--- a/includes/sessions.php Sun Jan 25 21:18:05 2009 -0500
+++ b/includes/sessions.php Sun Jan 25 21:20:14 2009 -0500
@@ -3716,7 +3716,7 @@
// Fetch private key
$dh_public = $_POST['dh_public_key'];
- if ( !preg_match('/^[0-9]+$/', $dh_public) )
+ if ( !ctype_digit($dh_public) )
{
throw new Exception('ERR_DH_KEY_NOT_INTEGER');
}
@@ -3888,7 +3888,7 @@
$dh_hash = $req['dh_secret_hash'];
// Check the key
- if ( !preg_match('/^[0-9]+$/', $dh_public) || !preg_match('/^[0-9]+$/', $req['dh_client_key']) )
+ if ( !ctype_digit($dh_public) || !ctype_digit($req['dh_client_key']) )
{
return array(
'mode' => 'error',
--- a/index.php Sun Jan 25 21:18:05 2009 -0500
+++ b/index.php Sun Jan 25 21:20:14 2009 -0500
@@ -281,7 +281,7 @@
break;
case 'rollback':
$id = (isset($_GET['id'])) ? $_GET['id'] : false;
- if(!$id || !preg_match('#^([0-9]+)$#', $id)) die_friendly('Invalid action ID', '<p>The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.</p>');
+ if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', '<p>The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.</p>');
$id = intval($id);
--- a/plugins/PrivateMessages.php Sun Jan 25 21:18:05 2009 -0500
+++ b/plugins/PrivateMessages.php Sun Jan 25 21:20:14 2009 -0500
@@ -60,7 +60,7 @@
break;
case 'View':
$id = $argv[1];
- if ( !preg_match('#^([0-9]+)$#', $id) )
+ if ( !ctype_digit($id) )
{
die_friendly('Message error', '<p>Invalid message ID</p>');
}
@@ -106,7 +106,7 @@
break;
case 'Move':
$id = $argv[1];
- if ( !preg_match('#^([0-9]+)$#', $id) )
+ if ( !ctype_digit($id) )
{
die_friendly('Message error', '<p>Invalid message ID</p>');
}
@@ -136,7 +136,7 @@
break;
case 'Delete':
$id = $argv[1];
- if ( !preg_match('#^([0-9]+)$#', $id) )
+ if ( !ctype_digit($id) )
{
die_friendly('Message error', '<p>Invalid message ID</p>');
}
@@ -365,7 +365,7 @@
break;
case 'Edit':
$id = $argv[1];
- if ( !preg_match('#^([0-9]+)$#', $id) )
+ if ( !ctype_digit($id) )
{
die_friendly('Message error', '<p>Invalid message ID</p>');
}
--- a/plugins/SpecialAdmin.php Sun Jan 25 21:18:05 2009 -0500
+++ b/plugins/SpecialAdmin.php Sun Jan 25 21:20:14 2009 -0500
@@ -354,10 +354,10 @@
setConfig('register_tou', RenderMan::preprocess_text($_POST['register_tou'], true, false));
// Account lockout policy
- if ( preg_match('/^[0-9]+$/', $_POST['lockout_threshold']) )
+ if ( ctype_digit($_POST['lockout_threshold']) )
setConfig('lockout_threshold', $_POST['lockout_threshold']);
- if ( preg_match('/^[0-9]+$/', $_POST['lockout_duration']) )
+ if ( ctype_digit($_POST['lockout_duration']) )
setConfig('lockout_duration', $_POST['lockout_duration']);
if ( in_array($_POST['lockout_policy'], array('disable', 'captcha', 'lockout')) )
--- a/plugins/admin/LangManager.php Sun Jan 25 21:18:05 2009 -0500
+++ b/plugins/admin/LangManager.php Sun Jan 25 21:20:14 2009 -0500
@@ -47,7 +47,7 @@
// Is this parameter in the form of an integer?
// (designed to ease validation later)
- if ( preg_match('/^[0-9]+$/', $parm) )
+ if ( ctype_digit($parm) )
// Yes, run intval(), this enabling is_int()-ish checks
$parm = intval($parm);