Sanatize.php, FillStoreForm.php, Constants.php: Preparation to throw more...

Sanatize.php, FillStoreForm.php, Constants.php: Preparation to throw more detailed exception for misconfigured min|max values - code not enabled. Support.php: date format extended to accept yyyy-mm-dd too.

Sanatize.php, FillStoreForm.php, Constants.php: Preparation to throw more...
Sanatize.php, FillStoreForm.php, Constants.php: Preparation to throw more detailed exception for misconfigured min|max values - code not enabled. Support.php: date format extended to accept yyyy-mm-dd too.
5bf19ee3 · Carsten Rose · a0f29185 · 5bf19ee3 · 5bf19ee3 · 5bf19ee3
Commit 5bf19ee3 authored Apr 18, 2016 by Carsten Rose
--- a/extension/qfq/qfq/Constants.php
+++ b/extension/qfq/qfq/Constants.php
@@ -128,6 +128,7 @@ const ERROR_INVALID_OR_MISSING_PARAMETER = 1050;
 const ERROR_UNKNOWN_SQL_LOG_MODE = 1051;
 const ERROR_FORM_NOT_FOUND = 1052;
 const ERROR_DATE_TIME_FORMAT_NOT_RECOGNISED = 1053;
+const ERROR_SANATIZE_INVALID_VALUE = 1054;

 // Store
 const ERROR_STORE_VALUE_ALREADY_CODPIED = 1100;
@@ -347,7 +348,11 @@ const PARAM_T3_NO_ID = "t3 no id";
 const FLAG_ALL = 'flagAll';
 const FLAG_DYNAMIC_UPDATE = 'flagDynamicUpdate';

-
 const QUERY_TYPE_SELECT = 'type: select,show,describe,explain';
 const QUERY_TYPE_INSERT = 'type: insert';
-const QUERY_TYPE_UPDATE = 'type: update,replace,delete';
\ No newline at end of file
+const QUERY_TYPE_UPDATE = 'type: update,replace,delete';
+
+//Regexp
+const REGEXP_DATE_INT = '^\d{4}-\d{2}-\d{2}$';
+const REGEXP_DATE_GER = '^\d{1,2}\.\d{1,2}\.\d{2}(\d{2})?$';
+const REGEXP_TIME = '^\d{1,2}:\d{1,2}(:\d{1,2})?$';
\ No newline at end of file
--- a/extension/qfq/qfq/helper/Sanitize.php
+++ b/extension/qfq/qfq/helper/Sanitize.php
@@ -9,9 +9,12 @@
 namespace qfq;

 use qfq;
-use qfq\CodeException;
+
+//use qfq\CodeException;
+//use qfq\UserFormException;

 require_once(__DIR__ . '/../../qfq/Constants.php');
+//require_once(__DIR__ . '/../exceptions/UserFormException.php');

 /**
 * Class Sanitize
@@ -40,8 +43,8 @@ class Sanitize {
        $pattern = '';
        $minMax = array();
        $valueCompare = '';
-        $errorText = "Value $value violates checkrule " . $sanatizeClass . " with pattern '$pattern'.";
        $errorCode = 0;
+        $errorText = '';

        // Prepare MIN|MAX
        switch ($sanatizeClass) {
@@ -52,9 +55,23 @@ class Sanitize {

            case SANITIZE_ALLOW_MIN_MAX_DATE:
                $minMax = explode('|', $patternOrRange);
+
+                //TODO: hier sollten die Exceptions abgefangen werden um zwei unterschiedliche Fehlermeldungen ausgeben zu koenenn:
+                // a) der Value verletzt die Datumsgrenzen
+                // b) die Definition der Grenzen ist buggy
+//                try {
                $valueCompare = Support::dateTime2mysql($value);
+//                } catch (UserFormException $e) {
+//                    throw new UserFormException("Date or time not recognized '" . $value . "' - " . $e->formatMessage(), ERROR_SANATIZE_INVALID_VALUE);
+//                }
+
+//                try {
                $minMax[0] = Support::dateTime2mysql($minMax[0]);
                $minMax[1] = Support::dateTime2mysql($minMax[1]);
+//                } catch  (UserFormException $e) {
+//                    throw new UserFormException("Date or time of min|max definition not recognized '" . $patternOrRange . "' - " . $e->formatMessage(), ERROR_SANATIZE_INVALID_VALUE);
+//                }
+
                break;

            default:
@@ -104,6 +121,8 @@ class Sanitize {
        }

        if ($mode === SANATIZE_EXCEPTION) {
+            if ($errorText === '')
+                $errorText = "Value '$value' violates checkrule " . $sanatizeClass . " with pattern '$pattern'.";
            throw new UserFormException($errorText, $errorCode);
        }

@@ -114,7 +133,8 @@ class Sanitize {
    /**
     * @return array
     */
-    public static function inputCheckPatternArray() {
+    public
+    static function inputCheckPatternArray() {
        //EMail Regex: http://www.regular-expressions.info/email.html
        return [
            SANITIZE_ALLOW_ALNUMX => '^[@\-_\.,;: \/\(\)[:alnum:]]*$',

--- a/extension/qfq/qfq/helper/Support.php
+++ b/extension/qfq/qfq/helper/Support.php
@@ -8,6 +8,7 @@

 namespace qfq;

+require_once(__DIR__ . '/../Constants.php');
 require_once(__DIR__ . '/Sanitize.php');

 class Support {
@@ -142,16 +143,21 @@ class Support {
        $dateRaw = '';
        $timeRaw = '';

+
+//        const REGEXP_DATE_INT_ = '^\d{2,4}-\d{2}-\d{2}$';
+//        const REGEXP_DATE_GER = '^\d{1,2}\.\d{1,2}\.\d{2}(\d{2})?$';
+//        const REGEXP_TIME = '^\d{1,2}:\d{1,2}(:\d{1,2})?$';
+
        $tmpArr = explode(' ', $dateTimeString);
        switch (count($tmpArr)) {
            case 0:
                return '';

            case 1:
-                if (strpos($tmpArr[0], '.') === false) {
-                    $timeRaw = $tmpArr[0];
-                } else {
+                if (strpos($tmpArr[0], ':') === false) {
                    $dateRaw = $tmpArr[0];
+                } else {
+                    $timeRaw = $tmpArr[0];
                }
                break;

@@ -168,18 +174,33 @@ class Support {
        if ($dateRaw === '') {
            $date = '0000-00-00';
        } else {
-            $tmpArr = explode('.', $dateRaw);
-            if ($tmpArr[2] < 70) {
-                $tmpArr[2] = 2000 + $tmpArr[2];
-            } elseif ($tmpArr[2] < 100) {
-                $tmpArr[2] = 1900 + $tmpArr[2];
+            // International format: YYYY-MM-DD
+            if (preg_match("/" . REGEXP_DATE_INT . "/", $dateRaw) === 1) {
+                $date = $dateRaw;
+
+                // German format: 1.1.01 - 11.12.1234
+            } elseif (preg_match("/" . REGEXP_DATE_GER . "/", $dateRaw) === 1) {
+                $tmpArr = explode('.', $dateRaw);
+
+                if ($tmpArr[2] < 70) {
+                    $tmpArr[2] = 2000 + $tmpArr[2];
+                } elseif ($tmpArr[2] < 100) {
+                    $tmpArr[2] = 1900 + $tmpArr[2];
+                }
+                $date = sprintf("%04d-%02d-%02d", $tmpArr[2], $tmpArr[1], $tmpArr[0]);
+
+            } else {
+                throw new UserFormException('Date/time format not recognised.', ERROR_DATE_TIME_FORMAT_NOT_RECOGNISED);
            }
-            $date = sprintf("%04d-%02d-%02d", $tmpArr[2], $tmpArr[1], $tmpArr[0]);
        }

        if ($timeRaw === '') {
            $time = '00:00:00';
        } else {
+            if (preg_match("/" . REGEXP_TIME . "/", $timeRaw) !== 1) {
+                throw new UserFormException('Date/time format not recognised.', ERROR_DATE_TIME_FORMAT_NOT_RECOGNISED);
+            }
+
            $tmpArr = explode(':', $timeRaw);
            switch (count($tmpArr)) {
                case 2:

--- a/extension/qfq/qfq/store/FillStoreForm.php
+++ b/extension/qfq/qfq/store/FillStoreForm.php
@@ -115,11 +115,18 @@ class FillStoreForm {
                            $clientValues[$clientFieldName] = implode(',', $clientValues[$clientFieldName]);
                        }

+                        try {
 //                $newValues[$formElement['name']] = $this->validateValue($formElement, $clientValues[$clientFieldName]);
-                        $newValues[$formElement['name']] = Sanitize::sanitize($clientValues[$clientFieldName], $formElement['checkType'], $formElement['checkPattern'], SANATIZE_EXCEPTION);
+                            $newValues[$formElement['name']] = Sanitize::sanitize($clientValues[$clientFieldName],
+                                $formElement['checkType'], $formElement['checkPattern'], SANATIZE_EXCEPTION);
+                        } catch (UserFormException $e) {
+                            throw new UserFormException("Form element '" . $formElement['name'] . ' / ' .
+                                $formElement['label'] . "': " . $e->formatMessage(), SANATIZE_EXCEPTION);
+                        }
                    } else {
                        if ($formElement['mode'] === FE_MODE_REQUIRED) {
-                            throw new UserFormException("Missing required value for '" . $formElement['name'] . ' / ' . $formElement['label'] . "'", ERROR_UNKNOWN_MODE);
+                            throw new UserFormException("Missing required value for '" . $formElement['name'] . ' / ' .
+                                $formElement['label'] . "'", ERROR_UNKNOWN_MODE);
                        }
                    }
                    break;

--- a/extension/qfq/tests/phpunit/SupportTest.php
+++ b/extension/qfq/tests/phpunit/SupportTest.php
@@ -104,12 +104,16 @@ class SupportTest extends \PHPUnit_Framework_TestCase {
    public function testDateTime2mysql() {

        // date
+        $this->assertEquals('0000-00-00 00:00:00', Support::dateTime2mysql(''));
+
        $this->assertEquals('2069-12-31 00:00:00', Support::dateTime2mysql('31.12.69'));
        $this->assertEquals('1970-01-01 00:00:00', Support::dateTime2mysql('1.1.70'));
        $this->assertEquals('1999-02-01 00:00:00', Support::dateTime2mysql('01.02.99'));
        $this->assertEquals('2079-02-01 00:00:00', Support::dateTime2mysql('1.2.2079'));
        $this->assertEquals('2079-02-01 00:00:00', Support::dateTime2mysql('01.02.2079'));

+        $this->assertEquals('1234-01-02 00:00:00', Support::dateTime2mysql('1234-01-02'));
+
        // time
        $this->assertEquals('0000-00-00 03:04:00', Support::dateTime2mysql('3:4'));
        $this->assertEquals('0000-00-00 03:04:00', Support::dateTime2mysql('03:04'));
@@ -121,6 +125,169 @@ class SupportTest extends \PHPUnit_Framework_TestCase {
        // date time
        $this->assertEquals('2069-02-01 01:02:00', Support::dateTime2mysql('1.2.69 1:2'));
        $this->assertEquals('2016-12-31 23:48:59', Support::dateTime2mysql('31.12.2016 23:48:59'));
+        $this->assertEquals('2016-12-31 23:48:59', Support::dateTime2mysql('2016-12-31 23:48:59'));
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException01() {
+        Support::dateTime2mysql('1');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException02() {
+        Support::dateTime2mysql('1.');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException03() {
+        Support::dateTime2mysql('1.1');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException04() {
+        Support::dateTime2mysql('1.1.');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException05() {
+        Support::dateTime2mysql('1.1.1');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException06() {
+        Support::dateTime2mysql('1.1.1.');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException07() {
+        Support::dateTime2mysql('1.1.1.1');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException08() {
+        Support::dateTime2mysql('123.1.11');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException09() {
+        Support::dateTime2mysql('1.123.11');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException10() {
+        Support::dateTime2mysql('1.1.123');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException11() {
+        Support::dateTime2mysql('1.1.12345');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException12() {
+        Support::dateTime2mysql('1-01-01');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException13() {
+        Support::dateTime2mysql('12-01-01');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException14() {
+        Support::dateTime2mysql('123-01-01');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException15() {
+        Support::dateTime2mysql('12345-01-01');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException16() {
+        Support::dateTime2mysql('1234-1-01');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException17() {
+        Support::dateTime2mysql('1234-01-1');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException18() {
+        Support::dateTime2mysql('1:');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException19() {
+        Support::dateTime2mysql('1:1:');
+    }
+
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException20() {
+        Support::dateTime2mysql('1:1:1:1');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException21() {
+        Support::dateTime2mysql('123:1:1');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException22() {
+        Support::dateTime2mysql('1:123:1');
+    }
+
+    /**
+     * @expectedException \qfq\UserFormException
+     */
+    public function testDateTime2mysqlException23() {
+        Support::dateTime2mysql('1:1:123');
    }

    public function testEncryptDoubleCurlyBraces() {