Sanitize.php

<?php
/**
 * Created by PhpStorm.
 * User: crose
 * Date: 1/2/16
 * Time: 10:57 PM
 */

namespace qfq;

use qfq;

//use qfq\CodeException;
//use qfq\UserFormException;

require_once(__DIR__ . '/../../qfq/Constants.php');
//require_once(__DIR__ . '/../exceptions/UserFormException.php');

/**
 * Class Sanitize
 * @package qfq
 */
class Sanitize {


    private function __construct() {
        // Class should never be instantiated
    }

    /**
     * Check $value against given checkType/pattern. If check succeed, returns values.
     *   If check fails, depending on $mode, throws an UserException or return an empty string.
     *
     * @param string $value value to check
     * @param string $sanitizeClass
     * @param string $pattern Pattern as regexp
     * @param array $decimalFormat with [ size, precision ]
     * @param string $mode SANITIZE_EXCEPTION | SANITIZE_EMPTY_STRING
     *
     * @return string
     * @throws UserFormException
     * @throws \qfq\CodeException
     */
    public static function sanitize($value, $sanitizeClass = SANITIZE_DEFAULT, $pattern = '', $decimalFormat = null, $mode = SANITIZE_EMPTY_STRING) {
        // Prepare pattern check
        switch ($sanitizeClass) {
            case SANITIZE_ALLOW_PATTERN:
                break;

            case SANITIZE_ALLOW_DIGIT:
            case SANITIZE_ALLOW_NUMERICAL:
            case SANITIZE_ALLOW_EMAIL:
            case SANITIZE_ALLOW_ALNUMX:
            case SANITIZE_ALLOW_ALLBUT:
                $arr = self::inputCheckPatternArray();
                $pattern = $arr[$sanitizeClass];
                break;

            case SANITIZE_ALLOW_ALL: // no checkType specified.
                return $value;

            default:
                throw new CodeException("Unknown checkType: " . $sanitizeClass, ERROR_UNKNOWN_CHECKTYPE);
        }

        // decimalFormat
        if ($decimalFormat !== null) {
            if ($sanitizeClass !== SANITIZE_ALLOW_PATTERN && $sanitizeClass !== SANITIZE_ALLOW_DIGIT) {
                // overwrite pattern
                $pattern = self::getDecimalFormatPattern($decimalFormat);
            }
        }

        // Pattern check
        if ($pattern === '' || preg_match("/$pattern/", $value) === 1) {
            return $value;
        }

        // check failed
        if ($mode === SANITIZE_EXCEPTION) {
            $errorCode = ERROR_PATTERN_VIOLATION;
            $errorText = "Value '$value' violates checkrule " . $sanitizeClass . " with pattern '$pattern'.";
            throw new UserFormException($errorText, $errorCode);
        }

        return SANITIZE_VIOLATE . $sanitizeClass . SANITIZE_VIOLATE;
    }

    /**
     * Check $value against $formElement's min/max values. If check succeeds, returns value.
     *   If check fails, depending on $mode, throws an UserException or return an empty string.
     *
     * @param string $value value to check
     * @param $formElement
     * @param string $mode SANITIZE_EXCEPTION | SANITIZE_EMPTY_STRING
     *
     * @return string
     * @throws UserFormException
     * @throws \qfq\CodeException
     */
    public static function checkMinMax($value, $formElement, $mode = SANITIZE_EMPTY_STRING) {
        $min = Support::setIfNotSet($formElement, FE_MIN);
        $max = Support::setIfNotSet($formElement, FE_MAX);
        $errorCode = 0;
        $errorText = '';

        if ($min !== '' && $value < $min) {
            $errorCode = ERROR_SMALLER_THAN_MIN;
            $errorText = "Value '$value' is smaller than the allowed minimum of '$min'.";
        }
        if ($max !== '' && $value > $max) {
            $errorCode = ERROR_LARGER_THAN_MAX;
            $errorText = "Value '$value' is larger than the allowed maximum of '$max'.";
        }

        if ($errorCode == 0)
            return $value;

        // check failed
        if ($mode === SANITIZE_EXCEPTION) {
            throw new UserFormException($errorText, $errorCode);
        }

        return '';
    }

    /**
     * Returns the regexp pattern to match a decimal number with the format in $decimalFormat.
     *
     * @param array $decimalFormat with [ size, precision ]
     *
     * @return string
     */
    public static function getDecimalFormatPattern($decimalFormat) {
        return "^[0-9]{0,$decimalFormat[0]}(\.[0-9]{0,$decimalFormat[1]})?$";
    }

    /**
     * @return array
     */
    public static function inputCheckPatternArray() {
        //EMail Regex: http://www.regular-expressions.info/email.html
        return [
            SANITIZE_ALLOW_ALNUMX => '^[@\-_\.,;: \/\(\)a-zA-Z0-9ÀÈÌÒÙàèìòùÁÉÍÓÚÝáéíóúýÂÊÎÔÛâêîôûÃÑÕãñõÄËÏÖÜŸäëïöüÿç]*$', // ':alnum:' does not work here in FF
            SANITIZE_ALLOW_DIGIT => '^[\d]*$',
            SANITIZE_ALLOW_NUMERICAL => '^[\d.+-]*$',
            SANITIZE_ALLOW_EMAIL => '^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$',
            SANITIZE_ALLOW_PATTERN => '',
            SANITIZE_ALLOW_ALLBUT => '^[^\[\]{}%&\\\\#]*$',
            SANITIZE_ALLOW_ALL => '.*',
        ];
    }

    /**
     * Sanatizes a filename. Copied from http://www.phpit.net/code/filename-safe/
     *
     * @param $filename
     *
     * @return mixed
     */
    public static function safeFilename($filename, $flagBaseName = false) {
        $search = array(
            // Definition of German Umlauts START
            '/ß/',
            '/ä/', '/Ä/',
            '/ö/', '/Ö/',
            '/ü/', '/Ü/',
            // Definition of German Umlauts ENDE
            '([^[:alnum:]._])' // Disallow 'none alphanumeric'. Allow dot or underscore.
        );

        $replace = array(
            'ss',
            'ae', 'Ae',
            'oe', 'Oe',
            'ue', 'Ue',
            '_',
        );

        if ($flagBaseName) {
            $filename = basename($filename);
        }

        return preg_replace($search, $replace, $filename);
    } // safeFilename()

    /**
     * htmlentities($data) - if $data is an array, convert it recursively.
     *
     * @param string|array $data
     * @param int $mode
     *
     * @return array|string
     */
    public static function htmlentitiesArr($data, $mode = ENT_QUOTES) {

        if (is_string($data)) {
            htmlentities($data, $mode);
        }

        if (is_array($data)) {
            foreach ($data as $key => $value) {
                $data[$key] = self::htmlentitiesArr($value, $mode);
            }
        }

        return $data;
    }

    /**
     * Take the given $item (or iterates over all elements of the given array) and normalize the content.
     * Only strings will be normalized. Sub arrays will be recursived normalized. Numeric content is skipped.
     * Throws an exception for unknown content.
     *
     * It's important to normalize the user input: e.g. someone is searching for a record and input the search string
     * with composed characters (happens e.g. on Apple Mac / Safari without special user invention).
     *
     * @param array|string $item
     *
     * @return array|string
     * @throws CodeException
     */
    public static function normalize($item) {

        if (is_array($item)) {
            foreach ($item as $key => $value) {
                $value = self::normalize($value);
                $item[$key] = $value;
            }
        } else {
            if (is_string($item)) {
                $item = \normalizer::normalize($item, \Normalizer::FORM_C);
            } elseif (!is_numeric($item)) {
                throw new qfq\CodeException ("Expect type 'string / numeric / array' - but there is something else.", ERROR_UNEXPECTED_TYPE);
            }
        }

        return $item;
    }

    /**
     * urlencode() any input and decode again. This normalizes all characters and guarantees that there are no more
     * urlencoded characters.
     *
     * @param array|string $item
     *
     * @return array|string
     * @throws CodeException
     */
    public static function urlDecodeArr($item) {

        if (is_array($item)) {
            foreach ($item as $key => $value) {
                $value = self::urlDecodeArr($value);
                $item[$key] = $value;
            }
        } else {
            if (is_string($item)) {
                $item = urldecode($item);
            } elseif (!is_numeric($item)) {
                throw new qfq\CodeException ("Expect type 'string / numeric / array' - but there is something else.", ERROR_UNEXPECTED_TYPE);
            }
        }

        return $item;

    }
}