Commit 03528208 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Add some regular expressions to catch bogus pids. uids, and eids.

parent 249283c5
......@@ -41,6 +41,13 @@ if (!isset($exp_created) ||
#
LOGGEDINORDIE($uid);
#
# Check eid for sillyness.
#
if (! ereg("^[-_a-zA-Z0-9]+$", $exp_id)) {
USERERROR("The experiment name must be alphanumeric characters only!", 1);
}
#
# Database limits
#
......
......@@ -70,6 +70,17 @@ if (!isset($usr_phones) ||
FORMERROR("Phone #");
}
#
# Check uid and pid for sillyness.
#
if (! ereg("^[-_a-zA-Z0-9]+$", $pid)) {
USERERROR("The project name must be alphanumeric characters only!", 1);
}
if (! ereg("^[a-z0-9]+$", $uid)) {
USERERROR("Your username name must be lowercase alphanumeric characters ".
"only!", 1);
}
#
# Check database length limits.
#
......
......@@ -37,6 +37,14 @@ if (!isset($usr_title) ||
FORMERROR("Title/Position");
}
#
# Check uid for sillyness.
#
if (! ereg("^[a-z0-9]+$", $uid)) {
USERERROR("Your username name must be lowercase alphanumeric characters ".
"only!", 1);
}
#
# Database limits
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment