improve ssh key validation

Author: simonLeary42

resources/lib/UnitySite.php

@@ -49,6 +49,18 @@ public static function getGithubKeys($username)
 
     public static function testValidSSHKey($key_str)
     {
+        $key_str = trim($key_str);
+        if ($key_str == ""){
+            return false;
+        }
+        // PHP warning when key_str is digits: Attempt to read property "keys" on int
+        if (preg_match("/^[0-9]+$/", $key_str)) {
+            return false;
+        }
+        // PHP warning when key_str is JSON: Undefined property: stdClass::$keys
+        if (!is_null(@json_decode($key_str))){
+            return false;
+        }
         try {
             PublicKeyLoader::load($key_str);
             return true;

webroot/js/ajax/ssh_validate.php

@@ -2,11 +2,7 @@
 
 require "../../../resources/autoload.php";
 
+use UnityWebPortal\lib\UnitySite;
 use phpseclib3\Crypt\PublicKeyLoader;
 
-try {
-    PublicKeyLoader::load($_POST['key'], $password = false);
-    echo "true";
-} catch (Exception $e) {
-    echo "false";
-}
+echo (UnitySite::testValidSSHKey($_POST["key"]) ? "true" : "false");