Commit 317d1ff6 authored by Elias Villiger's avatar Elias Villiger
Browse files

Feature #4542 - Add decimalFormat server-side pattern check

parent 13079a52
......@@ -1378,13 +1378,13 @@ abstract class AbstractBuildForm {
* Construct HTML Input attribute for Client Validation:
*
* type data result
* ------- -----------------------
* ------------------------------------------------------------------------------- min|max <min value>|<max
* value> min="$attrData[0]"|max="$attrData[1]" pattern <regexp> pattern="$data" digit
* - pattern="^[0-9]*$" email -
* pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$" alnumx -
* ------- ----------------------- ----------------------------------------------------------------
* pattern <regexp> pattern="$data"
* digit - pattern="^[0-9]*$"
* email - pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$"
* alnumx -
*
* For 'min/max' and 'pattern' the 'data' will be injected in the attribute string via '%s'.
* For 'pattern' the 'data' will be injected in the attribute string via '%s'.
*
* @param string $type
* @param string $data
......@@ -1642,6 +1642,44 @@ abstract class AbstractBuildForm {
return $items;
}
/**
* Get the size and decimal-point precision of a number from the table definition.
* Returns an array with the first item being the size, the second item being the precision.
* Returns null when no info found.
*
* @param string $column
*
* @return array
*/
private function getDecimalSize($column) {
// Get column definition
$fieldTypeDefinition = $this->store->getVar($column, STORE_TABLE_COLUMN_TYPES);
if ($fieldTypeDefinition === false)
return null; // not part of the table definition
$fieldTypeInfoArray = preg_split("/[()]/", $fieldTypeDefinition);
switch ($fieldTypeInfoArray[0]) {
case 'decimal':
case 'float':
case 'double':
case 'real':
$sizeAndPrecision = explode(",", $fieldTypeInfoArray[1]);
return [ $sizeAndPrecision[0], $sizeAndPrecision[1] ];
case 'int':
case 'tinyint':
case 'smallint':
case 'mediumint':
case 'bigint':
return [ $fieldTypeInfoArray[1], 0 ];
default:
return null;
}
}
/**
* For CheckBox's with only one checkbox: if no parameter:checked|unchecked is defined, take defaults:
*
......
......@@ -858,6 +858,7 @@ const FE_PLACEHOLDER = 'placeholder';
// FormElement columns: via parameter field
const FE_DATE_FORMAT = 'dateFormat'; // value: FORMAT_DATE_INTERNATIONAL | FORMAT_DATE_GERMAN
const FE_DECIMAL_FORMAT = 'decimalFormat'; // value: 10,2
const FE_SHOW_SECONDS = 'showSeconds'; // value: 0|1
const FE_SHOW_ZERO = 'showZero'; // 0|1 - Used for 'date/datime/time': in case of fe.value='0' shows corresponding '00-00-0000'|'00:00:00'
const FE_HIDE_ZERO = 'hideZero'; // 0|1 - In case of fe.value=0|'0', an empty string is shown.
......
......@@ -34,13 +34,14 @@ class Sanitize {
* @param string $value value to check
* @param string $sanitizeClass
* @param string $pattern Pattern as regexp
* @param array $decimalFormat with [ size, precision ]
* @param string $mode SANITIZE_EXCEPTION | SANITIZE_EMPTY_STRING
*
* @return string
* @throws UserFormException
* @throws \qfq\CodeException
*/
public static function sanitize($value, $sanitizeClass = SANITIZE_DEFAULT, $pattern = '', $mode = SANITIZE_EMPTY_STRING) {
public static function sanitize($value, $sanitizeClass = SANITIZE_DEFAULT, $pattern = '', $decimalFormat = null, $mode = SANITIZE_EMPTY_STRING) {
// Prepare pattern check
switch ($sanitizeClass) {
case SANITIZE_ALLOW_PATTERN:
......@@ -62,6 +63,14 @@ class Sanitize {
throw new CodeException("Unknown checkType: " . $sanitizeClass, ERROR_UNKNOWN_CHECKTYPE);
}
// decimalFormat
if ($decimalFormat !== null) {
if ($sanitizeClass !== SANITIZE_ALLOW_PATTERN && $sanitizeClass !== SANITIZE_ALLOW_DIGIT) {
// overwrite pattern
$pattern = getDecimalFormatPattern($decimalFormat);
}
}
// Pattern check
if ($pattern === '' || preg_match("/$pattern/", $value) === 1) {
return $value;
......@@ -115,6 +124,17 @@ class Sanitize {
return '';
}
/**
* Returns the regexp pattern to match a decimal number with the format in $decimalFormat.
*
* @param array $decimalFormat with [ size, precision ]
*
* @return string
*/
public static function getDecimalFormatPattern($decimalFormat) {
return "^[0-9]{0,$decimalFormat[0]}(\.[0-9]{0,$decimalFormat[1]})?$";
}
/**
* @return array
*/
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment