Commit 3b6d6b2a authored by Carsten  Rose's avatar Carsten Rose
Browse files

Store.php, Sanatize.php: move function normalizeArray() from Store to...

Store.php, Sanatize.php: move function normalizeArray() from Store to Sanatize. Implemented Unittests
parent 0f4e051b
......@@ -177,5 +177,31 @@ class Sanitize {
return preg_replace($search, $replace, $filename);
} // safeFilename()
/**
* Iterates over all elements of the given array and normalize the input. Only strings will be normalized.
* Sub arrays will be recursive normalized. Skip numeric content.
* Throws an exception for everything else.
*
* It's important to normalize the user input: e.g. someone is searching for a record and input the search string
* with composed characters.
*
* @param array $arr
* @return array
* @throws \qfq\CodeException
*/
public static function normalizeArray(array $arr) {
foreach ($arr as $key => $value) {
if (is_string($value)) {
$value = \normalizer::normalize($value);
} elseif (is_array($value)) {
$value = self::normalizeArray($value);
} elseif (!is_numeric($value)) {
throw new qfq\CodeException ("Expect type 'string / numeric / array' - but there is something else.", ERROR_UNEXPECTED_TYPE);
}
$arr[$key] = $value;
}
return $arr;
}
}
\ No newline at end of file
......@@ -386,39 +386,11 @@ class Store {
if (isset($_SERVER))
$arr = array_merge($arr, $_SERVER);
$arr = self::normalizeArray($arr);
$arr = \qfq\Sanitize::normalizeArray($arr);
self::setVarArray($arr, STORE_CLIENT, true);
}
/**
* Iterates over all elements of the given array and normalize the input. Only strings will be normalized.
* Skip numeric content and throw an exception for everything else.
*
* It's important to normalize the user input: e.g. someone is searching for a record and input the search string
* with compositons characters.
*
* @param array $arr
* @return array
* @throws \qfq\CodeException
*/
private function normalizeArray(array $arr) {
foreach ($arr as $key => $value) {
if (is_string($value)) {
$arr[$key] = \normalizer::normalize($value);
} else {
// Check of HTTP_ACCEPT_ENCODING is only to detect if phpUnit is running.
// if (isset($_SERVER['HTTP_ACCEPT_ENCODING']) && !is_numeric($value)) {
if ($key != 'argv' && !is_numeric($value)) {
throw new qfq\CodeException ("Expect type 'string' - " . print_r($arr), ERROR_UNEXPECTED_TYPE);
}
}
}
return $arr;
}
/**
* Fills the STORE_SIP. Reads therefore specified SIP, decode the values and stores them in STORE_SIP.
*
......
......@@ -265,4 +265,38 @@ class SanitizeTest extends \PHPUnit_Framework_TestCase {
public function testSanitizeExceptionCheckFailed() {
Sanitize::sanitize('string', SANITIZE_ALLOW_DIGIT, '', SANATIZE_EXCEPTION);
}
/**
* Test string, numeric, array, subarray
*
* @throws CodeException
*/
public function testNormalizeArray() {
$arr = ['key a' => 'value a',
'key b' => 'value b',
'key c' => 'value c',
'key d' => 123.4567,
];
// create a subarray
$arr['sub'] = $arr;
// create a sub subarray
$arr['subsub'] = $arr;
$this->assertEquals($arr, Sanitize::normalizeArray($arr), 'Check string, numeric, array, subarray');
// Nothing changed
$char_A_ring = "\xC3\x85"; // 'LATIN CAPITAL LETTER A WITH RING ABOVE' (U+00C5)
$this->assertEquals($char_A_ring, Sanitize::normalizeArray($char_A_ring), "'A' with ring above");
// Convert "\xCC\x8A" to "\xC3\x85"
$char_combining_ring_above = "\xCC\x8A"; // 'COMBINING RING ABOVE' (U+030A)
$this->assertEquals($char_A_ring, Sanitize::normalizeArray($char_combining_ring_above), "Combined 'A' with ring above");
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment