X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/09460258d1d198a77f41815502a79c521599d893..a2cf5ce7f9c827da299ef19e3fa56030f8cdbf79:/WEB-INF/lib/common.lib.php?ds=inline

diff --git a/WEB-INF/lib/common.lib.php b/WEB-INF/lib/common.lib.php
index 81c870f8..ac0b6825 100644
--- a/WEB-INF/lib/common.lib.php
+++ b/WEB-INF/lib/common.lib.php
@@ -308,6 +308,23 @@ function ttValidCronSpec($val)
   return true;
 }
 
+// ttValidCondition is used to check user input to validate a notification condition.
+function ttValidCondition($val, $emptyValid = true)
+{
+  $val = trim($val);
+  if (strlen($val) == 0)
+    return ($emptyValid ? true : false);
+
+  // String must not be XSS evil (to insert JavaScript).
+  if (stristr($val, '<script>') || stristr($val, '<script '))
+    return false;
+
+  if (!preg_match("/^count\s?>\s?\d+$/", $val))
+    return false;
+
+  return true;
+}
+
 // ttAccessCheck is used to check whether user is allowed to proceed. This function is used
 // as an initial check on all publicly available pages.
 function ttAccessCheck($required_rights)