e-smith-ntp/sme10/e-smith-ntp-2.6.0-bz12107-untainting.patch

diff -Nur --no-dereference e-smith-ntp-2.6.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/datetime e-smith-ntp-2.6.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/datetime
--- e-smith-ntp-2.6.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/datetime      2008-10-07 13:36:26.000000000 -0400
+++ e-smith-ntp-2.6.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/datetime  2022-07-17 01:13:29.536000000 -0400
@@ -151,6 +151,14 @@
       <trans>Error: invalid second</trans>
     </entry>
     <entry>
+      <base>INVALID_MONTH</base>
+      <trans>Error: invalid month</trans>
+    </entry>
+    <entry>
+      <base>MONTH_BETWEEN_1_AND_12</base>
+      <trans>Please choose a month value between 1 and 12.</trans>
+    </entry>
+    <entry>
       <base>UPDATING_CLOCK</base>
       <trans>
         <![CDATA[
diff -Nur --no-dereference e-smith-ntp-2.6.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/datetime.pm e-smith-ntp-2.6.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/datetime.pm
--- e-smith-ntp-2.6.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/datetime.pm  2013-02-02 01:58:58.000000000 -0500
+++ e-smith-ntp-2.6.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/datetime.pm      2022-07-17 01:11:58.059000000 -0400
@@ -498,21 +498,30 @@
     #--------------------------------------------------
 
     my $timezone = $q->param ('timezone');
-    if ($timezone =~ /^(.*)$/) {
+    if ($timezone =~ /^([\w\-]+\/?[\w\-+]*)$/) {
         $timezone = $1;
     } else {
         $timezone = "US/Eastern";
     }
 
     my $month = $q->param ('month');
-    if ($month =~ /^(.*)$/) {
+    if ($month =~ /^(\d{1,2})$/) {
         $month = $1;
     } else {
         $month = "1";
     }
+    if (($month < 1) || ($month > 12))
+    {
+        $q->param(-name => "status_message",
+            -value => $q->p($self->localise('INVALID_MONTH')." $month. ".
+                $self->localise('MONTH_BETWEEN_1_AND_12')));
+        return $self->error($self->localise('INVALID_MONTH')." $month. ".
+                $self->localise('MONTH_BETWEEN_1_AND_12'));
+    }
+
 
     my $day = $q->param ('day');
-    if ($day =~ /^(.*)$/) {
+    if ($day =~ /^(\d{1,2})$/) {
         $day = $1;
     } else {
         $day = "1";
@@ -522,11 +531,12 @@
         $q->param(-name => "status_message", 
            -value => $q->p($self->localise('INVALID_DAY')." $day. ".
                 $self->localise('BETWEEN_1_AND_31')));
-        return '';
+        return $self->error($self->localise('INVALID_DAY')." $day. ".
+                $self->localise('BETWEEN_1_AND_31'));
     }
 
     my $year = $q->param ('year');
-    if ($year =~ /^(.*)$/) {
+    if ($year =~ /^(\d{4})$/) {
         $year = $1;
     } else {
         $year = "2000";
@@ -536,11 +546,12 @@
         $q->param(-name => "status_message",
            -value => $q->p($self->localise('INVALID_YEAR')." $year. ".
                 $self->localise('FOUR_DIGIT_YEAR')));
-        return '';
+        return $self->error($self->localise('INVALID_YEAR')." $year. ".
+                $self->localise('FOUR_DIGIT_YEAR'));
     }
 
     my $hour = $q->param ('hour');
-    if ($hour =~ /^(.*)$/) {
+    if ($hour =~ /^(\d{1,2})$/) {
         $hour = $1;
     } else {
         $hour = "12";
@@ -550,11 +561,12 @@
         $q->param(-name => "status_message",
            -value => $q->p($self->localise('INVALID_HOUR')." $hour. ".
                 $self->localise('BETWEEN_1_AND_12')));
-        return '';
+        return $self->error($self->localise('INVALID_HOUR')." $hour. ".
+                $self->localise('BETWEEN_1_AND_12'));
     }
 
     my $minute = $q->param ('minute');
-    if ($minute =~ /^(.*)$/) {
+    if ($minute =~ /^(\d{1,2})$/) {
         $minute = $1;
     } else {
         $minute = "0";
@@ -564,11 +576,12 @@
         $q->param(-name => "status_message",
            -value => $q->p($self->localise('INVALID_MINUTE')." $minute. ".
                 $self->localise('BETWEEN_0_AND_59')));
-        return '';
+        return $self->error(self->localise('INVALID_MINUTE')." $minute. ".
+                $self->localise('BETWEEN_0_AND_59'));
     }
     
     my $second = $q->param ('second');
-    if ($second =~ /^(.*)$/) {
+    if ($second =~ /^(\d{1,2})$/) {
         $second = $1;
     } else {
         $second = "0";
@@ -578,11 +591,12 @@
         $q->param(-name => "status_message", 
            -value => $q->p($self->localise('INVALID_SECOND')." $second. ".
                 $self->localise('BETWEEN_0_AND_59')));
-        return '';
+        return $self->error($self->localise('INVALID_SECOND')." $second. ".
+                $self->localise('BETWEEN_0_AND_59'));
     }
 
     my $ampm = $q->param ('ampm');
-    if ($ampm =~ /^(.*)$/) {
+    if ($ampm =~ /^(AM|PM)$/) {
         $ampm = $1;
     } else {
         $ampm = "AM";
1	diff -Nur --no-dereference e-smith-ntp-2.6.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/datetime e-smith-ntp-2.6.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/datetime
2	--- e-smith-ntp-2.6.0.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/datetime 2008-10-07 13:36:26.000000000 -0400
3	+++ e-smith-ntp-2.6.0/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/datetime 2022-07-17 01:13:29.536000000 -0400
4	@@ -151,6 +151,14 @@
5	<trans>Error: invalid second</trans>
6	</entry>
7	<entry>
8	+ <base>INVALID_MONTH</base>
9	+ <trans>Error: invalid month</trans>
10	+ </entry>
11	+ <entry>
12	+ <base>MONTH_BETWEEN_1_AND_12</base>
13	+ <trans>Please choose a month value between 1 and 12.</trans>
14	+ </entry>
15	+ <entry>
16	<base>UPDATING_CLOCK</base>
17	<trans>
18	<![CDATA[
19	diff -Nur --no-dereference e-smith-ntp-2.6.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/datetime.pm e-smith-ntp-2.6.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/datetime.pm
20	--- e-smith-ntp-2.6.0.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/datetime.pm 2013-02-02 01:58:58.000000000 -0500
21	+++ e-smith-ntp-2.6.0/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/datetime.pm 2022-07-17 01:11:58.059000000 -0400
22	@@ -498,21 +498,30 @@
23	#--------------------------------------------------
24
25	my $timezone = $q->param ('timezone');
26	- if ($timezone =~ /^(.*)$/) {
27	+ if ($timezone =~ /^([\w\-]+\/?[\w\-+]*)$/) {
28	$timezone = $1;
29	} else {
30	$timezone = "US/Eastern";
31	}
32
33	my $month = $q->param ('month');
34	- if ($month =~ /^(.*)$/) {
35	+ if ($month =~ /^(\d{1,2})$/) {
36	$month = $1;
37	} else {
38	$month = "1";
39	}
40	+ if (($month < 1) \|\| ($month > 12))
41	+ {
42	+ $q->param(-name => "status_message",
43	+ -value => $q->p($self->localise('INVALID_MONTH')." $month. ".
44	+ $self->localise('MONTH_BETWEEN_1_AND_12')));
45	+ return $self->error($self->localise('INVALID_MONTH')." $month. ".
46	+ $self->localise('MONTH_BETWEEN_1_AND_12'));
47	+ }
48	+
49
50	my $day = $q->param ('day');
51	- if ($day =~ /^(.*)$/) {
52	+ if ($day =~ /^(\d{1,2})$/) {
53	$day = $1;
54	} else {
55	$day = "1";
56	@@ -522,11 +531,12 @@
57	$q->param(-name => "status_message",
58	-value => $q->p($self->localise('INVALID_DAY')." $day. ".
59	$self->localise('BETWEEN_1_AND_31')));
60	- return '';
61	+ return $self->error($self->localise('INVALID_DAY')." $day. ".
62	+ $self->localise('BETWEEN_1_AND_31'));
63	}
64
65	my $year = $q->param ('year');
66	- if ($year =~ /^(.*)$/) {
67	+ if ($year =~ /^(\d{4})$/) {
68	$year = $1;
69	} else {
70	$year = "2000";
71	@@ -536,11 +546,12 @@
72	$q->param(-name => "status_message",
73	-value => $q->p($self->localise('INVALID_YEAR')." $year. ".
74	$self->localise('FOUR_DIGIT_YEAR')));
75	- return '';
76	+ return $self->error($self->localise('INVALID_YEAR')." $year. ".
77	+ $self->localise('FOUR_DIGIT_YEAR'));
78	}
79
80	my $hour = $q->param ('hour');
81	- if ($hour =~ /^(.*)$/) {
82	+ if ($hour =~ /^(\d{1,2})$/) {
83	$hour = $1;
84	} else {
85	$hour = "12";
86	@@ -550,11 +561,12 @@
87	$q->param(-name => "status_message",
88	-value => $q->p($self->localise('INVALID_HOUR')." $hour. ".
89	$self->localise('BETWEEN_1_AND_12')));
90	- return '';
91	+ return $self->error($self->localise('INVALID_HOUR')." $hour. ".
92	+ $self->localise('BETWEEN_1_AND_12'));
93	}
94
95	my $minute = $q->param ('minute');
96	- if ($minute =~ /^(.*)$/) {
97	+ if ($minute =~ /^(\d{1,2})$/) {
98	$minute = $1;
99	} else {
100	$minute = "0";
101	@@ -564,11 +576,12 @@
102	$q->param(-name => "status_message",
103	-value => $q->p($self->localise('INVALID_MINUTE')." $minute. ".
104	$self->localise('BETWEEN_0_AND_59')));
105	- return '';
106	+ return $self->error(self->localise('INVALID_MINUTE')." $minute. ".
107	+ $self->localise('BETWEEN_0_AND_59'));
108	}
109
110	my $second = $q->param ('second');
111	- if ($second =~ /^(.*)$/) {
112	+ if ($second =~ /^(\d{1,2})$/) {
113	$second = $1;
114	} else {
115	$second = "0";
116	@@ -578,11 +591,12 @@
117	$q->param(-name => "status_message",
118	-value => $q->p($self->localise('INVALID_SECOND')." $second. ".
119	$self->localise('BETWEEN_0_AND_59')));
120	- return '';
121	+ return $self->error($self->localise('INVALID_SECOND')." $second. ".
122	+ $self->localise('BETWEEN_0_AND_59'));
123	}
124
125	my $ampm = $q->param ('ampm');
126	- if ($ampm =~ /^(.*)$/) {
127	+ if ($ampm =~ /^(AM\|PM)$/) {
128	$ampm = $1;
129	} else {
130	$ampm = "AM";