Commit 5bf19ee3 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Sanatize.php, FillStoreForm.php, Constants.php: Preparation to throw more...

Sanatize.php, FillStoreForm.php, Constants.php: Preparation to throw more detailed exception for misconfigured min|max values - code not enabled.
Support.php: date format extended to accept yyyy-mm-dd too.
parent a0f29185
......@@ -128,6 +128,7 @@ const ERROR_INVALID_OR_MISSING_PARAMETER = 1050;
const ERROR_UNKNOWN_SQL_LOG_MODE = 1051;
const ERROR_FORM_NOT_FOUND = 1052;
const ERROR_DATE_TIME_FORMAT_NOT_RECOGNISED = 1053;
const ERROR_SANATIZE_INVALID_VALUE = 1054;
// Store
const ERROR_STORE_VALUE_ALREADY_CODPIED = 1100;
......@@ -347,7 +348,11 @@ const PARAM_T3_NO_ID = "t3 no id";
const FLAG_ALL = 'flagAll';
const FLAG_DYNAMIC_UPDATE = 'flagDynamicUpdate';
const QUERY_TYPE_SELECT = 'type: select,show,describe,explain';
const QUERY_TYPE_INSERT = 'type: insert';
const QUERY_TYPE_UPDATE = 'type: update,replace,delete';
\ No newline at end of file
const QUERY_TYPE_UPDATE = 'type: update,replace,delete';
//Regexp
const REGEXP_DATE_INT = '^\d{4}-\d{2}-\d{2}$';
const REGEXP_DATE_GER = '^\d{1,2}\.\d{1,2}\.\d{2}(\d{2})?$';
const REGEXP_TIME = '^\d{1,2}:\d{1,2}(:\d{1,2})?$';
\ No newline at end of file
......@@ -9,9 +9,12 @@
namespace qfq;
use qfq;
use qfq\CodeException;
//use qfq\CodeException;
//use qfq\UserFormException;
require_once(__DIR__ . '/../../qfq/Constants.php');
//require_once(__DIR__ . '/../exceptions/UserFormException.php');
/**
* Class Sanitize
......@@ -40,8 +43,8 @@ class Sanitize {
$pattern = '';
$minMax = array();
$valueCompare = '';
$errorText = "Value $value violates checkrule " . $sanatizeClass . " with pattern '$pattern'.";
$errorCode = 0;
$errorText = '';
// Prepare MIN|MAX
switch ($sanatizeClass) {
......@@ -52,9 +55,23 @@ class Sanitize {
case SANITIZE_ALLOW_MIN_MAX_DATE:
$minMax = explode('|', $patternOrRange);
//TODO: hier sollten die Exceptions abgefangen werden um zwei unterschiedliche Fehlermeldungen ausgeben zu koenenn:
// a) der Value verletzt die Datumsgrenzen
// b) die Definition der Grenzen ist buggy
// try {
$valueCompare = Support::dateTime2mysql($value);
// } catch (UserFormException $e) {
// throw new UserFormException("Date or time not recognized '" . $value . "' - " . $e->formatMessage(), ERROR_SANATIZE_INVALID_VALUE);
// }
// try {
$minMax[0] = Support::dateTime2mysql($minMax[0]);
$minMax[1] = Support::dateTime2mysql($minMax[1]);
// } catch (UserFormException $e) {
// throw new UserFormException("Date or time of min|max definition not recognized '" . $patternOrRange . "' - " . $e->formatMessage(), ERROR_SANATIZE_INVALID_VALUE);
// }
break;
default:
......@@ -104,6 +121,8 @@ class Sanitize {
}
if ($mode === SANATIZE_EXCEPTION) {
if ($errorText === '')
$errorText = "Value '$value' violates checkrule " . $sanatizeClass . " with pattern '$pattern'.";
throw new UserFormException($errorText, $errorCode);
}
......@@ -114,7 +133,8 @@ class Sanitize {
/**
* @return array
*/
public static function inputCheckPatternArray() {
public
static function inputCheckPatternArray() {
//EMail Regex: http://www.regular-expressions.info/email.html
return [
SANITIZE_ALLOW_ALNUMX => '^[@\-_\.,;: \/\(\)[:alnum:]]*$',
......
......@@ -8,6 +8,7 @@
namespace qfq;
require_once(__DIR__ . '/../Constants.php');
require_once(__DIR__ . '/Sanitize.php');
class Support {
......@@ -142,16 +143,21 @@ class Support {
$dateRaw = '';
$timeRaw = '';
// const REGEXP_DATE_INT_ = '^\d{2,4}-\d{2}-\d{2}$';
// const REGEXP_DATE_GER = '^\d{1,2}\.\d{1,2}\.\d{2}(\d{2})?$';
// const REGEXP_TIME = '^\d{1,2}:\d{1,2}(:\d{1,2})?$';
$tmpArr = explode(' ', $dateTimeString);
switch (count($tmpArr)) {
case 0:
return '';
case 1:
if (strpos($tmpArr[0], '.') === false) {
$timeRaw = $tmpArr[0];
} else {
if (strpos($tmpArr[0], ':') === false) {
$dateRaw = $tmpArr[0];
} else {
$timeRaw = $tmpArr[0];
}
break;
......@@ -168,18 +174,33 @@ class Support {
if ($dateRaw === '') {
$date = '0000-00-00';
} else {
$tmpArr = explode('.', $dateRaw);
if ($tmpArr[2] < 70) {
$tmpArr[2] = 2000 + $tmpArr[2];
} elseif ($tmpArr[2] < 100) {
$tmpArr[2] = 1900 + $tmpArr[2];
// International format: YYYY-MM-DD
if (preg_match("/" . REGEXP_DATE_INT . "/", $dateRaw) === 1) {
$date = $dateRaw;
// German format: 1.1.01 - 11.12.1234
} elseif (preg_match("/" . REGEXP_DATE_GER . "/", $dateRaw) === 1) {
$tmpArr = explode('.', $dateRaw);
if ($tmpArr[2] < 70) {
$tmpArr[2] = 2000 + $tmpArr[2];
} elseif ($tmpArr[2] < 100) {
$tmpArr[2] = 1900 + $tmpArr[2];
}
$date = sprintf("%04d-%02d-%02d", $tmpArr[2], $tmpArr[1], $tmpArr[0]);
} else {
throw new UserFormException('Date/time format not recognised.', ERROR_DATE_TIME_FORMAT_NOT_RECOGNISED);
}
$date = sprintf("%04d-%02d-%02d", $tmpArr[2], $tmpArr[1], $tmpArr[0]);
}
if ($timeRaw === '') {
$time = '00:00:00';
} else {
if (preg_match("/" . REGEXP_TIME . "/", $timeRaw) !== 1) {
throw new UserFormException('Date/time format not recognised.', ERROR_DATE_TIME_FORMAT_NOT_RECOGNISED);
}
$tmpArr = explode(':', $timeRaw);
switch (count($tmpArr)) {
case 2:
......
......@@ -115,11 +115,18 @@ class FillStoreForm {
$clientValues[$clientFieldName] = implode(',', $clientValues[$clientFieldName]);
}
try {
// $newValues[$formElement['name']] = $this->validateValue($formElement, $clientValues[$clientFieldName]);
$newValues[$formElement['name']] = Sanitize::sanitize($clientValues[$clientFieldName], $formElement['checkType'], $formElement['checkPattern'], SANATIZE_EXCEPTION);
$newValues[$formElement['name']] = Sanitize::sanitize($clientValues[$clientFieldName],
$formElement['checkType'], $formElement['checkPattern'], SANATIZE_EXCEPTION);
} catch (UserFormException $e) {
throw new UserFormException("Form element '" . $formElement['name'] . ' / ' .
$formElement['label'] . "': " . $e->formatMessage(), SANATIZE_EXCEPTION);
}
} else {
if ($formElement['mode'] === FE_MODE_REQUIRED) {
throw new UserFormException("Missing required value for '" . $formElement['name'] . ' / ' . $formElement['label'] . "'", ERROR_UNKNOWN_MODE);
throw new UserFormException("Missing required value for '" . $formElement['name'] . ' / ' .
$formElement['label'] . "'", ERROR_UNKNOWN_MODE);
}
}
break;
......
......@@ -104,12 +104,16 @@ class SupportTest extends \PHPUnit_Framework_TestCase {
public function testDateTime2mysql() {
// date
$this->assertEquals('0000-00-00 00:00:00', Support::dateTime2mysql(''));
$this->assertEquals('2069-12-31 00:00:00', Support::dateTime2mysql('31.12.69'));
$this->assertEquals('1970-01-01 00:00:00', Support::dateTime2mysql('1.1.70'));
$this->assertEquals('1999-02-01 00:00:00', Support::dateTime2mysql('01.02.99'));
$this->assertEquals('2079-02-01 00:00:00', Support::dateTime2mysql('1.2.2079'));
$this->assertEquals('2079-02-01 00:00:00', Support::dateTime2mysql('01.02.2079'));
$this->assertEquals('1234-01-02 00:00:00', Support::dateTime2mysql('1234-01-02'));
// time
$this->assertEquals('0000-00-00 03:04:00', Support::dateTime2mysql('3:4'));
$this->assertEquals('0000-00-00 03:04:00', Support::dateTime2mysql('03:04'));
......@@ -121,6 +125,169 @@ class SupportTest extends \PHPUnit_Framework_TestCase {
// date time
$this->assertEquals('2069-02-01 01:02:00', Support::dateTime2mysql('1.2.69 1:2'));
$this->assertEquals('2016-12-31 23:48:59', Support::dateTime2mysql('31.12.2016 23:48:59'));
$this->assertEquals('2016-12-31 23:48:59', Support::dateTime2mysql('2016-12-31 23:48:59'));
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException01() {
Support::dateTime2mysql('1');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException02() {
Support::dateTime2mysql('1.');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException03() {
Support::dateTime2mysql('1.1');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException04() {
Support::dateTime2mysql('1.1.');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException05() {
Support::dateTime2mysql('1.1.1');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException06() {
Support::dateTime2mysql('1.1.1.');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException07() {
Support::dateTime2mysql('1.1.1.1');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException08() {
Support::dateTime2mysql('123.1.11');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException09() {
Support::dateTime2mysql('1.123.11');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException10() {
Support::dateTime2mysql('1.1.123');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException11() {
Support::dateTime2mysql('1.1.12345');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException12() {
Support::dateTime2mysql('1-01-01');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException13() {
Support::dateTime2mysql('12-01-01');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException14() {
Support::dateTime2mysql('123-01-01');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException15() {
Support::dateTime2mysql('12345-01-01');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException16() {
Support::dateTime2mysql('1234-1-01');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException17() {
Support::dateTime2mysql('1234-01-1');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException18() {
Support::dateTime2mysql('1:');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException19() {
Support::dateTime2mysql('1:1:');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException20() {
Support::dateTime2mysql('1:1:1:1');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException21() {
Support::dateTime2mysql('123:1:1');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException22() {
Support::dateTime2mysql('1:123:1');
}
/**
* @expectedException \qfq\UserFormException
*/
public function testDateTime2mysqlException23() {
Support::dateTime2mysql('1:1:123');
}
public function testEncryptDoubleCurlyBraces() {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment