Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
typo3
qfq
Commits
317d1ff6
Commit
317d1ff6
authored
Feb 01, 2018
by
Elias Villiger
Browse files
Feature #4542 - Add decimalFormat server-side pattern check
parent
13079a52
Changes
3
Hide whitespace changes
Inline
Side-by-side
extension/qfq/qfq/AbstractBuildForm.php
View file @
317d1ff6
...
...
@@ -1378,13 +1378,13 @@ abstract class AbstractBuildForm {
* Construct HTML Input attribute for Client Validation:
*
* type data result
* ------- -----------------------
*
------------------------------------------------------------------------------- min|max <min value>|<max
*
value> min="$attrData[0]"|max="$attrData[1]" pattern <regexp>
pattern="
$data" digit
* - pattern="^[
0-9]*$" email -
*
pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$"
alnumx -
* ------- -----------------------
----------------------------------------------------------------
*
pattern <regexp> pattern="$data"
*
digit -
pattern="
^[0-9]*$"
*
email
- pattern="^[
_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$"
* alnumx -
*
* For
'min/max' and
'pattern' the 'data' will be injected in the attribute string via '%s'.
* For 'pattern' the 'data' will be injected in the attribute string via '%s'.
*
* @param string $type
* @param string $data
...
...
@@ -1642,6 +1642,44 @@ abstract class AbstractBuildForm {
return
$items
;
}
/**
* Get the size and decimal-point precision of a number from the table definition.
* Returns an array with the first item being the size, the second item being the precision.
* Returns null when no info found.
*
* @param string $column
*
* @return array
*/
private
function
getDecimalSize
(
$column
)
{
// Get column definition
$fieldTypeDefinition
=
$this
->
store
->
getVar
(
$column
,
STORE_TABLE_COLUMN_TYPES
);
if
(
$fieldTypeDefinition
===
false
)
return
null
;
// not part of the table definition
$fieldTypeInfoArray
=
preg_split
(
"/[()]/"
,
$fieldTypeDefinition
);
switch
(
$fieldTypeInfoArray
[
0
])
{
case
'decimal'
:
case
'float'
:
case
'double'
:
case
'real'
:
$sizeAndPrecision
=
explode
(
","
,
$fieldTypeInfoArray
[
1
]);
return
[
$sizeAndPrecision
[
0
],
$sizeAndPrecision
[
1
]
];
case
'int'
:
case
'tinyint'
:
case
'smallint'
:
case
'mediumint'
:
case
'bigint'
:
return
[
$fieldTypeInfoArray
[
1
],
0
];
default
:
return
null
;
}
}
/**
* For CheckBox's with only one checkbox: if no parameter:checked|unchecked is defined, take defaults:
*
...
...
extension/qfq/qfq/Constants.php
View file @
317d1ff6
...
...
@@ -858,6 +858,7 @@ const FE_PLACEHOLDER = 'placeholder';
// FormElement columns: via parameter field
const
FE_DATE_FORMAT
=
'dateFormat'
;
// value: FORMAT_DATE_INTERNATIONAL | FORMAT_DATE_GERMAN
const
FE_DECIMAL_FORMAT
=
'decimalFormat'
;
// value: 10,2
const
FE_SHOW_SECONDS
=
'showSeconds'
;
// value: 0|1
const
FE_SHOW_ZERO
=
'showZero'
;
// 0|1 - Used for 'date/datime/time': in case of fe.value='0' shows corresponding '00-00-0000'|'00:00:00'
const
FE_HIDE_ZERO
=
'hideZero'
;
// 0|1 - In case of fe.value=0|'0', an empty string is shown.
...
...
extension/qfq/qfq/helper/Sanitize.php
View file @
317d1ff6
...
...
@@ -34,13 +34,14 @@ class Sanitize {
* @param string $value value to check
* @param string $sanitizeClass
* @param string $pattern Pattern as regexp
* @param array $decimalFormat with [ size, precision ]
* @param string $mode SANITIZE_EXCEPTION | SANITIZE_EMPTY_STRING
*
* @return string
* @throws UserFormException
* @throws \qfq\CodeException
*/
public
static
function
sanitize
(
$value
,
$sanitizeClass
=
SANITIZE_DEFAULT
,
$pattern
=
''
,
$mode
=
SANITIZE_EMPTY_STRING
)
{
public
static
function
sanitize
(
$value
,
$sanitizeClass
=
SANITIZE_DEFAULT
,
$pattern
=
''
,
$decimalFormat
=
null
,
$mode
=
SANITIZE_EMPTY_STRING
)
{
// Prepare pattern check
switch
(
$sanitizeClass
)
{
case
SANITIZE_ALLOW_PATTERN
:
...
...
@@ -62,6 +63,14 @@ class Sanitize {
throw
new
CodeException
(
"Unknown checkType: "
.
$sanitizeClass
,
ERROR_UNKNOWN_CHECKTYPE
);
}
// decimalFormat
if
(
$decimalFormat
!==
null
)
{
if
(
$sanitizeClass
!==
SANITIZE_ALLOW_PATTERN
&&
$sanitizeClass
!==
SANITIZE_ALLOW_DIGIT
)
{
// overwrite pattern
$pattern
=
getDecimalFormatPattern
(
$decimalFormat
);
}
}
// Pattern check
if
(
$pattern
===
''
||
preg_match
(
"/
$pattern
/"
,
$value
)
===
1
)
{
return
$value
;
...
...
@@ -115,6 +124,17 @@ class Sanitize {
return
''
;
}
/**
* Returns the regexp pattern to match a decimal number with the format in $decimalFormat.
*
* @param array $decimalFormat with [ size, precision ]
*
* @return string
*/
public
static
function
getDecimalFormatPattern
(
$decimalFormat
)
{
return
"^[0-9]
{
0,$decimalFormat[0]}(\.[0-9]{0,$decimalFormat[1]
}
)?$"
;
}
/**
* @return array
*/
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment