Merge branch 'ent-8727-Error_autenticacion_AWS_View' into 'develop'

Fix credential storing with spaces See merge request artica/pandorafms!4767
2022-03-30 07:42:39 +00:00 · 2022-03-30 07:42:39 +00:00 · 2ab122405d
parent 01c2fd5da4 61713b453a
commit 2ab122405d
2 changed files with 55 additions and 6 deletions
--- a/pandora_console/include/class/CredentialStore.class.php
+++ b/pandora_console/include/class/CredentialStore.class.php
@ -14,7 +14,7 @@
 * |___|   |___._|__|__|_____||_____|__| |___._| |___|   |__|_|__|_______|
 *
 * ============================================================================
- * Copyright (c) 2005-2021 Artica Soluciones Tecnologicas
+ * Copyright (c) 2005-2022 Artica Soluciones Tecnologicas
 * Please see http://pandorafms.org for full contribution list
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@ -623,11 +623,13 @@ class CredentialStore extends Wizard
            $error = __('You must select a group where store this key!');
        } else if (empty($product) === true) {
            $error = __('You must specify a product type');
-        } else if (empty($username) === true && (empty($password) === true)) {
+        } else if (empty($username) === true || (empty($password) === true)) {
            $error = __('You must specify a username and/or password');
+        } else if (evaluate_ascii_valid_string(io_safe_output($identifier)) === false) {
+            $error = __('Identifier with forbidden characters. Check the documentation.');
        }

-        if (isset($error)) {
+        if (isset($error) === true) {
            $this->ajaxMsg('error', $error);
            exit;
        }
@ -644,8 +646,15 @@ class CredentialStore extends Wizard
        ];

        // Spaces  are not allowed.
-        $values['identifier'] = preg_replace('/\s+/', '-', trim($identifier));
-
+        $values['identifier'] = \io_safe_input(
+            preg_replace(
+                '/\s+/',
+                '-',
+                trim(
+                    \io_safe_output($identifier)
+                )
+            )
+        );
        return $values;
    }

@ -1270,7 +1279,7 @@ class CredentialStore extends Wizard
            });

        }
-    
+
        /**
         * Delete selected key
         */
--- a/pandora_console/include/graphs/functions_utils.php
+++ b/pandora_console/include/graphs/functions_utils.php
@ -328,3 +328,43 @@ function convert_array_multi($array, $glue)
    $result = substr($result, 0, (0 - strlen($glue)));
    return $result;
 }
+
+
+/**
+ * Evaluate if the chars of coming variable has in the range stablished.
+ *
+ * @param string $string String for be evaluated.
+ * @param array  $ranges Ranges for valid chars. Min: [ x <= Y ] Max: [ Y > x ].
+ * Example of valid ranges: [ '32:126', '150:188' ].
+ *
+ * @return boolean.
+ */
+function evaluate_ascii_valid_string(string $string='', array $ranges=[ '33:38', '40:126' ])
+{
+    if (empty($string) === true) {
+        return false;
+    }
+
+    $countChars = strlen($string);
+    // Let's explore all the chars.
+    for ($i = 0; $i < $countChars; $i++) {
+        // Get ascii number of the char.
+        $asciiNumber = ord($string[$i]);
+        // Check in all ranges.
+        $rangeValidation = false;
+        foreach ($ranges as $range) {
+            list($minRangeValue, $maxRangeValue) = explode(':', $range, 2);
+            // Check if is in range.
+            if ($asciiNumber > (int) $minRangeValue && $asciiNumber < (int) $maxRangeValue) {
+                $rangeValidation = true;
+            }
+        }
+
+        // None of the ranges was validated.
+        if ($rangeValidation === false) {
+            return false;
+        }
+    }
+
+    return true;
+}