Replaced integer checks that used preg_match() to use ctype_digit() instead
authorDan
Sun, 25 Jan 2009 21:20:14 -0500
changeset 826 dcf5381ce8ba
parent 825 9d5c04c1414f
child 827 2c20563245b2
Replaced integer checks that used preg_match() to use ctype_digit() instead
includes/sessions.php
index.php
plugins/PrivateMessages.php
plugins/SpecialAdmin.php
plugins/admin/LangManager.php
--- a/includes/sessions.php	Sun Jan 25 21:18:05 2009 -0500
+++ b/includes/sessions.php	Sun Jan 25 21:20:14 2009 -0500
@@ -3716,7 +3716,7 @@
       
       // Fetch private key
       $dh_public = $_POST['dh_public_key'];
-      if ( !preg_match('/^[0-9]+$/', $dh_public) )
+      if ( !ctype_digit($dh_public) )
       {
         throw new Exception('ERR_DH_KEY_NOT_INTEGER');
       }
@@ -3888,7 +3888,7 @@
         $dh_hash = $req['dh_secret_hash'];
         
         // Check the key
-        if ( !preg_match('/^[0-9]+$/', $dh_public) || !preg_match('/^[0-9]+$/', $req['dh_client_key']) )
+        if ( !ctype_digit($dh_public) || !ctype_digit($req['dh_client_key']) )
         {
           return array(
             'mode' => 'error',
--- a/index.php	Sun Jan 25 21:18:05 2009 -0500
+++ b/index.php	Sun Jan 25 21:20:14 2009 -0500
@@ -281,7 +281,7 @@
       break;
     case 'rollback':
       $id = (isset($_GET['id'])) ? $_GET['id'] : false;
-      if(!$id || !preg_match('#^([0-9]+)$#', $id)) die_friendly('Invalid action ID', '<p>The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.</p>');
+      if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', '<p>The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.</p>');
       
       $id = intval($id);
       
--- a/plugins/PrivateMessages.php	Sun Jan 25 21:18:05 2009 -0500
+++ b/plugins/PrivateMessages.php	Sun Jan 25 21:20:14 2009 -0500
@@ -60,7 +60,7 @@
       break;
     case 'View':
       $id = $argv[1];
-      if ( !preg_match('#^([0-9]+)$#', $id) )
+      if ( !ctype_digit($id) )
       {
         die_friendly('Message error', '<p>Invalid message ID</p>');
       }
@@ -106,7 +106,7 @@
       break;
     case 'Move':
       $id = $argv[1];
-      if ( !preg_match('#^([0-9]+)$#', $id) )
+      if ( !ctype_digit($id) )
       {
         die_friendly('Message error', '<p>Invalid message ID</p>');
       }
@@ -136,7 +136,7 @@
       break;
     case 'Delete':
       $id = $argv[1];
-      if ( !preg_match('#^([0-9]+)$#', $id) )
+      if ( !ctype_digit($id) )
       {
         die_friendly('Message error', '<p>Invalid message ID</p>');
       }
@@ -365,7 +365,7 @@
       break;
     case 'Edit':
       $id = $argv[1];
-      if ( !preg_match('#^([0-9]+)$#', $id) )
+      if ( !ctype_digit($id) )
       {
         die_friendly('Message error', '<p>Invalid message ID</p>');
       }
--- a/plugins/SpecialAdmin.php	Sun Jan 25 21:18:05 2009 -0500
+++ b/plugins/SpecialAdmin.php	Sun Jan 25 21:20:14 2009 -0500
@@ -354,10 +354,10 @@
     setConfig('register_tou', RenderMan::preprocess_text($_POST['register_tou'], true, false));
     
     // Account lockout policy
-    if ( preg_match('/^[0-9]+$/', $_POST['lockout_threshold']) )
+    if ( ctype_digit($_POST['lockout_threshold']) )
       setConfig('lockout_threshold', $_POST['lockout_threshold']);
     
-    if ( preg_match('/^[0-9]+$/', $_POST['lockout_duration']) )
+    if ( ctype_digit($_POST['lockout_duration']) )
       setConfig('lockout_duration', $_POST['lockout_duration']);
     
     if ( in_array($_POST['lockout_policy'], array('disable', 'captcha', 'lockout')) )
--- a/plugins/admin/LangManager.php	Sun Jan 25 21:18:05 2009 -0500
+++ b/plugins/admin/LangManager.php	Sun Jan 25 21:20:14 2009 -0500
@@ -47,7 +47,7 @@
         
         // Is this parameter in the form of an integer?
         // (designed to ease validation later)
-        if ( preg_match('/^[0-9]+$/', $parm) )
+        if ( ctype_digit($parm) )
           // Yes, run intval(), this enabling is_int()-ish checks
           $parm = intval($parm);