Commit 21489966 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Sanitize page arguments.

parent 620cdf02
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group. # Copyright (c) 2000-2004 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -22,6 +22,10 @@ if (!isset($node_type) || ...@@ -22,6 +22,10 @@ if (!isset($node_type) ||
strcmp($node_type, "") == 0) { strcmp($node_type, "") == 0) {
USERERROR("You must provide a node type.", 1); USERERROR("You must provide a node type.", 1);
} }
# Sanitize.
if (!preg_match("/^[-\w]+$/", $node_type)) {
PAGEARGERROR("Invalid characters in arguments.");
}
# #
# Check to make sure that this is a valid nodeid # Check to make sure that this is a valid nodeid
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment