smeserver-manager/sme10/smeserver-manager-0.1.4-bz12111-untainting-date.patch

diff -Nur --no-dereference smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm      2020-11-19 02:53:26.000000000 -0500
+++ smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm  2022-07-17 01:26:28.873000000 -0400
@@ -160,21 +160,26 @@
     #--------------------------------------------------
 
     my $timezone = $c->param ('Timezone');
-    if ($timezone =~ /^(.*)$/) {
+    if ($timezone =~ /^([\w\-]+\/?[\w\-+]*)$/) {
         $timezone = $1;
     } else {
         $timezone = "US/Eastern";
     }
 
     my $month = $c->param ('Month');
-    if ($month =~ /^(.*)$/) {
+
+    if ($month =~ /^(\d{1,2})$/) {
         $month = $1;
     } else {
         $month = "1";
     }
+    if (($month < 1) || ($month > 12)) {
+        return $c->l('dat_INVALID_MONTH')." $day. ". $c->l('dat_MONTH_BETWEEN_1_AND_12');
+    }
 
     my $day = $c->param ('Day');
-    if ($day =~ /^(.*)$/) {
+
+    if ($day =~ /^(\d{1,2})$/) {
         $day = $1;
     } else {
         $day = "1";
@@ -184,7 +189,7 @@
     }
 
     my $year = $c->param ('Year');
-    if ($year =~ /^(.*)$/) {
+    if ($year =~ /^(\d{4})$/) {
         $year = $1;
     } else {
         $year = "2000";
@@ -195,7 +200,7 @@
     }
 
     my $hour = $c->param ('Hour');
-    if ($hour =~ /^(.*)$/) {
+    if ($hour =~ /^(\d{1,2})$/) {
         $hour = $1;
     } else {
         $hour = "12";
@@ -205,7 +210,7 @@
     }
 
     my $minute = $c->param ('Minute');
-    if ($minute =~ /^(.*)$/) {
+    if ($minute =~ /^(\d{1,2})$/) {
         $minute = $1;
     } else {
         $minute = "0";
@@ -216,7 +221,7 @@
     }
     
     my $second = $c->param ('Second');
-    if ($second =~ /^(.*)$/) {
+    if ($second =~ /^(\d{1,2})$/) {
         $second = $1;
     } else {
         $second = "0";
@@ -227,7 +232,7 @@
     }
 
     my $ampm = $c->param ('Ampm');
-    if ($ampm =~ /^(.*)$/) {
+    if ($ampm =~ /^(AM|PM)$/) {
         $ampm = $1;
     } else {
         $ampm = "AM";
diff -Nur --no-dereference smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex       2021-06-21 05:25:10.000000000 -0400
+++ smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex   2022-07-17 01:29:12.355000000 -0400
@@ -36,6 +36,8 @@
 'dat_INVALID_MINUTE' => 'Error: invalid minute: ',
 'dat_BETWEEN_0_AND_59' => 'Please choose a minute between 0 and 59.',
 'dat_INVALID_SECOND' => 'Error: invalid second',
+'dat_MONTH_BETWEEN_1_AND_12' => 'Please choose a month value between 1 and 12.',
+'dat_INVALID_MONTH' => 'Error: invalid month',
 'dat_UPDATING_CLOCK' => 'System clock is being updated. Please wait for a few seconds, 
 then click <A HREF="datetime?page=1&wherenext=Verify" TARGET="main">here</A>
 to verify changes.',
1	jpp	1.1	diff -Nur --no-dereference smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm
2			--- smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm 2020-11-19 02:53:26.000000000 -0500
3			+++ smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm 2022-07-17 01:26:28.873000000 -0400
4			@@ -160,21 +160,26 @@
5			#--------------------------------------------------
6
7			my $timezone = $c->param ('Timezone');
8			- if ($timezone =~ /^(.*)$/) {
9			+ if ($timezone =~ /^([\w\-]+\/?[\w\-+]*)$/) {
10			$timezone = $1;
11			} else {
12			$timezone = "US/Eastern";
13			}
14
15			my $month = $c->param ('Month');
16			- if ($month =~ /^(.*)$/) {
17			+
18			+ if ($month =~ /^(\d{1,2})$/) {
19			$month = $1;
20			} else {
21			$month = "1";
22			}
23			+ if (($month < 1) \|\| ($month > 12)) {
24			+ return $c->l('dat_INVALID_MONTH')." $day. ". $c->l('dat_MONTH_BETWEEN_1_AND_12');
25			+ }
26
27			my $day = $c->param ('Day');
28			- if ($day =~ /^(.*)$/) {
29			+
30			+ if ($day =~ /^(\d{1,2})$/) {
31			$day = $1;
32			} else {
33			$day = "1";
34			@@ -184,7 +189,7 @@
35			}
36
37			my $year = $c->param ('Year');
38			- if ($year =~ /^(.*)$/) {
39			+ if ($year =~ /^(\d{4})$/) {
40			$year = $1;
41			} else {
42			$year = "2000";
43			@@ -195,7 +200,7 @@
44			}
45
46			my $hour = $c->param ('Hour');
47			- if ($hour =~ /^(.*)$/) {
48			+ if ($hour =~ /^(\d{1,2})$/) {
49			$hour = $1;
50			} else {
51			$hour = "12";
52			@@ -205,7 +210,7 @@
53			}
54
55			my $minute = $c->param ('Minute');
56			- if ($minute =~ /^(.*)$/) {
57			+ if ($minute =~ /^(\d{1,2})$/) {
58			$minute = $1;
59			} else {
60			$minute = "0";
61			@@ -216,7 +221,7 @@
62			}
63
64			my $second = $c->param ('Second');
65			- if ($second =~ /^(.*)$/) {
66			+ if ($second =~ /^(\d{1,2})$/) {
67			$second = $1;
68			} else {
69			$second = "0";
70			@@ -227,7 +232,7 @@
71			}
72
73			my $ampm = $c->param ('Ampm');
74			- if ($ampm =~ /^(.*)$/) {
75			+ if ($ampm =~ /^(AM\|PM)$/) {
76			$ampm = $1;
77			} else {
78			$ampm = "AM";
79			diff -Nur --no-dereference smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex
80			--- smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex 2021-06-21 05:25:10.000000000 -0400
81			+++ smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex 2022-07-17 01:29:12.355000000 -0400
82			@@ -36,6 +36,8 @@
83			'dat_INVALID_MINUTE' => 'Error: invalid minute: ',
84			'dat_BETWEEN_0_AND_59' => 'Please choose a minute between 0 and 59.',
85			'dat_INVALID_SECOND' => 'Error: invalid second',
86			+'dat_MONTH_BETWEEN_1_AND_12' => 'Please choose a month value between 1 and 12.',
87			+'dat_INVALID_MONTH' => 'Error: invalid month',
88			'dat_UPDATING_CLOCK' => 'System clock is being updated. Please wait for a few seconds,
89			then click <A HREF="datetime?page=1&wherenext=Verify" TARGET="main">here</A>
90			to verify changes.',