accounting.cgi: Change some variables to alphanumeric - Bug#12777

- The Postcode in the address only allowed numeric postcodes. The Netherlands and Great
   Britain are at lease two countries that use alphanumeric postcodes with spaces. Changed
   the postcode check from numeric to alphanumeric.
- The Bank Code in the Providers details only allowed numeric Bank Codes. In Great Britain
   the Bank Code, also known as the Sort Code is made up of three groups of digits separated
   by a - .
- Adjusted the regex for the alphanumeric check to include a space and a - . The original
   comment indicated that a - was allowed but it was not included in the regex.
- Tested on a vm system and confirmed that a postcode from The Netherlands and Great Britain
   and a Sort Code from Breat Britain are now accepted.

Fixes: Bug#12777
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>

diff --git a/src/squid-accounting/accounting.cgi b/src/squid-accounting/accounting.cgi
index 751b6e8a5b8a33e07739ba98b84da2e1b4758e8b..e1e2346dad3008a946bb63b43310ac9365b072f0 100755 (executable)
--- a/src/squid-accounting/accounting.cgi
+++ b/src/squid-accounting/accounting.cgi
@@ -1488,7 +1488,7 @@ sub checkaddress{
        if (! $cgiparams{'txt_plz'}){
                $errormessage.="$Lang::tr{'acct empty field'} $Lang::tr{'acct plz'}<br>";
        }else{
-               if(! &validnumfield($cgiparams{'txt_plz'})){
+               if(! &validalphanumfield($cgiparams{'txt_plz'})){
                        $errormessage.="$Lang::tr{'acct invalid'} $Lang::tr{'acct plz'}<br>";
                }
        }
@@ -1523,7 +1523,7 @@ sub checkaddress{
                }
                if(($cgiparams{'txt_iban'} && $cgiparams{'txt_blz'})||(!$cgiparams{'txt_iban'} && $cgiparams{'txt_blz'})){
                        #Check BLZ
-                       if(! &validnumfield($cgiparams{'txt_blz'})){
+                       if(! &validalphanumfield($cgiparams{'txt_blz'})){
                                $errormessage.="$Lang::tr{'acct invalid'} $Lang::tr{'acct blz'}<br>";
                        }
                        #Check BANKACCOUNT
@@ -1653,7 +1653,7 @@ sub validphonefield{
 }
 
 sub validalphanumfield{
-       #GET: Input from a numeric field
+       #GET: Input from an alphanumeric field
        #GIVES: True if valid, false if not valid
        my $remark = $_[0];
 
@@ -1661,8 +1661,8 @@ sub validalphanumfield{
        # but no more than 63 characters
        if (length ($remark) < 1 || length ($remark) > 255) {
                return 0;}
-       # Only valid characters are a-z, A-Z, 0-9 and -
-       if ($remark !~ /^[0-9a-zA-Z]*$/) {
+       # Only valid characters are a-z, A-Z, 0-9 - and space
+       if ($remark !~ /^[0-9a-zA-Z- ]*$/) {
                return 0;}
        # First character can only be a letter or a digit
        if (substr ($remark, 0, 1) !~ /^[0-9A-Za-z]*$/) {