mirror of
https://github.com/Combodo/iTop.git
synced 2026-05-19 07:12:26 +02:00
💡 Add phpdoc for N°1835 new Sanitize param
This commit is contained in:
Pierre Goiffon
@@ -273,79 +273,93 @@ class utils
|
|||||||
}
|
}
|
||||||
return $retValue;
|
return $retValue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string|string[] $value
|
||||||
|
* @param string $sSanitizationFilter one of : integer, class, string, context_param, parameter, field_name,
|
||||||
|
* transaction_id, parameter, raw_data
|
||||||
|
*
|
||||||
|
* @return string|string[]|bool boolean for :
|
||||||
|
* * the 'class' filter (true if valid, false otherwise)
|
||||||
|
* * if the filter fails (@see \filter_var())
|
||||||
|
*
|
||||||
|
* @since 2.5.2 2.6.0 new 'transaction_id' filter
|
||||||
|
*/
|
||||||
protected static function Sanitize_Internal($value, $sSanitizationFilter)
|
protected static function Sanitize_Internal($value, $sSanitizationFilter)
|
||||||
{
|
{
|
||||||
switch($sSanitizationFilter)
|
switch ($sSanitizationFilter)
|
||||||
{
|
{
|
||||||
case 'integer':
|
case 'integer':
|
||||||
$retValue = filter_var($value, FILTER_SANITIZE_NUMBER_INT);
|
$retValue = filter_var($value, FILTER_SANITIZE_NUMBER_INT);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'class':
|
case 'class':
|
||||||
$retValue = $value;
|
$retValue = $value;
|
||||||
if (!MetaModel::IsValidClass($value))
|
if (!MetaModel::IsValidClass($value))
|
||||||
{
|
{
|
||||||
$retValue = false;
|
$retValue = false;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'string':
|
case 'string':
|
||||||
$retValue = filter_var($value, FILTER_SANITIZE_SPECIAL_CHARS);
|
$retValue = filter_var($value, FILTER_SANITIZE_SPECIAL_CHARS);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'context_param':
|
case 'context_param':
|
||||||
case 'parameter':
|
case 'parameter':
|
||||||
case 'field_name':
|
case 'field_name':
|
||||||
if (is_array($value))
|
if (is_array($value))
|
||||||
{
|
|
||||||
$retValue = array();
|
|
||||||
foreach($value as $key => $val)
|
|
||||||
{
|
{
|
||||||
$retValue[$key] = self::Sanitize_Internal($val, $sSanitizationFilter); // recursively check arrays
|
$retValue = array();
|
||||||
if ($retValue[$key] === false)
|
foreach ($value as $key => $val)
|
||||||
{
|
{
|
||||||
$retValue = false;
|
$retValue[$key] = self::Sanitize_Internal($val, $sSanitizationFilter); // recursively check arrays
|
||||||
break;
|
if ($retValue[$key] === false)
|
||||||
|
{
|
||||||
|
$retValue = false;
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
else
|
||||||
else
|
|
||||||
{
|
|
||||||
switch($sSanitizationFilter)
|
|
||||||
{
|
{
|
||||||
case 'transaction_id':
|
switch ($sSanitizationFilter)
|
||||||
// same as parameter type but keep the dot character
|
{
|
||||||
// see N°1835 : when using file transaction_id on Windows you get *.tmp tokens
|
case 'transaction_id':
|
||||||
// it must be included at the regexp beginning otherwise you'll get an invalid character error
|
// same as parameter type but keep the dot character
|
||||||
$retValue = filter_var($value, FILTER_VALIDATE_REGEXP,
|
// see N°1835 : when using file transaction_id on Windows you get *.tmp tokens
|
||||||
array("options" => array("regexp" => '/^[\. A-Za-z0-9_=-]*$/')));
|
// it must be included at the regexp beginning otherwise you'll get an invalid character error
|
||||||
break;
|
$retValue = filter_var($value, FILTER_VALIDATE_REGEXP,
|
||||||
|
array("options" => array("regexp" => '/^[\. A-Za-z0-9_=-]*$/')));
|
||||||
|
break;
|
||||||
|
|
||||||
case 'parameter':
|
case 'parameter':
|
||||||
$retValue = filter_var($value, FILTER_VALIDATE_REGEXP,
|
$retValue = filter_var($value, FILTER_VALIDATE_REGEXP,
|
||||||
array("options" => array("regexp" => '/^[ A-Za-z0-9_=-]*$/'))); // the '=', '%3D, '%2B', '%2F'
|
array("options" => array("regexp" => '/^[ A-Za-z0-9_=-]*$/'))); // the '=', '%3D, '%2B', '%2F'
|
||||||
// characters are used in serialized filters (starting 2.5, only the url encoded versions are presents, but the "=" is kept for BC)
|
// characters are used in serialized filters (starting 2.5, only the url encoded versions are presents, but the "=" is kept for BC)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'field_name':
|
case 'field_name':
|
||||||
$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>'/^[A-Za-z0-9_]+(->[A-Za-z0-9_]+)*$/'))); // att_code or att_code->name or AttCode->Name or AttCode->Key2->Name
|
$retValue = filter_var($value, FILTER_VALIDATE_REGEXP,
|
||||||
break;
|
array("options" => array("regexp" => '/^[A-Za-z0-9_]+(->[A-Za-z0-9_]+)*$/'))); // att_code or att_code->name or AttCode->Name or AttCode->Key2->Name
|
||||||
|
break;
|
||||||
case 'context_param':
|
|
||||||
$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>'/^[ A-Za-z0-9_=%:+-]*$/')));
|
case 'context_param':
|
||||||
break;
|
$retValue = filter_var($value, FILTER_VALIDATE_REGEXP,
|
||||||
|
array("options" => array("regexp" => '/^[ A-Za-z0-9_=%:+-]*$/')));
|
||||||
|
break;
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
break;
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
default:
|
||||||
case 'raw_data':
|
case 'raw_data':
|
||||||
$retValue = $value;
|
$retValue = $value;
|
||||||
// Do nothing
|
// Do nothing
|
||||||
}
|
}
|
||||||
return $retValue;
|
|
||||||
|
return $retValue;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user