From 4e31f99e098568c5d133125630533dad91d07348 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 30 Jul 2020 17:21:29 +0200
Subject: [serversetup-bwlp-ipxe/statistics] Sanitize strings from clients

Some string from the clients might not be well suited for utf-8
representation. Add wrapper functions that clean utf-8 strings, or
convert ANSI strings to UTF-8 while removing problematic chars.
---
 modules-available/serversetup-bwlp-ipxe/inc/scriptbuilderbase.inc.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'modules-available/serversetup-bwlp-ipxe/inc/scriptbuilderbase.inc.php')

diff --git a/modules-available/serversetup-bwlp-ipxe/inc/scriptbuilderbase.inc.php b/modules-available/serversetup-bwlp-ipxe/inc/scriptbuilderbase.inc.php
index b9867ed9..7bf9e2a3 100644
--- a/modules-available/serversetup-bwlp-ipxe/inc/scriptbuilderbase.inc.php
+++ b/modules-available/serversetup-bwlp-ipxe/inc/scriptbuilderbase.inc.php
@@ -59,6 +59,9 @@ abstract class ScriptBuilderBase
 		}
 		$this->hasExtension = $slxExtensions ?? (bool)Request::any('slx-extensions', false, 'int');
 		$this->uuid = Request::any('uuid', false, 'string');
+		if (!preg_match('/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i', $this->uuid)) {
+			$this->uuid = false;
+		}
 	}
 
 	/**
-- 
cgit v1.2.3-55-g7522