IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2025-12-13 07:45:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

change name validation to blacklisting <> and &

Browse Source
This commit is contained in:
Dario 2019-10-24 12:57:57 +02:00
parent 860e1a2391
commit 098c66509f
5 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/cpp/HTTPInterface/LoginPage.cpp
View File

@ -37,6 +37,8 @@ void LoginPage::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::
if(!session) {
session = sm->getNewSession();
auto user_host = request.clientAddress().host();
auto client_ip = request.clientAddress();
printf("client ip: %s\n", client_ip.toString().data());
session->setClientIp(user_host);
response.addCookie(session->getLoginCookie());
}

8
src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
View File

@ -80,7 +80,9 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
return handleCheckEmail(s, uri, request);
}
}
if (url_first_part == "/register") {
return new RegisterPage;
}
if (s) {
auto user = s->getUser();
if (s->errorCount() || (!user.isNull() && user->errorCount())) {
@ -115,6 +117,7 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
//printf("[PageRequestHandlerFactory] go to dashboard page with user\n");
return new DashboardPage(s);
}
} else {
if (url_first_part == "/config") {
@ -123,9 +126,6 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::createRequestHandler(c
else if (url_first_part == "/login") {
return new LoginPage;
}
else if (url_first_part == "/register") {
return new RegisterPage;
}
}
return new LoginPage;
//return new HandleFileRequest;

2
src/cpp/SingletonManager/SessionManager.cpp
View File

@ -34,7 +34,7 @@ bool SessionManager::init()
for (i = 0; i < VALIDATE_MAX; i++) {
switch (i) {
//case VALIDATE_NAME: mValidations[i] = new Poco::RegularExpression("/^[a-zA-Z_ -]{3,}$/"); break;
case VALIDATE_NAME: mValidations[i] = new Poco::RegularExpression("^[a-zA-Z]{3,}$"); break;
case VALIDATE_NAME: mValidations[i] = new Poco::RegularExpression("^[^<>&;]{3,}$"); break;
case VALIDATE_EMAIL: mValidations[i] = new Poco::RegularExpression("^[a-zA-Z0-9.!#$%&*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$"); break;
case VALIDATE_PASSWORD: mValidations[i] = new Poco::RegularExpression("^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[@$!%*?&+-])[A-Za-z0-9@$!%*?&+-]{8,}$"); break;
case VALIDATE_PASSPHRASE: mValidations[i] = new Poco::RegularExpression("^(?:[a-z]* ){23}[a-z]*\s*$"); break;

4
src/cpp/model/Session.cpp
View File

@ -124,11 +124,11 @@ bool Session::createUser(const std::string& first_name, const std::string& last_
Profiler usedTime;
auto sm = SessionManager::getInstance();
if (!sm->isValid(first_name, VALIDATE_NAME)) {
addError(new Error("Vorname", "Bitte gebe einen Namen an. Mindestens 3 Zeichen, keine Sonderzeichen oder Zahlen."));
addError(new Error("Vorname", "Bitte gebe einen Namen an. Mindestens 3 Zeichen, keines folgender Zeichen <>&;"));
return false;
}
if (!sm->isValid(last_name, VALIDATE_NAME)) {
addError(new Error("Nachname", "Bitte gebe einen Namen an. Mindestens 3 Zeichen, keine Sonderzeichen oder Zahlen."));
addError(new Error("Nachname", "Bitte gebe einen Namen an. Mindestens 3 Zeichen, keines folgender Zeichen <>&;"));
return false;
}
if (!sm->isValid(email, VALIDATE_EMAIL)) {

2
src/cpsp/login.cpsp
View File

@ -23,6 +23,8 @@
auto session = sm->getSession(request);
if(!session) {
session = sm->getNewSession();
auto client_ip = request.clientAddress();
printf("client ip: %s\n", client_ip.toString());
auto user_host = request.clientAddress().host();
session->setClientIp(user_host);
response.addCookie(session->getLoginCookie());