }   
+
     // Check password length
     if (empty($_SESSION['error_msg'])) {
          if (!validate_password($_POST['v_password'])) { $_SESSION['error_msg'] = __('Password does not match the minimum requirements');}

web/edit/db/index.php

@@ -50,7 +50,23 @@
         header('location: /login/');
         exit();
     }
-
+    
+    if (empty($_SESSION['error_msg'])) {
+        if($_POST['v_type'] == 'mysql'){  
+            if (strlen($user.'_'.$_POST['v_dbuser']) > 32){
+                $_SESSION['error_msg'] = __('Maximum length of database is %s characters', 32);
+            }else if (!preg_match('/^[0-9a-zA-Z_]{1,32}$/',$user.'_'.$_POST['v_dbuser'])){
+                $_SESSION['error_msg'] = __('Username may only contain lowercase/uppercase letters, numbers or a _');
+            } 
+        }else{
+            if (strlen($user.'_'.$_POST['v_dbuser']) > 63){
+                $_SESSION['error_msg'] = __('Maximum length of database is %s characters', 63);
+            }else if (!preg_match('/^[0-9a-z_]{1,63}$/',$user.'_'.$_POST['v_dbuser'])){
+                $_SESSION['error_msg'] = __('Username may only contain lowercase letters, numbers or a _');
+            }  
+        }         
+    }  
+    
     // Change database user
     if (($v_dbuser != $_POST['v_dbuser']) && (empty($_SESSION['error_msg']))) {
         $v_dbuser = preg_replace("/^".$user."_/", "", $_POST['v_dbuser']);

web/templates/admin/add_db.html

@@ -71,7 +71,7 @@
                                     <?php
                                         print __('User');
                                         // if (is_it_mysql_or_mariadb()=='mysql')
-                                        echo "&nbsp;&nbsp;&nbsp;&nbsp;<em><small>(".__('maximum characters length, including prefix', 16).")</small></em>";
+                                        echo "&nbsp;&nbsp;&nbsp;&nbsp;<em><small>(".__('maximum characters length, including prefix', 32).")</small></em>";
                                     ?>
                                 </td>
                             </tr>

web/templates/admin/edit_db.html

@@ -68,6 +68,7 @@
                             <tr>
                                 <td class="vst-text input-label">
                                     <?php print __('User');?>
+                                    <?php echo "&nbsp;&nbsp;&nbsp;&nbsp;<em><small>(".__('maximum characters length, including prefix', 32).")</small></em>"; ?>
                                 </td>
                             </tr>
                             <tr>