From dc73fd0cba915f27904719a7cd689c0949b342ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=A1bor=20Hojtsy?= <gabor@hojtsy.hu>
Date: Wed, 19 Dec 2007 16:06:09 +0000
Subject: [PATCH] #201540 by theborg, douggreen, Pancho: some system setting
 were not validated properly; also added missing required field markers

---
 modules/system/system.admin.inc | 52 +++++++++++++++++++++++++++++++--
 modules/system/system.module    |  1 -
 2 files changed, 49 insertions(+), 4 deletions(-)

diff --git a/modules/system/system.admin.inc b/modules/system/system.admin.inc
index ee5d86373b2..ec8ecc898b0 100644
--- a/modules/system/system.admin.inc
+++ b/modules/system/system.admin.inc
@@ -1125,7 +1125,6 @@ function system_site_information_settings() {
     '#default_value' => variable_get('site_slogan', ''),
     '#description' => t('The slogan of this website. Some themes display a slogan when available.')
   );
-
   $form['site_mission'] = array(
     '#type' => 'textarea',
     '#title' => t('Mission'),
@@ -1142,7 +1141,8 @@ function system_site_information_settings() {
     '#type' => 'textfield',
     '#title' => t('Anonymous user'),
     '#default_value' => variable_get('anonymous', t('Anonymous')),
-    '#description' => t('The name used to indicate anonymous users.')
+    '#description' => t('The name used to indicate anonymous users.'),
+    '#required' => TRUE,
   );
   $form['site_frontpage'] = array(
     '#type' => 'textfield',
@@ -1150,12 +1150,29 @@ function system_site_information_settings() {
     '#default_value' => variable_get('site_frontpage', 'node'),
     '#size' => 40,
     '#description' => t('The home page displays content from this relative URL. If unsure, specify "node".'),
-    '#field_prefix' => url(NULL, array('absolute' => TRUE)) . (variable_get('clean_url', 0) ? '' : '?q=')
+    '#field_prefix' => url(NULL, array('absolute' => TRUE)) . (variable_get('clean_url', 0) ? '' : '?q='),
+    '#required' => TRUE,
   );
+  $form['#validate'][] = 'system_site_information_settings_validate';
 
   return system_settings_form($form);
 }
 
+/**
+ * Validate the submitted site-information form.
+ */
+function system_site_information_settings_validate($form, &$form_state) {
+  // Validate the e-mail address.
+  if ($error = user_validate_mail($form_state['values']['site_mail'])) {
+    form_set_error('site_mail', $error);
+  }
+  // Validate front page path.
+  $item = array('link_path' => $form_state['values']['site_frontpage']);
+  if (!empty($item) && !menu_valid_path($item)) {
+    form_set_error('site_frontpage', t("The path '@path' is either invalid or you do not have access to it.", array('@path' => $item['link_path'])));
+  }
+}
+
 /**
  * Form builder; Configure error reporting settings.
  *
@@ -1188,9 +1205,26 @@ function system_error_reporting_settings() {
     '#description' =>  t('Specify where Drupal, PHP and SQL errors are logged. While it is recommended that a site running in a production environment write errors to the log only, in a development or testing environment it may be helpful to write errors both to the log and to the screen.')
   );
 
+  $form['#validate'][] = 'system_error_reporting_settings_validate';
+
   return system_settings_form($form);
 }
 
+/**
+ * Validate the submitted error reporting form.
+ */
+function system_error_reporting_settings_validate($form, &$form_state) { 
+  // Validate paths to 403 and 404 error pages.
+  $item = array('link_path' => $form_state['values']['site_403']);
+  if (!empty($item['link_path']) && !menu_valid_path($item)) {
+    form_set_error('site_403', t("The path '@path' is either invalid or you do not have access to it.", array('@path' => $item['link_path'])));
+  }
+  $item = array('link_path' => $form_state['values']['site_404']);
+  if (!empty($item['link_path']) && !menu_valid_path($item)) {
+    form_set_error('site_404', t("The path '@path' is either invalid or you do not have access to it.", array('@path' => $item['link_path'])));
+  }
+}
+
 /**
  * Menu callback; Menu page for the various logging options.
  */
@@ -1379,10 +1413,22 @@ function system_image_toolkit_settings() {
   }
 
   $form['image_toolkit_settings'] = image_toolkit_invoke('settings');
+  $form['#validate'][] = 'system_image_toolkit_settings_validate';
 
   return system_settings_form($form);
 }
 
+/**
+ * Validate the submitted image-toolkit form.
+ */
+function system_image_toolkit_settings_validate($form, &$form_state) { 
+  // Validate image quality range.
+  $value = $form_state['values']['image_jpeg_quality'];
+  if (!is_numeric($value) || $value < 0 || $value > 100) {
+    form_set_error('image_jpeg_quality', t('JPEG quality must be a number between 0 and 100.'));
+  }
+}
+
 /**
  * Form builder; Configure how the site handles RSS feeds.
  *
diff --git a/modules/system/system.module b/modules/system/system.module
index 8dd49ba4ff2..497a2078788 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -992,7 +992,6 @@ function system_settings_form($form) {
     drupal_set_message(t('The settings have not been saved because of the errors.'), 'error');
   }
   $form['#submit'][] = 'system_settings_form_submit';
-  $form['#validate'][] = 'system_settings_form_validate';
   $form['#theme'] = 'system_settings_form';
   return $form;
 }