[PATCH] accounting.cgi: Change some variables to alphanumeric - Bug#12777

[PATCH] accounting.cgi: Change some variables to alphanumeric - Bug#12777

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 2642 bytes --]

- The Postcode in the address only allowed numeric postcodes. The Netherlands and Great
   Britain are at lease two countries that use alphanumeric postcodes with spaces. Changed
   the postcode check from numeric to alphanumeric.
- The Bank Code in the Providers details only allowed numeric Bank Codes. In Great Britain
   the Bank Code, also known as the Sort Code is made up of three groups of digits separated
   by a - .
- Adjusted the regex for the alphanumeric check to include a space and a - . The original
   comment indicated that a - was allowed but it was not included in the regex.
- Tested on a vm system and confirmed that a postcode from The Netherlands and Great Britain
   and a Sort Code from Breat Britain are now accepted.

Fixes: Bug#12777
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 src/squid-accounting/accounting.cgi | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/squid-accounting/accounting.cgi b/src/squid-accounting/accounting.cgi
index 751b6e8a5..e1e2346da 100755
--- a/src/squid-accounting/accounting.cgi
+++ b/src/squid-accounting/accounting.cgi
@@ -1488,7 +1488,7 @@ sub checkaddress{
 	if (! $cgiparams{'txt_plz'}){
 		$errormessage.="$Lang::tr{'acct empty field'} $Lang::tr{'acct plz'}<br>";
 	}else{
-		if(! &validnumfield($cgiparams{'txt_plz'})){
+		if(! &validalphanumfield($cgiparams{'txt_plz'})){
 			$errormessage.="$Lang::tr{'acct invalid'} $Lang::tr{'acct plz'}<br>";
 		}
 	}
@@ -1523,7 +1523,7 @@ sub checkaddress{
 		}
 		if(($cgiparams{'txt_iban'} && $cgiparams{'txt_blz'})||(!$cgiparams{'txt_iban'} && $cgiparams{'txt_blz'})){
 			#Check BLZ
-			if(! &validnumfield($cgiparams{'txt_blz'})){
+			if(! &validalphanumfield($cgiparams{'txt_blz'})){
 				$errormessage.="$Lang::tr{'acct invalid'} $Lang::tr{'acct blz'}<br>";
 			}
 			#Check BANKACCOUNT
@@ -1653,7 +1653,7 @@ sub validphonefield{
 }
 
 sub validalphanumfield{
-	#GET: Input from a numeric field
+	#GET: Input from an alphanumeric field
 	#GIVES: True if valid, false if not valid
 	my $remark = $_[0];
 
@@ -1661,8 +1661,8 @@ sub validalphanumfield{
 	# but no more than 63 characters
 	if (length ($remark) < 1 || length ($remark) > 255) {
 		return 0;}
-	# Only valid characters are a-z, A-Z, 0-9 and -
-	if ($remark !~ /^[0-9a-zA-Z]*$/) {
+	# Only valid characters are a-z, A-Z, 0-9 - and space
+	if ($remark !~ /^[0-9a-zA-Z- ]*$/) {
 		return 0;}
 	# First character can only be a letter or a digit
 	if (substr ($remark, 0, 1) !~ /^[0-9A-Za-z]*$/) {
-- 
2.35.1

Re: [PATCH] accounting.cgi: Change some variables to alphanumeric - Bug#12777

[Bernhard Bitsch]

[-- Attachment #1: Type: text/plain, Size: 2879 bytes --]

Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>

Am 18.02.2022 um 15:33 schrieb Adolf Belka:
> - The Postcode in the address only allowed numeric postcodes. The Netherlands and Great
>     Britain are at lease two countries that use alphanumeric postcodes with spaces. Changed
>     the postcode check from numeric to alphanumeric.
> - The Bank Code in the Providers details only allowed numeric Bank Codes. In Great Britain
>     the Bank Code, also known as the Sort Code is made up of three groups of digits separated
>     by a - .
> - Adjusted the regex for the alphanumeric check to include a space and a - . The original
>     comment indicated that a - was allowed but it was not included in the regex.
> - Tested on a vm system and confirmed that a postcode from The Netherlands and Great Britain
>     and a Sort Code from Breat Britain are now accepted.
> 
> Fixes: Bug#12777
> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
>   src/squid-accounting/accounting.cgi | 10 +++++-----
>   1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/src/squid-accounting/accounting.cgi b/src/squid-accounting/accounting.cgi
> index 751b6e8a5..e1e2346da 100755
> --- a/src/squid-accounting/accounting.cgi
> +++ b/src/squid-accounting/accounting.cgi
> @@ -1488,7 +1488,7 @@ sub checkaddress{
>   	if (! $cgiparams{'txt_plz'}){
>   		$errormessage.="$Lang::tr{'acct empty field'} $Lang::tr{'acct plz'}<br>";
>   	}else{
> -		if(! &validnumfield($cgiparams{'txt_plz'})){
> +		if(! &validalphanumfield($cgiparams{'txt_plz'})){
>   			$errormessage.="$Lang::tr{'acct invalid'} $Lang::tr{'acct plz'}<br>";
>   		}
>   	}
> @@ -1523,7 +1523,7 @@ sub checkaddress{
>   		}
>   		if(($cgiparams{'txt_iban'} && $cgiparams{'txt_blz'})||(!$cgiparams{'txt_iban'} && $cgiparams{'txt_blz'})){
>   			#Check BLZ
> -			if(! &validnumfield($cgiparams{'txt_blz'})){
> +			if(! &validalphanumfield($cgiparams{'txt_blz'})){
>   				$errormessage.="$Lang::tr{'acct invalid'} $Lang::tr{'acct blz'}<br>";
>   			}
>   			#Check BANKACCOUNT
> @@ -1653,7 +1653,7 @@ sub validphonefield{
>   }
>   
>   sub validalphanumfield{
> -	#GET: Input from a numeric field
> +	#GET: Input from an alphanumeric field
>   	#GIVES: True if valid, false if not valid
>   	my $remark = $_[0];
>   
> @@ -1661,8 +1661,8 @@ sub validalphanumfield{
>   	# but no more than 63 characters
>   	if (length ($remark) < 1 || length ($remark) > 255) {
>   		return 0;}
> -	# Only valid characters are a-z, A-Z, 0-9 and -
> -	if ($remark !~ /^[0-9a-zA-Z]*$/) {
> +	# Only valid characters are a-z, A-Z, 0-9 - and space
> +	if ($remark !~ /^[0-9a-zA-Z- ]*$/) {
>   		return 0;}
>   	# First character can only be a letter or a digit
>   	if (substr ($remark, 0, 1) !~ /^[0-9A-Za-z]*$/) {