403Webshell
Server IP : 66.29.132.122  /  Your IP : 3.145.178.226
Web Server : LiteSpeed
System : Linux business142.web-hosting.com 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
User : admazpex ( 531)
PHP Version : 7.2.34
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /proc/self/root/proc/self/root/proc/thread-self/root/proc/thread-self/root/proc/self/root/proc/thread-self/root/proc/self/root/proc/self/root/proc/self/root/usr/local/lsws/admin/html/classes/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /proc/self/root/proc/self/root/proc/thread-self/root/proc/thread-self/root/proc/self/root/proc/thread-self/root/proc/self/root/proc/self/root/proc/self/root/usr/local/lsws/admin/html/classes/CValidation.php
<?php

class CValidation
{
	protected $_info;

	public function __construct() {
		$this->_info = null;
	}

	public function ExtractPost($tbl, &$d, $disp)
	{
		$this->_info = $disp->_info;
		$goFlag = 1 ;
		$index = array_keys($tbl->_dattrs);
		foreach ( $index as $i ) {
			$attr = $tbl->_dattrs[$i];

			if ( $attr == null || $attr->bypassSavePost())
				continue;

			$d[$attr->_key] = $attr->extractPost();
			$needCheck = true;
			if ( $attr->_type == 'sel1' || $attr->_type == 'sel2' )	{
				if ( $disp->_act == 'c' ) {
					$needCheck = false;
				}
				else {
					$attr->populate_sel1_options($this->_info, $d);
				}
			}

			if ( $needCheck ) {
				$res = $this->validateAttr($attr, $d[$attr->_key]);
				$this->setValid($goFlag, $res);
			}
		}

		$res = $this->validatePostTbl($tbl, $d);
		$this->setValid($goFlag, $res);

		$this->_info = null;

		// if 0 , make it always point to curr page
		return $goFlag;
	}

	protected function checkListener(&$listener)
	{
		if ( $listener['secure']->GetVal() == '0' ) {
			if ( isset($listener['certFile']) && !$listener['certFile']->HasVal() ) {
				$listener['certFile']->SetErr(null);
			}
			if ( isset($listener['keyFile']) && !$listener['keyFile']->HasVal() ) {
				$listener['keyFile']->SetErr(null);
			}
		} else {
			$tids = array('L_SSL_CERT');
			$this->validateElement($tids, $listener);
		}
	}

	protected function validateElement($tids, &$data)
	{
		$tblDef = DTblDef::GetInstance();
		$valid = 1;
		foreach ( $tids as $tid ) {
			$tbl = $tblDef->GetTblDef($tid);
			$d = &DUtil::locateData( $data, $tbl->_dataLoc );

			if ( $d == null ) continue;

			if ( $tbl->_holderIndex != null ) {
				$keys = array_keys( $d );
				foreach( $keys as $key ) {
					$res = $this->validateTblAttr($tblDef, $tbl, $d[$key]);
					$this->setValid($valid, $res);
				}
			} else {
				$res = $this->validateTblAttr($tblDef, $tbl, $d);
				$this->setValid($valid, $res);
			}
		}
		return $valid;
	}

	protected function setValid(&$valid, $res)
	{
		if ( $valid != -1 )	{
			if ( $res == -1 ) {
				$valid = -1;
			} elseif ( $res == 0 && $valid == 1 ) {
				$valid = 0;
			}
		}
		if ( $res == 2 ) {
			$valid = 2;
		}
	}

	protected function validatePostTbl($tbl, &$d)
	{
		$isValid = 1;
		if ( $tbl->_holderIndex != null && isset($d[$tbl->_holderIndex])) {
			$newref = $d[$tbl->_holderIndex]->GetVal();
			$oldref = null;

			if(isset($this->_info['holderIndex_cur'])) {
				$oldref = $this->_info['holderIndex_cur'];
			}
			//echo "oldref = $oldref newref = $newref \n";
			if ( $oldref == null || $newref != $oldref ) {
				if (isset($this->_info['holderIndex']) && $this->_info['holderIndex'] != null
				&& in_array($newref, $this->_info['holderIndex']) ) {
					$d[$tbl->_holderIndex]->SetErr('This value has been used! Please choose a unique one.');
					$isValid = -1;
				}
			}
		}

		$checkedTids = array( 'VH_TOP_D', 'VH_BASE', 'VH_UDB', 
            'ADMIN_USR', 'ADMIN_USR_NEW',
            'L_GENERAL', 'L_GENERAL1', 'ADMIN_L_GENERAL', 'ADMIN_L_GENERAL1',   // WS
            'L_GENERAL_NEW', 'L_GENERAL_DEL', 'LT_GENERAL_NEW', 'LT_GENERAL', // LSLB
            'L_SSL_CERT',
            'TP', 'TP1' ) ;

        if ( in_array($tbl->_id, $checkedTids) ) {
			switch ($tbl->_id) {
				case 'TP':
				case 'TP1':
					$isValid = $this->chkPostTbl_TP($d);
					break;
				case 'VH_BASE':
				case 'VH_TOP_D':
					$isValid = $this->chkPostTbl_VH_BASE($d);
					break;
				case 'VH_UDB':
					$isValid = $this->chkPostTbl_VH_UDB($d);
					break;
				case 'ADMIN_USR':
					$isValid = $this->chkPostTbl_ADMIN_USR($d);
					break;
				case 'ADMIN_USR_NEW':
					$isValid = $this->chkPostTbl_ADMIN_USR_NEW($d);
					break;
                case 'L_GENERAL_NEW': // for lb
                case 'L_GENERAL_DEL':
				case 'L_GENERAL':
                case 'LT_GENERAL_NEW':
                case 'LT_GENERAL':

				case 'L_GENERAL1':  // for ws
				case 'ADMIN_L_GENERAL':
				case 'ADMIN_L_GENERAL1':
					$isValid = $this->chkPostTbl_L_GENERAL($d);
					break;
				case 'L_SSL_CERT':
					$isValid = $this->chkPostTbl_L_SSL_CERT($d);
					break;
			}
		}

		return $isValid;
	}


	protected function chkPostTbl_TP(&$d)
	{
		$isValid = 1;

		$confCenter = ConfCenter::singleton();

		$oldName = trim($confCenter->GetDispInfo()->_name);
		$newName = trim($d['name']->GetVal());

		if($oldName != $newName && array_key_exists($newName, $confCenter->_serv->_data['tpTop'])) {
			$d['name']->SetErr("Template: \"$newName\" already exists. Please use a different name.");
			$isValid = -1;

		}

		return $isValid;
	}

	protected function chkPostTbl_VH_BASE(&$d)
	{
		$isValid = 1;

		$confCenter = ConfCenter::singleton();

		$oldName = trim($confCenter->GetDispInfo()->_name);
		$newName = trim($d['name']->GetVal());

		if($oldName != $newName && array_key_exists($newName, $confCenter->_serv->_data['vhTop'])) {
			$d['name']->SetErr("Virtual Hostname: \"$newName\" already exists. Please use a different name.");
			$isValid = -1;

		}

		return $isValid;
	}

    protected function chkPostTbl_VH_UDB(&$d)
	{
		$isValid = 1;
		if ( $d['pass']->GetVal() != $d['pass1']->GetVal() ) {
			$d['pass']->SetErr('Passwords do not match!');
			$isValid = -1;
		}

		if ( !$d['pass']->HasVal() ) { //new user
			$d['pass']->SetErr('Missing password!');
			$isValid = -1;
		}

		if ( $isValid == -1 ) {
			return -1;
		}

		if ( strlen($d['pass']->GetVal()) > 0 ) {
			$newpass = $this->encryptPass($d['pass']->GetVal());
			$d['passwd'] = new CVal($newpass);
		}
		return 1;
	}

	protected function encryptPass($val)
	{
		$pass = password_hash($val, PASSWORD_BCRYPT);
		return $pass;
	}

    protected function chk_admname($name)
    {
        if (!$name->HasErr()) {
            $val = $name->GetVal();
            if (strlen($val) > 25) {
                $name->SetErr('name cannot be longer than 25 characters');
            } else {
                $v1 = escapeshellcmd($val);
                if (($v1 !== $val) || preg_match('/[:\/]/', $val)) {
                    $name->SetErr('invalid characters in name');
                }
            }
        }
        return $name->HasErr();
    }

	protected function chkPostTbl_ADMIN_USR(&$d)
	{
		$isValid = 1;
        $this->chk_admname($d['name']);
        if ($d['name']->HasErr()) {
            $isValid = -1;
        } elseif ( !$d['oldpass']->HasVal() ) {
			$d['oldpass']->SetErr('Missing Old password!');
			$isValid = -1;
		} else {
			$file = $_SERVER['LS_SERVER_ROOT'] . 'admin/conf/htpasswd';
			$udb = ConfigFileEx::loadUserDB($file);
			$olduser = $this->_info['holderIndex_cur'];
			$passwd = $udb[$olduser]['passwd']->GetVal();

			$oldpass = $d['oldpass']->GetVal();
			$encypt = crypt($oldpass, $passwd);

			if ( $encypt != $passwd ) {
				$d['oldpass']->SetErr('Invalid old password!');
				$isValid = -1;
			}
		}

		if ( !$d['pass']->HasVal() )	{
			$d['pass']->SetErr('Missing new password!');
			$isValid = -1;
		} elseif ( $d['pass']->GetVal() != $d['pass1']->GetVal() ) {
			$d['pass']->SetErr('New passwords do not match!');
			$isValid = -1;
		}

		if ( $isValid == -1 ) {
			return -1;
		}

		$newpass = $this->encryptPass($d['pass']->GetVal());
		$d['passwd'] = new CVal($newpass);

		return 1;
	}

	protected function chkPostTbl_ADMIN_USR_NEW(&$d)
	{
		$isValid = 1;
        $this->chk_admname($d['name']);
        if ($d['name']->HasErr()) {
            $isValid = -1;
        }
		if ( !$d['pass']->HasVal() )	{
			$d['pass']->SetErr('Missing new password!');
			$isValid = -1;
		} elseif ( $d['pass']->GetVal() != $d['pass1']->GetVal() ) {
			$d['pass']->SetErr('New passwords do not match!');
			$isValid = -1;
		}

		if ( $isValid == -1 ) {
			return -1;
		}

		$newpass = $this->encryptPass($d['pass']->GetVal());
		$d['passwd'] = new CVal($newpass);

		return 1;
	}

	protected function chkPostTbl_L_GENERAL(&$d)
	{
		$isValid = 1;

		$ip = $d['ip']->GetVal();
		if ( $ip == 'ANY' ) {
			$ip = '*';
		}
		$port = $d['port']->GetVal();
		$d['address'] = new CVal("$ip:$port");

		$confCenter = ConfCenter::singleton();

		$oldName = trim($confCenter->GetDispInfo()->_name);
		$newName = trim($d['name']->GetVal());

		if($oldName != $newName && array_key_exists($newName, $confCenter->_serv->_data['listeners'])) {
			$d['name']->SetErr("Listener \"$newName\" already exists. Please use a different name.");
			$isValid = -1;
		}

		return $isValid;
	}

	protected function isCurrentListenerSecure()
	{
		$confCenter = ConfCenter::singleton();
		$listenerName = trim($confCenter->GetDispInfo()->_name);
		$l = $confCenter->_serv->_data['listeners'][$listenerName];
		return ($l['secure']->GetVal() == 1);
	}

	protected function chkPostTbl_L_SSL_CERT(&$d)
	{
		$isValid = 1;
		if ($this->isCurrentListenerSecure()) {
			$err = 'Value must be set for secured listener';
			if (!$d['keyFile']->HasVal()) {
				$d['keyFile']->SetErr($err);
				$isValid = -1;
			}
			if (!$d['certFile']->HasVal()) {
				$d['certFile']->SetErr($err);
				$isValid = -1;
			}
		}

		return $isValid;
	}

	protected function validateTblAttr($tblDef, $tbl, &$data)
	{
		$valid = 1;
		if ( $tbl->_subTbls ) {
			$tid = DUtil::getSubTid($tbl->_subTbls, $data);
			if ( $tid == null ) {
				return;
			}
			$tbl1 = $tblDef->GetTblDef($tid);
		} else {
			$tbl1 = $tbl;
		}

		$index = array_keys($tbl1->_dattrs);
		foreach ( $index as $i ) {
			$attr = $tbl1->_dattrs[$i];

			if ( $attr->_type == 'sel1' || $attr->_type == 'sel2' ) {
				$attr->populate_sel1_options($this->_info, $data);
			}

			$res = $this->validateAttr($attr, $data[$attr->_key]);
			$this->setValid($valid, $res);
		}
		return $valid;
	}

	protected function validateAttr($attr, &$cvals)
	{
		$valid = 1;
		if ( is_array($cvals) )	{
			for ( $i = 0 ; $i < count($cvals) ; ++$i ) {
				$res = $this->isValidAttr($attr, $cvals[$i]);
				$this->setValid($valid, $res);
			}
		} else {
			$valid = $this->isValidAttr($attr, $cvals);
		}
		return $valid;
	}

	protected function isValidAttr($attr, $cval)
	{
		if ($cval == null || $cval->HasErr())
			return -1;

		if ( !$cval->HasVal()) {
			if ( $attr->_allowNull ) {
				return 1;
			}
			$cval->SetErr('value must be set');
			return -1;
		}

		if ( $attr->_type == 'cust' ) {
			return 1;
		}

		$chktype = array('uint', 'name', 'vhname', 'dbname', 'sel','sel1','sel2',
		'bool','file','filep','file0','file1', 'filetp', 'path', 'note',
		'uri','expuri','url', 'httpurl', 'email', 'dir', 'addr', 'ipport', 'wsaddr', 'parse');

		if ( !in_array($attr->_type, $chktype) )	{
			// not checked type ('domain', 'subnet'
			return 1;
		}

		$type3 = substr($attr->_type, 0, 3);
		if ( $type3 == 'sel' ) {
			// for sel, sel1, sel2
			$funcname = 'chkAttr_sel';
		}
		elseif ( $type3 == 'fil' || $type3 == 'pat' ) {
			$funcname = 'chkAttr_file';
		}
		else {
			$funcname = 'chkAttr_' . $attr->_type;
		}

		if ( $attr->_multiInd == 1 ) {
			$valid = 1;
			$vals = DUtil::splitMultiple($cval->GetVal());
			$err = [];
			$funcname .= '_val';
			foreach( $vals as $i=>$v ) {
				$res = $this->$funcname($attr, $v, $err[$i]);
				$this->setValid($valid, $res);
			}
			$cval->SetErr(trim(implode(' ', $err)));
			return $valid;
		}else {
			return $this->$funcname($attr, $cval);
		}
	}

	protected function chkAttr_sel($attr, $cval)
	{
		$err = '';
		$res = $this->chkAttr_sel_val($attr, $cval->GetVal(), $err);
		$cval->SetErr($err);
		return $res;
	}

	protected function chkAttr_sel_val($attr, $val, &$err)
	{
		if ( isset( $attr->_maxVal )
			&& !array_key_exists($val, $attr->_maxVal) ) {
				$err = "invalid value: $val";
			return -1;
		}
		return 1;
	}

	protected function chkAttr_name($attr, $cval)
	{
		$cval->SetVal( preg_replace("/\s+/", ' ', $cval->GetVal()));
		$res = $this->chkAttr_name_val($attr, $cval->GetVal(), $err);
		$cval->SetErr($err);
		return $res;
	}

	protected function chkAttr_name_val($attr, $val, &$err)
	{
		if ( preg_match( "/[{}<>&%]/", $val) ) {
			$err = 'invalid characters in name';
			return -1;
		}
		if ( strlen($val) > 100 ) {
			$err = 'name can not be longer than 100 characters';
			return -1;
		}
		return 1;
	}

	protected function chkAttr_dbname($attr, $cval)
	{
		$cval->SetVal(preg_replace("/\s+/", ' ', $cval->GetVal()));
		$val = $cval->GetVal();
		if ( preg_match( "/[,;<>&%=\(\)\"']/", $val ) ) {
			$cval->SetErr('Invalid characters found in name');
			return -1;
		}
		if ( strpos($val, ' ') !== false ) {
			$cval->SetErr('No space allowed in the name');
			return -1;
		}
		if ( strlen($val) > 100 ) {
			$cval->SetErr('name can not be longer than 100 characters');
			return -1;
		}
		return 1;
	}

    protected function chkAttr_note($attr, $cval)
    {
		$m = [];
        if (preg_match("/[{}<]/", $cval->GetVal(), $m)) { // avoid <script, also {} for conf format
            $cval->SetErr("character $m[0] not allowed");
            return -1;
        }
        return 1;
    }

	protected function chkAttr_vhname($attr, $cval)
	{
        $res = $this->chkAttr_dbname($attr, $cval);
        if ($res == 1) {
    		$this->_info['VH_NAME'] = $cval->GetVal();
        }
		return $res;
	}

	protected function allow_create($attr, $absname)
	{
		if (strpos($attr->_maxVal, 'c') === false) {
			return false;
		}
		if ($attr->_minVal >= 2 && ( strpos($absname, $_SERVER['LS_SERVER_ROOT']) === 0 )) {
			return true;
		}

		if (isset($this->_info['VH_ROOT'])) {
			$VH_ROOT = $this->_info['VH_ROOT'];
		} else {
			$VH_ROOT = null;
		}

		if (isset($this->_info['DOC_ROOT'])) {
			$DOC_ROOT = $this->_info['DOC_ROOT'];
		}

		if ($attr->_minVal >= 3 && ( strpos($absname, $VH_ROOT) === 0 )) {
			return true;
		}

		if ($attr->_minVal == 4 && ( strpos($absname, $DOC_ROOT) === 0 )) {
			return true;
		}

		return false;
	}

	protected function clean_absolute_path($abspath)
    {
        $absname = PathTool::clean($abspath);
        if ( isset( $_SERVER['LS_CHROOT'] ) )	{
            $root = $_SERVER['LS_CHROOT'];
            $len = strlen($root);
            if ( strncmp( $absname, $root, $len ) == 0 ) {
                $absname = substr($absname, $len);
            }
        }
        return $absname;
    }


	protected function test_file(&$absname, &$err, $attr)
	{
		$absname = $this->clean_absolute_path($absname);

		if ($attr->_type == 'file0') {
			if (!file_exists($absname)) {
				return 1; //allow non-exist
			}
		}
		if ($attr->_type == 'path' || $attr->_type == 'filep' || $attr->_type == 'dir') {
			$type = 'path';
		} else {
			$type = 'file';
		}

		if (($type == 'path' && !is_dir($absname)) || ($type == 'file' && !is_file($absname))) {
			$err = $type . ' ' . htmlspecialchars($absname) . ' does not exist.';
			if ($this->allow_create($attr, $absname)) {
				$err .= ' <a href="javascript:createFile(\'' . $attr->_htmlName . '\')">CLICK TO CREATE</a>';
			} else {
				$err .= ' Please create manually.';
			}

			return -1;
		}
		if ((strpos($attr->_maxVal, 'r') !== false) && !is_readable($absname)) {
			$err = $type . ' ' . htmlspecialchars($absname) . ' is not readable';
			return -1;
		}
		if ((strpos($attr->_maxVal, 'w') !== false) && !is_writable($absname)) {
			$err = $type . ' ' . htmlspecialchars($absname) . ' is not writable';
			return -1;
		}
		if ((strpos($attr->_maxVal, 'x') !== false) && !is_executable($absname)) {
			$err = $type . ' ' . htmlspecialchars($absname) . ' is not executable';
			return -1;
		}
		return 1;
	}

	protected function chkAttr_file($attr, $cval)
	{
		$val = $cval->GetVal();
		$err = '';
		$res = $this->chkAttr_file_val($attr, $val, $err);
		$cval->SetVal($val);
		$cval->SetErr($err);
		return $res;
	}

	protected function chkAttr_dir($attr, $cval)
	{
		$val = $cval->GetVal();
		$err = '';

		if ( substr($val,-1) == '*' ) {
			$res = $this->chkAttr_file_val($attr, substr($val,0,-1), $err);
		} else {
			$res = $this->chkAttr_file_val($attr, $val, $err);
		}
		$cval->SetVal($val);
		$cval->SetErr($err);
		return $res;
	}

    protected function isNotAllowedPath($path)
    {
        $blocked = '/admin/html/';
        if (strpos($path, $blocked) !== false) {
            return true;
        }
        return false;
    }

    protected function isNotAllowedExtension($path)
    {
        $ext = substr($path, -4);
        $notallowed = ['.php', '.cgi', '.pl', '.shtml'];
        foreach ($notallowed as $test) {
            if (strcasecmp($ext, $test) == 0) {
                return true;
            }
        }
        return false;
    }

	protected function check_cmd_invalid_str($cmd)
	{
		// check if it's allowed command, do not allow ' " -c -i /dev/tcp bash sh csh tcsh zsh ksh
		$cmd = str_replace('.', 'a', $cmd); // replace . with char before pattern check
		$pattern = '#("|\'|;|-c|-i|/dev/tcp|curl|wget|fetch|\Wbash\W|\Wsh\W|\Wcsh\W|\Wtcsh\W|\Wzsh\W|\Wksh\W)#';

		$m = [];
		if (preg_match($pattern, $cmd, $m)) {
			return $m[0];
		}
		$cmd = str_replace('\\', '', $cmd); // remove all escape & try again
		if (preg_match($pattern, $cmd, $m)) {
			return $m[0];
		}
		return null;
	}
    
	public function chkAttr_file_val($attr, $val, &$err)
	{
        // apply to all
        if ($this->isNotAllowedPath($val)) {
            $err = 'Directory not allowed';
            return -1;
        }
        if ( $attr->_type == 'file0' && $this->isNotAllowedExtension($val)) {
            $err = 'File extension not allowed';
            return -1;
        }
       
		clearstatcache();
		$err = null;

		if ( $attr->_type == 'filep' ) {
			$path = substr($val, 0, strrpos($val,'/'));
		} else {
			$path = $val;
            if ($attr->_type == 'file1') { // file1 is command
				$invalid_str = $this->check_cmd_invalid_str($path);
				if ($invalid_str) {
					$err = 'Cannot contain string ' . htmlspecialchars($invalid_str, ENT_QUOTES);
					return -1;
				}
                $pos = strpos($val, ' ');
                if ($pos > 0) {
                    $path = substr($val, 0, $pos); // check first part is valid path
                }
            }
		}

		$res = $this->chk_file1($attr, $path, $err);
		if ($attr->_type == 'filetp') {
			$pathtp = $_SERVER['LS_SERVER_ROOT'] . 'conf/templates/';
			if (strstr($path, $pathtp) === false) {
				$err = ' Template file must locate within $SERVER_ROOT/conf/templates/';
				$res = -1;
			}
			else if (substr($path, -4) != '.xml') {
				$err = ' Template file name needs to be ".xml"';
				$res = -1;
			}
		}
		if ($res == -1 && $_POST['file_create'] == $attr->_htmlName && $this->allow_create($attr,
                                                                                           $path)) {
            if (PathTool::createFile($path, $err, $attr->_htmlName)) {
                $err = "$path has been created successfully.";
            }
            $res = 0; // make it always point to curr page
        }
        if ( $attr->_key == 'vhRoot' )	{
			if ( substr($path,-1) != '/' ) {
				$path .= '/';
			}
			if ($res == -1) {
				// do not check path for vhroot, it may be different owner
				$err = '';
				$res = 1;
			}
			$this->_info['VH_ROOT'] = $path;
		}
		elseif ($attr->_key == 'docRoot') {
			if ($res == -1) {
				// do not check path for vhroot, it may be different owner
				$err = '';
				$res = 1;
			}
		}
		return $res;
	}

	protected function chk_file1($attr, &$path, &$err)
	{
        if ($this->get_abs_path($attr->_minVal, $path, $err) == 1) {
			return $this->test_file($path, $err, $attr);
		}
	}

    protected function get_cleaned_abs_path($attr_minVal, &$path, &$err)
    {
        if ($this->get_abs_path($attr_minVal, $path, $err) == 1) {
            $absname = $this->clean_absolute_path($path);
            return $absname;
        }
        return null;
    }

	protected function get_abs_path($attr_minVal, &$path, &$err)
	{
		if(!strlen($path)) {
			$err = "Invalid Path.";
			return -1;
		}

		$s = substr($path, 0, 1);

		if ( strpos($path, '$VH_NAME') !== false )	{
			$path = str_replace('$VH_NAME', $this->_info['VH_NAME'], $path);
		}

		if ( $s == '/' ) {
			return 1;
		}

		if ( $attr_minVal == 1 ) {
			$err = 'only accept absolute path';
			return -1;
		}
		elseif ( $attr_minVal == 2 ) {
            if (strncasecmp('$SERVER_ROOT', $path, 12) == 0) {
                $path = $_SERVER['LS_SERVER_ROOT'] . substr($path, 13);
            } elseif ($s == '$') {
                $err = 'only accept absolute path or path relative to $SERVER_ROOT: ' . $path;
                return -1;
            } else {
                $path = $_SERVER['LS_SERVER_ROOT'] . $path; // treat as relative to SERVER_ROOT
            }
		}
		elseif ( $attr_minVal == 3 ) {
			if ( strncasecmp('$SERVER_ROOT', $path, 12) == 0 ) {
				$path = $_SERVER['LS_SERVER_ROOT'] . substr($path, 13);
			} elseif ( strncasecmp('$VH_ROOT', $path, 8) == 0 )	{
				if (isset($this->_info['VH_ROOT'])) {
					$path = $this->_info['VH_ROOT'] . substr($path, 9);
				}
			} elseif ($s == '$') {
				$err = 'only accept absolute path or path relative to $SERVER_ROOT or $VH_ROOT';
				return -1;
			} else {
                $path = $_SERVER['LS_SERVER_ROOT'] . $path; // treat as relative to SERVER_ROOT
            }
		}
		elseif ( $attr_minVal == 4 ) {
			if ( strncasecmp('$SERVER_ROOT', $path, 12) == 0 ) {
				$path = $_SERVER['LS_SERVER_ROOT'] . substr($path, 13);
			} elseif ( strncasecmp('$VH_ROOT', $path, 8) == 0 )	{
				$path = $this->_info['VH_ROOT'] . substr($path, 9);
			} elseif ( strncasecmp('$DOC_ROOT', $path, 9) == 0 ) {
				$path = $this->_info['DOC_ROOT'] . substr($path, 10);
			} else {
				$path = $this->_info['DOC_ROOT'] . $path;
			}
		}

		return 1;
	}


	protected function chkAttr_uri($attr, $cval)
	{
		$val = $cval->GetVal();
		if ( $val[0] != '/' ) {
			$cval->SetErr('URI must start with "/"');
			return -1;
		}
		return 1;
	}

	protected function chkAttr_expuri($attr, $cval)
	{
		$val = $cval->GetVal();
		if ( substr($val, 0, 1) == '/' || strncmp( $val, 'exp:', 4 ) == 0 ) {
			return 1;
		}
		$cval->SetErr('URI must start with "/" or "exp:"');
		return -1;
	}

	protected function chkAttr_url($attr, $cval)
	{
		$val = $cval->GetVal();
		if (( substr($val, 0, 1) != '/' ) && ( strncmp($val, 'http://', 7) != 0 ) && ( strncmp($val, 'https://', 8) != 0 )) {
			$cval->SetErr('URL must start with "/" or "http(s)://"');
			return -1;
		}
		return 1;
	}

	protected function chkAttr_httpurl($attr, $cval)
	{
		$val = $cval->GetVal();
		if (strncmp($val, 'http://', 7) != 0) {
			$cval->SetErr('Http URL must start with "http://"');
			return -1;
		}
		return 1;
	}

	protected function chkAttr_email($attr, $cval)
	{
		$err = '';
		$res = $this->chkAttr_email_val($attr, $cval->GetVal(), $err);
		$cval->SetErr($err);
		return $res;
	}

	protected function chkAttr_email_val($attr, $val, &$err)
	{
		if ( preg_match("/^[[:alnum:]._-]+@.+/", $val ) ) {
			return 1;
		}
		$err = 'invalid email format: ' . $val;
		return -1;
	}

	protected function isUdsAddr($v)
	{
		$m = [];
		// check UDS:// unix:
		if (preg_match('/^(UDS:\/\/|unix:)(.+)$/i', $v, $m)) {
            $v = $m[2];
            $supportedvar = ['$SERVER_ROOT', '$VH_NAME', '$VH_ROOT', '$DOC_ROOT'];
            $v = str_replace($supportedvar, 'VAR', $v);
            if (preg_match("/^[a-z0-9\-_\/\.]+$/i", $v)) {
                return 1;
            }
		}
		return 0;
	}

	protected function chkAttr_addr($attr, $cval)
	{
        $v = $cval->GetVal();
        if (preg_match("/^([[:alnum:]._-]+|\[[[:xdigit:]:]+\]):(\d)+$/", $v)) {
            return 1;
        }
		if ($this->isUdsAddr($v)) {
            return 1;
        }
        $cval->SetErr('invalid address: correct syntax is "IPV4|IPV6_address:port" or UDS://path or unix:path');
        return -1;
	}

	protected function chkAttr_ipport($attr, $cval)
	{
		if ( preg_match("/^([[:alnum:]._-]+|\[[[:xdigit:]:]+\]|\*):(\d)+$/", $cval->GetVal()) ) {
			return 1;
		}
		$cval->SetErr('invalid address: correct syntax is "IPV4|IPV6_address:port" or "*:port" for any IP.');
		return -1;
	}

    protected function chkAttr_wsaddr($attr, $cval)
	{
		$v = $cval->GetVal();
		if ( preg_match("/^((http|https):\/\/)?([[:alnum:]._-]+|\[[[:xdigit:]:]+\])(:\d+)?$/", $v) ) {
			return 1;
		}
		if ($this->isUdsAddr($v)) {
            return 1;
        }

		$cval->SetErr('invalid address: correct syntax is "[http|https://]IPV4|IPV6_address[:port]" or Unix Domain Socket address "UDS://path or unix:path".');
		return -1;
	}

	protected function chkAttr_bool($attr, $cval)
	{
		$val = $cval->GetVal();
		if ( $val === '1' || $val === '0' ) {
			return 1;
		}
		$cval->SetErr('invalid value');
		return -1;
	}

	protected function chkAttr_parse($attr, $cval)
	{
		$err = '';
		$res = $this->chkAttr_parse_val($attr, $cval->GetVal(), $err);
		$cval->SetErr($err);
		return $res;
	}

	protected function chkAttr_parse_val($attr, $val, &$err)
	{
		if (preg_match($attr->_minVal, $val)) {
			return 1;
		}

		if ($attr->_maxVal) {
			$err = "invalid format - $val, please check syntax";
		} else {
			$err = "invalid value - $val";
		}
		return -1;
	}

	protected function getKNum($strNum)
	{
		$tag = substr($strNum, -1);
		switch( $tag ) {
			case 'K':
			case 'k': $multi = 1024; break;
			case 'M':
			case 'm': $multi = 1048576; break;
			case 'G':
			case 'g': $multi = 1073741824; break;
			default: return intval($strNum);
		}

		return (intval(substr($strNum, 0, -1)) * $multi);
	}

	protected function chkAttr_uint($attr, $cval)
	{
		$val = $cval->GetVal();
		if ( preg_match("/^(-?\d+)([KkMmGg]?)$/", $val) ) {
			$val1 = $this->getKNum($val);
			if (isset($attr->_minVal)) {
				$min = $this->getKNum($attr->_minVal);
				if ($val1 < $min) {
					$cval->SetErr('number is less than the minumum required');
					return -1;
				}

			}
			if (isset($attr->_maxVal)) {
				$max = $this->getKNum($attr->_maxVal);
				if ( $val1 > $max )	{
					$cval->SetErr('number exceeds maximum allowed');
					return -1;
				}
			}
			return 1;
		}
		
		$cval->SetErr('invalid number format');
		return -1;
	}

	protected function chkDups(&$data, &$checkList, $key)
	{
		if ( in_array( $data[$key]->GetVal(), $checkList ) ) {
			$data[$key]->SetErr( "This $key \"" . $data[$key]->GetVal() . '\" already exists. Please enter a different one.');
			return false;
		}
		return true;
	}

	protected function chkExtApp(&$data, &$attr)
	{
		$isValid = true;
		if ( $data['autoStart']->GetVal() ) {
			if ( !$data['path']->HasVal() ) {
				$data['path']->SetErr('must provide path when autoStart is enabled');
				$isValid = false;
			}
			if ( !$data['backlog']->HasVal() )	{
				$data['backlog']->SetErr('must enter backlog value when autoStart is enabled');
				$isValid = false;
			}
			if ( !$data['instances']->HasVal() ) {
				$data['instances']->SetErr('must give number of instances when autoStart is enabled');
				$isValid = false;
			}
		}

		if ( isset($attr['names']) && (!$this->chkDups($to, $attr['names'], 'name')) ) {
			$isValid = false;
		}
		return $isValid;
	}

	protected function chkScriptHandler(&$to, &$attr)
	{
		$vals = DUtil::splitMultiple( $to['suffix']->GetVal() );
		$isValid = true;
		foreach( $vals as $suffix )	{
			if ( in_array( $suffix, $attr['names'] ) ) {
				$t[] = $suffix;
				$isValid = false;
			}
		}
		if ( !$isValid ) {
			$to['suffix']->SetErr(' Suffix ' . implode(', ', $t) . ' already exists. Please use a different suffix.');
		}
		return $isValid;
	}

}

Youez - 2016 - github.com/yon3zu
LinuXploit