diff --git a/extension/qfq/qfq/Constants.php b/extension/qfq/qfq/Constants.php
index 9db13459081ed33b55ba723fdd414836949c664b..72897ba0081dbe8f14a3055d2ed0fda0fa109fd9 100644
--- a/extension/qfq/qfq/Constants.php
+++ b/extension/qfq/qfq/Constants.php
@@ -128,6 +128,7 @@ const ERROR_INVALID_OR_MISSING_PARAMETER = 1050;
const ERROR_UNKNOWN_SQL_LOG_MODE = 1051;
const ERROR_FORM_NOT_FOUND = 1052;
const ERROR_DATE_TIME_FORMAT_NOT_RECOGNISED = 1053;
+const ERROR_SANATIZE_INVALID_VALUE = 1054;
// Store
const ERROR_STORE_VALUE_ALREADY_CODPIED = 1100;
@@ -347,7 +348,11 @@ const PARAM_T3_NO_ID = "t3 no id";
const FLAG_ALL = 'flagAll';
const FLAG_DYNAMIC_UPDATE = 'flagDynamicUpdate';
-
const QUERY_TYPE_SELECT = 'type: select,show,describe,explain';
const QUERY_TYPE_INSERT = 'type: insert';
-const QUERY_TYPE_UPDATE = 'type: update,replace,delete';
\ No newline at end of file
+const QUERY_TYPE_UPDATE = 'type: update,replace,delete';
+
+//Regexp
+const REGEXP_DATE_INT = '^\d{4}-\d{2}-\d{2}$';
+const REGEXP_DATE_GER = '^\d{1,2}\.\d{1,2}\.\d{2}(\d{2})?$';
+const REGEXP_TIME = '^\d{1,2}:\d{1,2}(:\d{1,2})?$';
\ No newline at end of file
diff --git a/extension/qfq/qfq/helper/Sanitize.php b/extension/qfq/qfq/helper/Sanitize.php
index ed1349d2762bb3f605e26472575e36bccf46592e..b59a3107d95c924272689b98d4b3ac11122b5507 100644
--- a/extension/qfq/qfq/helper/Sanitize.php
+++ b/extension/qfq/qfq/helper/Sanitize.php
@@ -9,9 +9,12 @@
namespace qfq;
use qfq;
-use qfq\CodeException;
+
+//use qfq\CodeException;
+//use qfq\UserFormException;
require_once(__DIR__ . '/../../qfq/Constants.php');
+//require_once(__DIR__ . '/../exceptions/UserFormException.php');
/**
* Class Sanitize
@@ -40,8 +43,8 @@ class Sanitize {
$pattern = '';
$minMax = array();
$valueCompare = '';
- $errorText = "Value $value violates checkrule " . $sanatizeClass . " with pattern '$pattern'.";
$errorCode = 0;
+ $errorText = '';
// Prepare MIN|MAX
switch ($sanatizeClass) {
@@ -52,9 +55,23 @@ class Sanitize {
case SANITIZE_ALLOW_MIN_MAX_DATE:
$minMax = explode('|', $patternOrRange);
+
+ //TODO: hier sollten die Exceptions abgefangen werden um zwei unterschiedliche Fehlermeldungen ausgeben zu koenenn:
+ // a) der Value verletzt die Datumsgrenzen
+ // b) die Definition der Grenzen ist buggy
+// try {
$valueCompare = Support::dateTime2mysql($value);
+// } catch (UserFormException $e) {
+// throw new UserFormException("Date or time not recognized '" . $value . "' - " . $e->formatMessage(), ERROR_SANATIZE_INVALID_VALUE);
+// }
+
+// try {
$minMax[0] = Support::dateTime2mysql($minMax[0]);
$minMax[1] = Support::dateTime2mysql($minMax[1]);
+// } catch (UserFormException $e) {
+// throw new UserFormException("Date or time of min|max definition not recognized '" . $patternOrRange . "' - " . $e->formatMessage(), ERROR_SANATIZE_INVALID_VALUE);
+// }
+
break;
default:
@@ -104,6 +121,8 @@ class Sanitize {
}
if ($mode === SANATIZE_EXCEPTION) {
+ if ($errorText === '')
+ $errorText = "Value '$value' violates checkrule " . $sanatizeClass . " with pattern '$pattern'.";
throw new UserFormException($errorText, $errorCode);
}
@@ -114,7 +133,8 @@ class Sanitize {
/**
* @return array
*/
- public static function inputCheckPatternArray() {
+ public
+ static function inputCheckPatternArray() {
//EMail Regex: http://www.regular-expressions.info/email.html
return [
SANITIZE_ALLOW_ALNUMX => '^[@\-_\.,;: \/\(\)[:alnum:]]*$',
diff --git a/extension/qfq/qfq/helper/Support.php b/extension/qfq/qfq/helper/Support.php
index d57833ef6be9540a9a0b2ff6db57066958c6f07d..ea8ec1d447d896b122d4aa6de454dae8668d5674 100644
--- a/extension/qfq/qfq/helper/Support.php
+++ b/extension/qfq/qfq/helper/Support.php
@@ -8,6 +8,7 @@
namespace qfq;
+require_once(__DIR__ . '/../Constants.php');
require_once(__DIR__ . '/Sanitize.php');
class Support {
@@ -142,16 +143,21 @@ class Support {
$dateRaw = '';
$timeRaw = '';
+
+// const REGEXP_DATE_INT_ = '^\d{2,4}-\d{2}-\d{2}$';
+// const REGEXP_DATE_GER = '^\d{1,2}\.\d{1,2}\.\d{2}(\d{2})?$';
+// const REGEXP_TIME = '^\d{1,2}:\d{1,2}(:\d{1,2})?$';
+
$tmpArr = explode(' ', $dateTimeString);
switch (count($tmpArr)) {
case 0:
return '';
case 1:
- if (strpos($tmpArr[0], '.') === false) {
- $timeRaw = $tmpArr[0];
- } else {
+ if (strpos($tmpArr[0], ':') === false) {
$dateRaw = $tmpArr[0];
+ } else {
+ $timeRaw = $tmpArr[0];
}
break;
@@ -168,18 +174,33 @@ class Support {
if ($dateRaw === '') {
$date = '0000-00-00';
} else {
- $tmpArr = explode('.', $dateRaw);
- if ($tmpArr[2] < 70) {
- $tmpArr[2] = 2000 + $tmpArr[2];
- } elseif ($tmpArr[2] < 100) {
- $tmpArr[2] = 1900 + $tmpArr[2];
+ // International format: YYYY-MM-DD
+ if (preg_match("/" . REGEXP_DATE_INT . "/", $dateRaw) === 1) {
+ $date = $dateRaw;
+
+ // German format: 1.1.01 - 11.12.1234
+ } elseif (preg_match("/" . REGEXP_DATE_GER . "/", $dateRaw) === 1) {
+ $tmpArr = explode('.', $dateRaw);
+
+ if ($tmpArr[2] < 70) {
+ $tmpArr[2] = 2000 + $tmpArr[2];
+ } elseif ($tmpArr[2] < 100) {
+ $tmpArr[2] = 1900 + $tmpArr[2];
+ }
+ $date = sprintf("%04d-%02d-%02d", $tmpArr[2], $tmpArr[1], $tmpArr[0]);
+
+ } else {
+ throw new UserFormException('Date/time format not recognised.', ERROR_DATE_TIME_FORMAT_NOT_RECOGNISED);
}
- $date = sprintf("%04d-%02d-%02d", $tmpArr[2], $tmpArr[1], $tmpArr[0]);
}
if ($timeRaw === '') {
$time = '00:00:00';
} else {
+ if (preg_match("/" . REGEXP_TIME . "/", $timeRaw) !== 1) {
+ throw new UserFormException('Date/time format not recognised.', ERROR_DATE_TIME_FORMAT_NOT_RECOGNISED);
+ }
+
$tmpArr = explode(':', $timeRaw);
switch (count($tmpArr)) {
case 2:
diff --git a/extension/qfq/qfq/store/FillStoreForm.php b/extension/qfq/qfq/store/FillStoreForm.php
index 8d9d995725fa89f6d2bc0f4891132b4a7980d3fe..50d0e3c0df00a763740b414f6b4e4d684317a2d3 100644
--- a/extension/qfq/qfq/store/FillStoreForm.php
+++ b/extension/qfq/qfq/store/FillStoreForm.php
@@ -115,11 +115,18 @@ class FillStoreForm {
$clientValues[$clientFieldName] = implode(',', $clientValues[$clientFieldName]);
}
+ try {
// $newValues[$formElement['name']] = $this->validateValue($formElement, $clientValues[$clientFieldName]);
- $newValues[$formElement['name']] = Sanitize::sanitize($clientValues[$clientFieldName], $formElement['checkType'], $formElement['checkPattern'], SANATIZE_EXCEPTION);
+ $newValues[$formElement['name']] = Sanitize::sanitize($clientValues[$clientFieldName],
+ $formElement['checkType'], $formElement['checkPattern'], SANATIZE_EXCEPTION);
+ } catch (UserFormException $e) {
+ throw new UserFormException("Form element '" . $formElement['name'] . ' / ' .
+ $formElement['label'] . "': " . $e->formatMessage(), SANATIZE_EXCEPTION);
+ }
} else {
if ($formElement['mode'] === FE_MODE_REQUIRED) {
- throw new UserFormException("Missing required value for '" . $formElement['name'] . ' / ' . $formElement['label'] . "'", ERROR_UNKNOWN_MODE);
+ throw new UserFormException("Missing required value for '" . $formElement['name'] . ' / ' .
+ $formElement['label'] . "'", ERROR_UNKNOWN_MODE);
}
}
break;
diff --git a/extension/qfq/tests/phpunit/SupportTest.php b/extension/qfq/tests/phpunit/SupportTest.php
index 91ba7777b5e312771c461c4e8169ca4224c6afd4..82a80bd9b3f54df12a01871619cb598d97333cc0 100644
--- a/extension/qfq/tests/phpunit/SupportTest.php
+++ b/extension/qfq/tests/phpunit/SupportTest.php
@@ -104,12 +104,16 @@ class SupportTest extends \PHPUnit_Framework_TestCase {
public function testDateTime2mysql() {
// date
+ $this->assertEquals('0000-00-00 00:00:00', Support::dateTime2mysql(''));
+
$this->assertEquals('2069-12-31 00:00:00', Support::dateTime2mysql('31.12.69'));
$this->assertEquals('1970-01-01 00:00:00', Support::dateTime2mysql('1.1.70'));
$this->assertEquals('1999-02-01 00:00:00', Support::dateTime2mysql('01.02.99'));
$this->assertEquals('2079-02-01 00:00:00', Support::dateTime2mysql('1.2.2079'));
$this->assertEquals('2079-02-01 00:00:00', Support::dateTime2mysql('01.02.2079'));
+ $this->assertEquals('1234-01-02 00:00:00', Support::dateTime2mysql('1234-01-02'));
+
// time
$this->assertEquals('0000-00-00 03:04:00', Support::dateTime2mysql('3:4'));
$this->assertEquals('0000-00-00 03:04:00', Support::dateTime2mysql('03:04'));
@@ -121,6 +125,169 @@ class SupportTest extends \PHPUnit_Framework_TestCase {
// date time
$this->assertEquals('2069-02-01 01:02:00', Support::dateTime2mysql('1.2.69 1:2'));
$this->assertEquals('2016-12-31 23:48:59', Support::dateTime2mysql('31.12.2016 23:48:59'));
+ $this->assertEquals('2016-12-31 23:48:59', Support::dateTime2mysql('2016-12-31 23:48:59'));
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException01() {
+ Support::dateTime2mysql('1');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException02() {
+ Support::dateTime2mysql('1.');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException03() {
+ Support::dateTime2mysql('1.1');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException04() {
+ Support::dateTime2mysql('1.1.');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException05() {
+ Support::dateTime2mysql('1.1.1');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException06() {
+ Support::dateTime2mysql('1.1.1.');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException07() {
+ Support::dateTime2mysql('1.1.1.1');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException08() {
+ Support::dateTime2mysql('123.1.11');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException09() {
+ Support::dateTime2mysql('1.123.11');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException10() {
+ Support::dateTime2mysql('1.1.123');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException11() {
+ Support::dateTime2mysql('1.1.12345');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException12() {
+ Support::dateTime2mysql('1-01-01');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException13() {
+ Support::dateTime2mysql('12-01-01');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException14() {
+ Support::dateTime2mysql('123-01-01');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException15() {
+ Support::dateTime2mysql('12345-01-01');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException16() {
+ Support::dateTime2mysql('1234-1-01');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException17() {
+ Support::dateTime2mysql('1234-01-1');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException18() {
+ Support::dateTime2mysql('1:');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException19() {
+ Support::dateTime2mysql('1:1:');
+ }
+
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException20() {
+ Support::dateTime2mysql('1:1:1:1');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException21() {
+ Support::dateTime2mysql('123:1:1');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException22() {
+ Support::dateTime2mysql('1:123:1');
+ }
+
+ /**
+ * @expectedException \qfq\UserFormException
+ */
+ public function testDateTime2mysqlException23() {
+ Support::dateTime2mysql('1:1:123');
}
public function testEncryptDoubleCurlyBraces() {