smeserver-manager/sme10/smeserver-manager-0.1.4-bz12111-untainting-date.patch

diff -Nur --no-dereference smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm      2020-11-19 02:53:26.000000000 -0500
+++ smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm  2022-07-17 01:26:28.873000000 -0400
@@ -160,21 +160,26 @@
     #--------------------------------------------------
 
     my $timezone = $c->param ('Timezone');
-    if ($timezone =~ /^(.*)$/) {
+    if ($timezone =~ /^([\w\-]+\/?[\w\-+]*)$/) {
         $timezone = $1;
     } else {
         $timezone = "US/Eastern";
     }
 
     my $month = $c->param ('Month');
-    if ($month =~ /^(.*)$/) {
+
+    if ($month =~ /^(\d{1,2})$/) {
         $month = $1;
     } else {
         $month = "1";
     }
+    if (($month < 1) || ($month > 12)) {
+        return $c->l('dat_INVALID_MONTH')." $day. ". $c->l('dat_MONTH_BETWEEN_1_AND_12');
+    }
 
     my $day = $c->param ('Day');
-    if ($day =~ /^(.*)$/) {
+
+    if ($day =~ /^(\d{1,2})$/) {
         $day = $1;
     } else {
         $day = "1";
@@ -184,7 +189,7 @@
     }
 
     my $year = $c->param ('Year');
-    if ($year =~ /^(.*)$/) {
+    if ($year =~ /^(\d{4})$/) {
         $year = $1;
     } else {
         $year = "2000";
@@ -195,7 +200,7 @@
     }
 
     my $hour = $c->param ('Hour');
-    if ($hour =~ /^(.*)$/) {
+    if ($hour =~ /^(\d{1,2})$/) {
         $hour = $1;
     } else {
         $hour = "12";
@@ -205,7 +210,7 @@
     }
 
     my $minute = $c->param ('Minute');
-    if ($minute =~ /^(.*)$/) {
+    if ($minute =~ /^(\d{1,2})$/) {
         $minute = $1;
     } else {
         $minute = "0";
@@ -216,7 +221,7 @@
     }
     
     my $second = $c->param ('Second');
-    if ($second =~ /^(.*)$/) {
+    if ($second =~ /^(\d{1,2})$/) {
         $second = $1;
     } else {
         $second = "0";
@@ -227,7 +232,7 @@
     }
 
     my $ampm = $c->param ('Ampm');
-    if ($ampm =~ /^(.*)$/) {
+    if ($ampm =~ /^(AM|PM)$/) {
         $ampm = $1;
     } else {
         $ampm = "AM";
diff -Nur --no-dereference smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex
--- smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex       2021-06-21 05:25:10.000000000 -0400
+++ smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex   2022-07-17 01:29:12.355000000 -0400
@@ -36,6 +36,8 @@
 'dat_INVALID_MINUTE' => 'Error: invalid minute: ',
 'dat_BETWEEN_0_AND_59' => 'Please choose a minute between 0 and 59.',
 'dat_INVALID_SECOND' => 'Error: invalid second',
+'dat_MONTH_BETWEEN_1_AND_12' => 'Please choose a month value between 1 and 12.',
+'dat_INVALID_MONTH' => 'Error: invalid month',
 'dat_UPDATING_CLOCK' => 'System clock is being updated. Please wait for a few seconds, 
 then click <A HREF="datetime?page=1&wherenext=Verify" TARGET="main">here</A>
 to verify changes.',
1	diff -Nur --no-dereference smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm
2	--- smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm 2020-11-19 02:53:26.000000000 -0500
3	+++ smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/Controller/Datetime.pm 2022-07-17 01:26:28.873000000 -0400
4	@@ -160,21 +160,26 @@
5	#--------------------------------------------------
6
7	my $timezone = $c->param ('Timezone');
8	- if ($timezone =~ /^(.*)$/) {
9	+ if ($timezone =~ /^([\w\-]+\/?[\w\-+]*)$/) {
10	$timezone = $1;
11	} else {
12	$timezone = "US/Eastern";
13	}
14
15	my $month = $c->param ('Month');
16	- if ($month =~ /^(.*)$/) {
17	+
18	+ if ($month =~ /^(\d{1,2})$/) {
19	$month = $1;
20	} else {
21	$month = "1";
22	}
23	+ if (($month < 1) \|\| ($month > 12)) {
24	+ return $c->l('dat_INVALID_MONTH')." $day. ". $c->l('dat_MONTH_BETWEEN_1_AND_12');
25	+ }
26
27	my $day = $c->param ('Day');
28	- if ($day =~ /^(.*)$/) {
29	+
30	+ if ($day =~ /^(\d{1,2})$/) {
31	$day = $1;
32	} else {
33	$day = "1";
34	@@ -184,7 +189,7 @@
35	}
36
37	my $year = $c->param ('Year');
38	- if ($year =~ /^(.*)$/) {
39	+ if ($year =~ /^(\d{4})$/) {
40	$year = $1;
41	} else {
42	$year = "2000";
43	@@ -195,7 +200,7 @@
44	}
45
46	my $hour = $c->param ('Hour');
47	- if ($hour =~ /^(.*)$/) {
48	+ if ($hour =~ /^(\d{1,2})$/) {
49	$hour = $1;
50	} else {
51	$hour = "12";
52	@@ -205,7 +210,7 @@
53	}
54
55	my $minute = $c->param ('Minute');
56	- if ($minute =~ /^(.*)$/) {
57	+ if ($minute =~ /^(\d{1,2})$/) {
58	$minute = $1;
59	} else {
60	$minute = "0";
61	@@ -216,7 +221,7 @@
62	}
63
64	my $second = $c->param ('Second');
65	- if ($second =~ /^(.*)$/) {
66	+ if ($second =~ /^(\d{1,2})$/) {
67	$second = $1;
68	} else {
69	$second = "0";
70	@@ -227,7 +232,7 @@
71	}
72
73	my $ampm = $c->param ('Ampm');
74	- if ($ampm =~ /^(.*)$/) {
75	+ if ($ampm =~ /^(AM\|PM)$/) {
76	$ampm = $1;
77	} else {
78	$ampm = "AM";
79	diff -Nur --no-dereference smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex
80	--- smeserver-manager-0.1.4.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex 2021-06-21 05:25:10.000000000 -0400
81	+++ smeserver-manager-0.1.4/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Datetime/datetime_en.lex 2022-07-17 01:29:12.355000000 -0400
82	@@ -36,6 +36,8 @@
83	'dat_INVALID_MINUTE' => 'Error: invalid minute: ',
84	'dat_BETWEEN_0_AND_59' => 'Please choose a minute between 0 and 59.',
85	'dat_INVALID_SECOND' => 'Error: invalid second',
86	+'dat_MONTH_BETWEEN_1_AND_12' => 'Please choose a month value between 1 and 12.',
87	+'dat_INVALID_MONTH' => 'Error: invalid month',
88	'dat_UPDATING_CLOCK' => 'System clock is being updated. Please wait for a few seconds,
89	then click <A HREF="datetime?page=1&wherenext=Verify" TARGET="main">here</A>
90	to verify changes.',