Commit 803fecf1 authored by Elias Villiger's avatar Elias Villiger
Browse files

Implement min test #5309

parent 9e2a53af
......@@ -144,8 +144,8 @@ const ERROR_UNKNOWN_FORWARD_MODE = 1036;
const ERROR_MISSING_HIDDEN_FIELD_IN_SIP = 1038;
const ERROR_MISSING_MIN_MAX = 1040;
const ERROR_MIN_MAX_VIOLATION = 1041;
const ERROR_MISSING_MIN_MAX = 1040; // unused
const ERROR_MIN_MAX_VIOLATION = 1041; // unused
const ERROR_UNKNOWN_CHECKTYPE = 1042;
const ERROR_PATTERN_VIOLATION = 1043;
const ERROR_RECORDID_0_FORBIDDEN = 1044;
......@@ -186,6 +186,8 @@ const ERROR_QFQ_VERSION = 1079;
const ERROR_PLAY_SQL_FILE = 1080;
const ERROR_MISSING_FILE_NAME = 1081;
const ERROR_MAX_FILE_SIZE_TOO_BIG = 1082;
const ERROR_SMALLER_THAN_MIN = 1083;
const ERROR_GREATER_THAN_MAX = 1084;
// Subrecord
const ERROR_SUBRECORD_MISSING_COLUMN_ID = 1100;
......
......@@ -30,6 +30,7 @@ class Sanitize {
/**
* Check $value against given checkType/pattern. If check succeed, returns values.
* If check fails, depending on $mode, throws an UserException or return an empty string.
* Performs checkType checks and min/max checks.
*
* @param string $value value to check
* @param $formElement
......@@ -40,12 +41,15 @@ class Sanitize {
* @throws \qfq\CodeException
*/
public static function sanitize($value, $formElement, $mode = SANITIZE_EMPTY_STRING) {
$sanitizeClass = $formElement[FE_CHECK_TYPE] || SANITIZE_DEFAULT;
$pattern = $formElement[FE_CHECK_PATTERN] || '';
$sanitizeClass = Support::setIfNotSet($formElement, FE_CHECK_TYPE, SANITIZE_DEFAULT);
$pattern = Support::setIfNotSet($formElement, FE_CHECK_PATTERN);
$min = Support::setIfNotSet($formElement, FE_MIN, null);
// $max
// $minMaxCompareMode
$errorCode = 0;
$errorText = '';
// Prepare Check
// Prepare checktype Check
switch ($sanitizeClass) {
case SANITIZE_ALLOW_PATTERN:
break;
......@@ -60,28 +64,37 @@ class Sanitize {
break;
case SANITIZE_ALLOW_ALL: // no checktype specified.
return $value;
$pattern = '';
break;
default:
throw new CodeException("Unknown checkType: " . $sanitizeClass, ERROR_UNKNOWN_CHECKTYPE);
}
// No error until here: do a final check
if ($errorCode == 0) {
if (preg_match("/$pattern/", $value) === 1)
return $value;
else
$errorCode = ERROR_PATTERN_VIOLATION;
// Pattern check
if (pattern != '' && preg_match("/$pattern/", $value) !== 1) {
$errorCode = ERROR_PATTERN_VIOLATION;
$errorText = "Value '$value' violates checkrule " . $sanitizeClass . " with pattern '$pattern'.";
}
if ($mode === SANITIZE_EXCEPTION) {
if ($errorText === '')
$errorText = "Value '$value' violates checkrule " . $sanitizeClass . " with pattern '$pattern'.";
throw new UserFormException($errorText, $errorCode);
// Min/max check (only necessary if pattern check passed)
// minMaxCompareMode: Default richtet sich nach Type des FE (bei type date: string, ansonsten: numerical)
if ($errorCode == 0) {
if ($min !== null && $value < $min) {
$errorCode = ERROR_SMALLER_THAN_MIN;
$errorText = "Value '$value' is smaller than the allowed minimum of '$min'.";
}
}
// check failed: return empty string
return '';
if ($errorCode == 0) {
return $value;
} else { // check failed
if ($mode === SANITIZE_EXCEPTION) {
throw new UserFormException($errorText, $errorCode);
}
return '';
}
}
/**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment