implement bare-bone validation for config variables...

git-svn-id: file:///svn/phpbb/trunk@6367 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/adm/index.php

@@ -376,4 +376,82 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
 	return $tpl;
 }
 
+/**
+* Going through a config array and validate values, writing errors to $error.
+*/
+function validate_config_vars($config_vars, &$cfg_array, &$error)
+{
+	global $phpbb_root_path, $user;
+
+	foreach ($config_vars as $config_name => $config_definition)
+	{
+		if (!isset($cfg_array[$config_name]) || strpos($config_name, 'legend') !== false)
+		{
+			continue;
+		}
+
+		if (!isset($config_definition['validate']))
+		{
+			continue;
+		}
+
+		// Validate a bit. ;) String is already checked through request_var(), therefore we do not check this again
+		switch ($config_definition['validate'])
+		{
+			case 'bool':
+				$cfg_array[$config_name] = ($cfg_array[$config_name]) ? 1 : 0;
+			break;
+
+			case 'int':
+				$cfg_array[$config_name] = (int) $cfg_array[$config_name];
+			break;
+
+			case 'rpath':
+				if (!$cfg_array[$config_name])
+				{
+					break;
+				}
+
+				$destination = $cfg_array[$config_name];
+
+				// Adjust destination path (no trailing slash)
+				if ($destination{(sizeof($destination)-1)} == '/' || $destination{(sizeof($destination)-1)} == '\\')
+				{
+					$destination = substr($destination, 0, sizeof($destination)-2);
+				}
+
+				$destination = str_replace(array('../', '..\\', './', '.\\'), '', $destination);
+				if ($destination && ($destination{0} == '/' || $destination{0} == "\\"))
+				{
+					$destination = '';
+				}
+
+				$cfg_array[$config_name] = $destination;
+
+			case 'path':
+
+				if (!$cfg_array[$config_name])
+				{
+					break;
+				}
+
+				$cfg_array[$config_name] = trim($cfg_array[$config_name]);
+
+				if (!file_exists($phpbb_root_path . $cfg_array[$config_name]))
+				{
+					$error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $cfg_array[$config_name]);
+				}
+
+				if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !is_dir($phpbb_root_path . $cfg_array[$config_name]))
+				{
+					$error[] = sprintf($user->lang['DIRECTORY_NOT_DIR'], $cfg_array[$config_name]);
+				}
+
+			break;
+		}
+	}
+
+	return;
+}
+
 ?>

phpBB/adm/style/acp_board.html

@@ -6,6 +6,13 @@
 
 <p>{L_TITLE_EXPLAIN}</p>
 
+<!-- IF S_ERROR -->
+	<div class="errorbox">
+		<h3>{L_WARNING}</h3>
+		<p>{ERROR_MSG}</p>
+	</div>
+<!-- ENDIF -->
+
 <form id="acp_board" method="post" action="{U_ACTION}">
 
 <!-- BEGIN options -->

phpBB/adm/style/acp_forums.html

@@ -96,6 +96,14 @@
 			<dd><img src="{FORUM_IMAGE_SRC}" alt="{L_FORUM_IMAGE}" /></dd>
 		<!-- ENDIF -->
 	</dl>
+	<dl>
+		<dt><label for="forum_password">{L_FORUM_PASSWORD}:</label><br /><span>{L_FORUM_PASSWORD_EXPLAIN}</span></dt>
+		<dd><input type="password" id="forum_password" name="forum_password" value="{FORUM_PASSWORD}" /></dd>
+	</dl>
+	<dl>
+		<dt><label for="forum_password_confirm">{L_FORUM_PASSWORD_CONFIRM}:</label><br /><span>{L_FORUM_PASSWORD_CONFIRM_EXPLAIN}</span></dt>
+		<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="{FORUM_PASSWORD_CONFIRM}" /></dd>
+	</dl>
 	<dl>
 		<dt><label for="forum_style">{L_FORUM_STYLE}:</label></dt>
 		<dd><select id="forum_style" name="forum_style"><option value="0">{L_DEFAULT_STYLE}</option>{S_STYLES_OPTIONS}</select></dd>
@@ -149,14 +157,6 @@
 			<dt><label for="topics_per_page">{L_FORUM_TOPICS_PAGE}:</label><br /><span>{L_FORUM_TOPICS_PAGE_EXPLAIN}</span></dt>
 			<dd><input type="text" id="topics_per_page" name="topics_per_page" value="{TOPICS_PER_PAGE}" /></dd>
 		</dl>
-		<dl>
-			<dt><label for="forum_password">{L_FORUM_PASSWORD}:</label><br /><span>{L_FORUM_PASSWORD_EXPLAIN}</span></dt>
-			<dd><input type="password" id="forum_password" name="forum_password" value="{FORUM_PASSWORD}" /></dd>
-		</dl>
-		<dl>
-			<dt><label for="forum_password_confirm">{L_FORUM_PASSWORD_CONFIRM}:</label><br /><span>{L_FORUM_PASSWORD_CONFIRM_EXPLAIN}</span></dt>
-			<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="{FORUM_PASSWORD_CONFIRM}" /></dd>
-		</dl>
 		</fieldset>
 
 		<fieldset>