Merge pull request #130 from iMattPro/issue/129

iMattPro · web-flow · commit 3ac7b6d011ab · 2021-08-16T21:45:34.000-07:00
Fix validation of version constraints
diff --git a/helper/validator.php b/helper/validator.php
@@ -250,6 +250,6 @@ public function validate_php_version($value)
 	 */
 	protected function check_version($value)
 	{
-		return (bool) preg_match('/^[<>=]*[\d+][\w.@-]+$/', $value);
+		return (bool) preg_match('/^[<>=]*[\d+][\w.@-]+$/', htmlspecialchars_decode($value, ENT_NOQUOTES));
 	}
 }
diff --git a/tests/validator_test.php b/tests/validator_test.php
@@ -81,6 +81,8 @@ public function valid_data(): array
 			['phpbb_version_min', '<=1.0.0'],
 			['phpbb_version_min', '<=1.0.0@dev'],
 			['phpbb_version_min', '<=1.0.0-pl1'],
+			['phpbb_version_min', '&gt;1.0.0'],
+			['phpbb_version_min', '&lt;=1.0.0'],
 
 			['phpbb_version_max', '1.0.0'],
 			['phpbb_version_max', '>1.0.0'],
@@ -91,6 +93,8 @@ public function valid_data(): array
 			['phpbb_version_max', '<=1.0.0'],
 			['phpbb_version_max', '<=1.0.0@dev'],
 			['phpbb_version_max', '<=1.0.0-pl1'],
+			['phpbb_version_max', '&gt;1.0.0'],
+			['phpbb_version_max', '&lt;=1.0.0'],
 
 			['php_version', '1.0.0'],
 			['php_version', '>1.0.0'],
@@ -101,6 +105,8 @@ public function valid_data(): array
 			['php_version', '<=1.0.0'],
 			['php_version', '<=1.0.0@dev'],
 			['php_version', '<=1.0.0-pl1'],
+			['php_version', '&gt;1.0.0'],
+			['php_version', '&lt;=1.0.0'],
 		];
 	}
 
@@ -183,20 +189,23 @@ public function invalid_data(): array
 			['phpbb_version_min', '~1.0.0', 'SKELETON_INVALID_PHPBB_MIN_VERSION'],
 			['phpbb_version_min', '^1.0.0', 'SKELETON_INVALID_PHPBB_MIN_VERSION'],
 			['phpbb_version_min', '1.0.0 | 2.0.0', 'SKELETON_INVALID_PHPBB_MIN_VERSION'],
+			['phpbb_version_min', '&amp;gt;=5.4', 'SKELETON_INVALID_PHPBB_MIN_VERSION'],
 
 			['phpbb_version_max', '', 'SKELETON_INVALID_PHPBB_MAX_VERSION'],
 			['phpbb_version_max', null, 'SKELETON_INVALID_PHPBB_MAX_VERSION'],
 			['phpbb_version_max', 'foo', 'SKELETON_INVALID_PHPBB_MAX_VERSION'],
 			['phpbb_version_max', '~1.0.0', 'SKELETON_INVALID_PHPBB_MAX_VERSION'],
 			['phpbb_version_max', '^1.0.0', 'SKELETON_INVALID_PHPBB_MAX_VERSION'],
 			['phpbb_version_max', '1.0.0 | 2.0.0', 'SKELETON_INVALID_PHPBB_MAX_VERSION'],
+			['phpbb_version_max', '&amp;gt;=5.4', 'SKELETON_INVALID_PHPBB_MAX_VERSION'],
 
 			['php_version', '', 'SKELETON_INVALID_PHP_VERSION'],
 			['php_version', null, 'SKELETON_INVALID_PHP_VERSION'],
 			['php_version', 'foo', 'SKELETON_INVALID_PHP_VERSION'],
 			['php_version', '~1.0.0', 'SKELETON_INVALID_PHP_VERSION'],
 			['php_version', '^1.0.0', 'SKELETON_INVALID_PHP_VERSION'],
 			['php_version', '1.0.0 | 2.0.0', 'SKELETON_INVALID_PHP_VERSION'],
+			['php_version', '&amp;gt;=5.4', 'SKELETON_INVALID_PHP_VERSION'],
 		];
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -250,6 +250,6 @@ public function validate_php_version($value)`
`250`	`250`	`*/`
`251`	`251`	`protected function check_version($value)`
`252`	`252`	`{`
`253`		`- return (bool) preg_match('/^[<>=]*[\d+][\w.@-]+$/', $value);`
	`253`	`+ return (bool) preg_match('/^[<>=]*[\d+][\w.@-]+$/', htmlspecialchars_decode($value, ENT_NOQUOTES));`
`254`	`254`	`}`
`255`	`255`	`}`