fix(color): add validation for CSS color formats in getColorOpt function

2025-12-26 23:26:47 +01:00 · 2025-07-08 20:26:05 +02:00
parent 7883514f40
commit 3152e8c288
2 changed files with 80 additions and 70 deletions
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -664,6 +664,16 @@ function getColorOpt()
    } else {
        $color = $_COOKIE['color'];
    }
+
+    // Define the regex pattern for valid CSS color formats
+    $colorPattern = "/^(#([a-fA-F0-9]{3}|[a-fA-F0-9]{6})|rgb\((\s*\d+\s*,){2}\s*\d+\s*\)|rgba\((\s*\d+\s*,){3}\s*(0|0\.\d+|1)\)|[a-zA-Z]+)$/i";
+
+    // Validate the color
+    if (!preg_match($colorPattern, $color)) {
+        // Return a default color if validation fails
+        $color = "#2b8080";
+    }
+
    return $color;
 }