Commit b552c77d authored by Carsten  Rose's avatar Carsten Rose
Browse files

Fixed typo sanatize to sanitize

parent a9531e43
......@@ -33,11 +33,11 @@ const RETURN_SIP = 'return_sip';
const SQL_FORM_ELEMENT_SPECIFIC_CONTAINER = "SELECT *, ? AS 'nestedInFieldSet' FROM FormElement AS fe WHERE fe.formId = ? AND fe.deleted = 'no' AND FIND_IN_SET(fe.class, ? ) AND fe.feIdContainer = ? AND fe.enabled='yes' ORDER BY fe.ord, fe.id";
const SQL_FORM_ELEMENT_ALL_CONTAINER = "SELECT *, ? AS 'nestedInFieldSet' FROM FormElement AS fe WHERE fe.formId = ? AND fe.deleted = 'no' AND FIND_IN_SET(fe.class, ? ) AND fe.enabled='yes' ORDER BY fe.ord, fe.id";
// Sanatize Classifier
const SANATIZE_ALLOW_ALNUMX = "alnumx";
const SANATIZE_ALLOW_DIGIT = "digit";
const SANATIZE_ALLOW_ALL = "all";
const SANATIZE_DEFAULT = SANATIZE_ALLOW_DIGIT;
// SANITIZE Classifier
const SANITIZE_ALLOW_ALNUMX = "alnumx";
const SANITIZE_ALLOW_DIGIT = "digit";
const SANITIZE_ALLOW_ALL = "all";
const SANITIZE_DEFAULT = SANITIZE_ALLOW_DIGIT;
// Index wrap setup table
const WRAP_SETUP_TITLE = 'title';
......@@ -70,7 +70,7 @@ const FORM_ELEMENTS_SUBRECORD = 'subrecord';
const FORM_ELEMENTS_NATIVE_SUBRECORD = 'native_subrecord';
// QFQ Error Codes
const ERROR_UNKNOW_SANATIZE_CLASS = 1001;
const ERROR_UNKNOW_SANITIZE_CLASS = 1001;
const ERROR_CODE_SHOULD_NOT_HAPPEN = 1003;
const ERROR_SIP_MALFORMED = 1005;
......@@ -207,19 +207,19 @@ const SYSTEM_TESTDB = 'TESTDB';
const SYSTEM_SESSIONNAME = 'SESSIONNAME';
const SYSTEM_SQL_LOG = 'SQLLOG'; // Logging to file
// Information for: Log / Debug / Exception
const SYSTEM_SQL_RAW = 'sqlRaw'; // Type: SANATIZE_ALL / String. SQL Query (before substitute). Useful for error reporting.
const SYSTEM_SQL_FINAL = 'sqlFinal'; // Type: SANATIZE_ALL / String. SQL Query (after substitute). Useful for error reporting.
const SYSTEM_SQL_COUNT = 'sqlCount'; // Type: SANATIZE_DIGIT / Int.Number of rows in SQL ResultSet. Useful for error reporting.
const SYSTEM_SQL_PARAM_ARRAY = 'sqlParamArray'; // Type: SANATIZE_ALL / Parameter of prepared SQL Statement. Useful for error reporting.
const SYSTEM_SQL_RAW = 'sqlRaw'; // Type: SANITIZE_ALL / String. SQL Query (before substitute). Useful for error reporting.
const SYSTEM_SQL_FINAL = 'sqlFinal'; // Type: SANITIZE_ALL / String. SQL Query (after substitute). Useful for error reporting.
const SYSTEM_SQL_COUNT = 'sqlCount'; // Type: SANITIZE_DIGIT / Int.Number of rows in SQL ResultSet. Useful for error reporting.
const SYSTEM_SQL_PARAM_ARRAY = 'sqlParamArray'; // Type: SANITIZE_ALL / Parameter of prepared SQL Statement. Useful for error reporting.
const SYSTEM_FORM = CLIENT_FORM; // '<formName> / <formId>'
const SYSTEM_FORM_ELEMENT = 'formElement'; // '<formElementName> / <formElementeId>'
const SYSTEM_FORM_ELEMENT_COLUMN = 'formElementColumn'; // '<columnname of current processed formElement>'
const SYSTEM_FORM_ELEMENT_MESSAGE = 'formElementMessage'; // '<columnname of current processed formElement>'
// die folgenden Elemente sind vermutlich nicht noetig, wenn Store Klassen gloable Vars benutzt.
//const SYSTEM_FORM_DEF = 'formDefinition'; // Type: SANATIZE_ALNUMX / AssocArray. Final form to process. Useful for error reporting.
//const SYSTEM_FORM_ELEMENT_DEF = 'formElementDefinition'; // Type: SANATIZE_ALL / AssocArray. Formelement which are processed at the moment. Useful for error reporting.
//const SYSTEM_FORM_ELEMENT_FIELD = 'formElementField'; // Type: SANATIZE_ALNUMX / String. Fieldname of processed Formelement. Useful for error reporting.
//const SYSTEM_FORM_DEF = 'formDefinition'; // Type: SANITIZE_ALNUMX / AssocArray. Final form to process. Useful for error reporting.
//const SYSTEM_FORM_ELEMENT_DEF = 'formElementDefinition'; // Type: SANITIZE_ALL / AssocArray. Formelement which are processed at the moment. Useful for error reporting.
//const SYSTEM_FORM_ELEMENT_FIELD = 'formElementField'; // Type: SANITIZE_ALNUMX / String. Fieldname of processed Formelement. Useful for error reporting.
const SIP_SIP = CLIENT_SIP; // s
const SIP_RECORD_ID = CLIENT_RECORD_ID; // r
......
......@@ -155,7 +155,7 @@ class Evaluate {
return $this->db->sql($token, $sqlMode);
}
// explode for: <key>:<store priority>:<sanatize class>
// explode for: <key>:<store priority>:<sanitize class>
$arr = explode(':', $token, 3);
if (!isset($arr[1]))
$arr[1] = null;
......@@ -166,7 +166,7 @@ class Evaluate {
// search for value in stores
$value = $this->store->getVar($arr[0], $arr[1], $arr[2]);
// nothing replaced: put ticks around, to sanatize strings for SQL statements. Nothing to substitute is not a wished situation.
// nothing replaced: put ticks around, to sanitize strings for SQL statements. Nothing to substitute is not a wished situation.
return ($value === false) ? "'" . $token . "'" : $value;
}
......
......@@ -14,45 +14,45 @@ use qfq\CodeException;
require_once(__DIR__ . '/../../qfq/Constants.php');
/**
* Class Sanatize
* Class Sanitize
* @package qfq
*/
class Sanatize {
class Sanitize {
private function __construct() {
// Class should never be instantiated
}
/**
* Sanatize: check value by sanatize class. Return verified value or empty string if failed.
* Sanitize: check value by sanitize class. Return verified value or empty string if failed.
*
* @param string $value - value to check
* @param string $sanatizeClass - class used to check
* @param string $sanitizeClass - class used to check
* @return string - if check failed: empty string, if check is ok: value
* @throws CodeException
*/
public static function sanatize($value, $sanatizeClass = SANATIZE_DEFAULT) {
public static function sanitize($value, $sanitizeClass = SANITIZE_DEFAULT) {
switch ($sanatizeClass) {
case SANATIZE_DEFAULT:
case SANATIZE_ALLOW_DIGIT:
switch ($sanitizeClass) {
case SANITIZE_DEFAULT:
case SANITIZE_ALLOW_DIGIT:
if (!is_numeric($value)) {
$value = '';
}
break;
case SANATIZE_ALLOW_ALNUMX:
case SANITIZE_ALLOW_ALNUMX:
// replace ALNUMX valid characters, which are not part of ctype_alnum, by valid ctype_alnum characters, to fake ctype_alnum
// definetely forbidden: ' " \ % $
if (!ctype_alnum(str_replace(array('@', '-', '_', '.', ',', ';', ' ', '/', '(', ')'), 'a', $value)))
$value = '';
break;
case SANATIZE_ALLOW_ALL:
case SANITIZE_ALLOW_ALL:
break;
default:
throw new CodeException("Sanatize class '$sanatizeClass' unknown. Used to sanatize GET/POST Variable.", ERROR_UNKNOW_SANATIZE_CLASS);
throw new CodeException("Sanitize class '$sanitizeClass' unknown. Used to sanitize GET/POST Variable.", ERROR_UNKNOW_SANITIZE_CLASS);
break;
}
......
......@@ -8,7 +8,7 @@
namespace qfq;
require_once(__DIR__ . '/Sanatize.php');
require_once(__DIR__ . '/Sanitize.php');
class Support {
......
......@@ -14,7 +14,7 @@ use qfq\OnArray;
use qfq;
require_once(__DIR__ . '/../../qfq/helper/KeyValueStringParser.php');
require_once(__DIR__ . '/../../qfq/helper/Sanatize.php');
require_once(__DIR__ . '/../../qfq/helper/sanitize.php');
require_once(__DIR__ . '/../../qfq/Constants.php');
require_once(__DIR__ . '/../../qfq/store/Sip.php');
require_once(__DIR__ . '/../../qfq/Database.php');
......@@ -58,78 +58,78 @@ class Store {
private static $raw = array();
/**
* @var array Default sanatize classes.
* @var array Default sanitize classes.
*/
private static $sanatizeClass = array();
private static $sanitizeClass = array();
/**
* $sanatizeClass['S'] = false
* $sanatizeClass['C'] = true
* $sanitizeClass['S'] = false
* $sanitizeClass['C'] = true
* ...
*
* @var array each entry with true/false - depending if store needs to be sanatized.
* @var array each entry with true/false - depending if store needs to be sanitized.
*/
private static $sanatizeStore = array();
private static $sanitizeStore = array();
/**
* @param string $bodytext
*/
private function __construct($bodytext = '') {
self::$sanatizeClass = [
// TYPO3_DEBUG_LOAD => SANATIZE_ALLOW_DIGIT,
// TYPO3_DEBUG_SAVE => SANATIZE_ALLOW_DIGIT,
// TYPO3_FORM => SANATIZE_ALLOW_ALNUMX,
// TYPO3_FE_USER => SANATIZE_ALLOW_ALNUMX,
// TYPO3_FE_USER_UID => SANATIZE_ALLOW_DIGIT,
// TYPO3_FE_USER_GROUP => SANATIZE_ALLOW_ALNUMX,
CLIENT_SIP => SANATIZE_ALLOW_ALNUMX,
CLIENT_RECORD_ID => SANATIZE_ALLOW_DIGIT,
CLIENT_KEY_SEM_ID => SANATIZE_ALLOW_DIGIT,
CLIENT_KEY_SEM_ID_USER => SANATIZE_ALLOW_DIGIT,
CLIENT_PAGE_ID => SANATIZE_ALLOW_DIGIT,
CLIENT_PAGE_TYPE => SANATIZE_ALLOW_DIGIT,
CLIENT_PAGE_LANGUAGE => SANATIZE_ALLOW_DIGIT,
CLIENT_FORM => SANATIZE_ALLOW_ALNUMX,
// Part of $_SERVER. Missing vars must be requested individual with the needed sanatize class.
CLIENT_SCRIPT_URL => SANATIZE_ALLOW_ALNUMX,
CLIENT_SCRIPT_URI => SANATIZE_ALLOW_ALNUMX,
CLIENT_HTTP_HOST => SANATIZE_ALLOW_ALNUMX,
CLIENT_HTTP_USER_AGENT => SANATIZE_ALLOW_ALNUMX,
CLIENT_SERVER_NAME => SANATIZE_ALLOW_ALNUMX,
CLIENT_SERVER_ADDRESS => SANATIZE_ALLOW_ALNUMX,
CLIENT_SERVER_PORT => SANATIZE_ALLOW_DIGIT,
CLIENT_REMOTE_ADDRESS => SANATIZE_ALLOW_ALNUMX,
CLIENT_REQUEST_SCHEME => SANATIZE_ALLOW_ALNUMX,
CLIENT_SCRIPT_FILENAME => SANATIZE_ALLOW_ALNUMX,
CLIENT_QUERY_STRING => SANATIZE_ALLOW_ALL,
CLIENT_REQUEST_URI => SANATIZE_ALLOW_ALL,
CLIENT_SCRIPT_NAME => SANATIZE_ALLOW_ALNUMX,
CLIENT_PHP_SELF => SANATIZE_ALLOW_ALNUMX,
// SYSTEM_DBUSER => SANATIZE_ALLOW_ALNUMX,
// SYSTEM_DBSERVER => SANATIZE_ALLOW_ALNUMX,
// SYSTEM_DBPW => SANATIZE_ALLOW_ALL,
// SYSTEM_DB => SANATIZE_ALLOW_ALNUMX,
// SYSTEM_TESTDB => SANATIZE_ALLOW_ALNUMX,
// SYSTEM_SESSIONNAME => SANATIZE_ALLOW_ALNUMX,
// SYSTEM_DBH => SANATIZE_ALLOW_ALL,
// SYSTEM_SQL_RAW => SANATIZE_ALLOW_ALL,
// SYSTEM_SQL_FINAL => SANATIZE_ALLOW_ALL,
// SYSTEM_SQL_COUNT => SANATIZE_ALLOW_DIGIT,
// SYSTEM_SQL_PARAM_ARRAY => SANATIZE_ALLOW_ALL,
// SIP_SIP => SANATIZE_ALLOW_ALNUMX,
// SIP_RECORD_ID => SANATIZE_ALLOW_DIGIT,
// SIP_FORM => SANATIZE_ALLOW_ALNUMX,
// SIP_URLPARAM => SANATIZE_ALLOW_ALL
self::$sanitizeClass = [
// TYPO3_DEBUG_LOAD => SANITIZE_ALLOW_DIGIT,
// TYPO3_DEBUG_SAVE => SANITIZE_ALLOW_DIGIT,
// TYPO3_FORM => SANITIZE_ALLOW_ALNUMX,
// TYPO3_FE_USER => SANITIZE_ALLOW_ALNUMX,
// TYPO3_FE_USER_UID => SANITIZE_ALLOW_DIGIT,
// TYPO3_FE_USER_GROUP => SANITIZE_ALLOW_ALNUMX,
CLIENT_SIP => SANITIZE_ALLOW_ALNUMX,
CLIENT_RECORD_ID => SANITIZE_ALLOW_DIGIT,
CLIENT_KEY_SEM_ID => SANITIZE_ALLOW_DIGIT,
CLIENT_KEY_SEM_ID_USER => SANITIZE_ALLOW_DIGIT,
CLIENT_PAGE_ID => SANITIZE_ALLOW_DIGIT,
CLIENT_PAGE_TYPE => SANITIZE_ALLOW_DIGIT,
CLIENT_PAGE_LANGUAGE => SANITIZE_ALLOW_DIGIT,
CLIENT_FORM => SANITIZE_ALLOW_ALNUMX,
// Part of $_SERVER. Missing vars must be requested individual with the needed sanitize class.
CLIENT_SCRIPT_URL => SANITIZE_ALLOW_ALNUMX,
CLIENT_SCRIPT_URI => SANITIZE_ALLOW_ALNUMX,
CLIENT_HTTP_HOST => SANITIZE_ALLOW_ALNUMX,
CLIENT_HTTP_USER_AGENT => SANITIZE_ALLOW_ALNUMX,
CLIENT_SERVER_NAME => SANITIZE_ALLOW_ALNUMX,
CLIENT_SERVER_ADDRESS => SANITIZE_ALLOW_ALNUMX,
CLIENT_SERVER_PORT => SANITIZE_ALLOW_DIGIT,
CLIENT_REMOTE_ADDRESS => SANITIZE_ALLOW_ALNUMX,
CLIENT_REQUEST_SCHEME => SANITIZE_ALLOW_ALNUMX,
CLIENT_SCRIPT_FILENAME => SANITIZE_ALLOW_ALNUMX,
CLIENT_QUERY_STRING => SANITIZE_ALLOW_ALL,
CLIENT_REQUEST_URI => SANITIZE_ALLOW_ALL,
CLIENT_SCRIPT_NAME => SANITIZE_ALLOW_ALNUMX,
CLIENT_PHP_SELF => SANITIZE_ALLOW_ALNUMX,
// SYSTEM_DBUSER => SANITIZE_ALLOW_ALNUMX,
// SYSTEM_DBSERVER => SANITIZE_ALLOW_ALNUMX,
// SYSTEM_DBPW => SANITIZE_ALLOW_ALL,
// SYSTEM_DB => SANITIZE_ALLOW_ALNUMX,
// SYSTEM_TESTDB => SANITIZE_ALLOW_ALNUMX,
// SYSTEM_SESSIONNAME => SANITIZE_ALLOW_ALNUMX,
// SYSTEM_DBH => SANITIZE_ALLOW_ALL,
// SYSTEM_SQL_RAW => SANITIZE_ALLOW_ALL,
// SYSTEM_SQL_FINAL => SANITIZE_ALLOW_ALL,
// SYSTEM_SQL_COUNT => SANITIZE_ALLOW_DIGIT,
// SYSTEM_SQL_PARAM_ARRAY => SANITIZE_ALLOW_ALL,
// SIP_SIP => SANITIZE_ALLOW_ALNUMX,
// SIP_RECORD_ID => SANITIZE_ALLOW_DIGIT,
// SIP_FORM => SANITIZE_ALLOW_ALNUMX,
// SIP_URLPARAM => SANITIZE_ALLOW_ALL
];
self::$sanatizeStore = [
self::$sanitizeStore = [
STORE_FORM => true,
STORE_SIP => false,
STORE_RECORD => false,
......@@ -175,7 +175,7 @@ class Store {
*/
public function setVarArray(array $dataArray, $store, $flagOverwrite = false) {
// Check valid Storename
if (!isset(self::$sanatizeStore))
if (!isset(self::$sanitizeStore))
throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE);
......@@ -243,23 +243,23 @@ class Store {
/**
* Cycles through all stores in $useStore.
* First match will return the found value.
* During cycling: fill cache with requestet value and sanatize raw value.
* During cycling: fill cache with requestet value and sanitize raw value.
*
* @param string $key
* @param string $useStores f.e.: 'FSRD'
* @param string $sanatizeClass
* @param string $sanitizeClass
* @return string a) if found: value, b) false
*/
public static function getVar($key, $useStores = STORE_USE_DEFAULT, $sanatizeClass = '') {
public static function getVar($key, $useStores = STORE_USE_DEFAULT, $sanitizeClass = '') {
// no store specifed?
if ($useStores === "" || $useStores === null) {
$useStores = STORE_USE_DEFAULT;
}
// no sanatizeClass specified: take last/default
if ($sanatizeClass === '') {
$sanatizeClass = isset(self::$sanatizeClass[$key]) ? self::$sanatizeClass[$key] : SANATIZE_DEFAULT;
// no sanitizeClass specified: take last/default
if ($sanitizeClass === '') {
$sanitizeClass = isset(self::$sanitizeClass[$key]) ? self::$sanitizeClass[$key] : SANITIZE_DEFAULT;
}
while ($useStores !== false) {
......@@ -277,8 +277,8 @@ class Store {
$rawVal = isset(self::$raw[$store][$key]) ? self::$raw[$store][$key] : null;
if (self::$sanatizeStore[$store] && $sanatizeClass != '') {
return \qfq\Sanatize::sanatize($rawVal, $sanatizeClass);
if (self::$sanitizeStore[$store] && $sanitizeClass != '') {
return \qfq\Sanitize::sanitize($rawVal, $sanitizeClass);
} else {
return $rawVal;
}
......@@ -318,7 +318,7 @@ class Store {
*/
public static function unsetStore($store) {
// Check valid Storename
if (!isset(self::$sanatizeStore))
if (!isset(self::$sanitizeStore))
throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE);
if ($store === STORE_ZERO)
......@@ -371,7 +371,7 @@ class Store {
*/
public static function setVar($key, $value, $store, $overWrite = true) {
// Check valid Storename
if (!isset(self::$sanatizeStore))
if (!isset(self::$sanitizeStore))
throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE);
if ($store === STORE_ZERO)
......@@ -390,7 +390,7 @@ class Store {
*/
public static function getStore($store) {
// Check valid Storename
if (!isset(self::$sanatizeStore[$store]))
if (!isset(self::$sanitizeStore[$store]))
throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE);
if ($store === STORE_ZERO)
......
......@@ -182,7 +182,7 @@ class DatabaseTest extends AbstractDatabaseTest {
/**
* @expectedException \qfq\DbException
*/
public function testSanatizeException() {
public function testSanitizeException() {
$this->db->sql('some garbage');
}
......
<?php
/**
* Created by PhpStorm.
* User: crose
* Date: 1/2/16
* Time: 11:10 PM
*/
namespace qfq;
//use qfq\Sanatize;
//use qfq\exceptions\CodeException;
require_once(__DIR__ . '/../../qfq/helper/Sanatize.php');
require_once(__DIR__ . '/../../qfq/exceptions/CodeException.php');
class SanatizeTest extends \PHPUnit_Framework_TestCase {
public function testSanatize() {
# Violates SANATIZE class: sanatized string is always an empty string.
# Access are cached: use new variables for every test.
# Check '1'
$this->assertEquals('1', Sanatize::sanatize('1', SANATIZE_ALLOW_DIGIT), "SANATIZE_DIGIT fails");
$this->assertEquals('1', Sanatize::sanatize('1', SANATIZE_ALLOW_ALNUMX), "SANATIZE_ALNUMX fails");
$this->assertEquals('1', Sanatize::sanatize('1', SANATIZE_ALLOW_ALL), "SANATIZE_ALL fails");
# Check '-3'
$this->assertEquals('-3', Sanatize::sanatize('-3', SANATIZE_ALLOW_DIGIT), "SANATIZE_DIGIT fails");
$this->assertEquals('-3', Sanatize::sanatize('-3', SANATIZE_ALLOW_ALNUMX), "SANATIZE_ALNUMX fails");
$this->assertEquals('-3', Sanatize::sanatize('-3', SANATIZE_ALLOW_ALL), "SANATIZE_ALL fails");
# Check 'a'
$this->assertEquals('', Sanatize::sanatize('a', SANATIZE_ALLOW_DIGIT), "SANATIZE_DIGIT fails");
$this->assertEquals('a', Sanatize::sanatize('a', SANATIZE_ALLOW_ALNUMX), "SANATIZE_ALNUMX fails");
$this->assertEquals('a', Sanatize::sanatize('a', SANATIZE_ALLOW_ALL), "SANATIZE_ALL fails");
# Check 'a@-_.,;Z09'
$this->assertEquals('', Sanatize::sanatize('a@-_.,;Z09', SANATIZE_ALLOW_DIGIT), "SANATIZE_DIGIT fails");
$this->assertEquals('a@-_.,;Z09', Sanatize::sanatize('a@-_.,;Z09', SANATIZE_ALLOW_ALNUMX), "SANATIZE_ALNUMX fails");
$this->assertEquals('a@-_.,;Z09', Sanatize::sanatize('a@-_.,;Z09', SANATIZE_ALLOW_ALL), "SANATIZE_ALL fails");
# Check 'a+Z09'
$this->assertEquals('', Sanatize::sanatize('a+Z09', SANATIZE_ALLOW_DIGIT), "SANATIZE_DIGIT fails");
$this->assertEquals('', Sanatize::sanatize('a+Z09', SANATIZE_ALLOW_ALNUMX), "SANATIZE_ALNUMX fails");
$this->assertEquals('a+Z09', Sanatize::sanatize('a+Z09', SANATIZE_ALLOW_ALL), "SANATIZE_ALL fails");
}
/**
* @expectedException \qfq\CodeException
*
*/
public function testSanatizeException() {
Sanatize::sanatize('Hello World', 'invalid sanatize class');
}
}
<?php
/**
* Created by PhpStorm.
* User: crose
* Date: 1/2/16
* Time: 11:10 PM
*/
namespace qfq;
require_once(__DIR__ . '/../../qfq/helper/SANITIZE.php');
require_once(__DIR__ . '/../../qfq/exceptions/CodeException.php');
class SanitizeTest extends \PHPUnit_Framework_TestCase {
public function testSanitize() {
# Violates SANITIZE class: SANITIZE string is always an empty string.
# Access are cached: use new variables for every test.
# Check '1'
$this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
$this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
$this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
# Check '-3'
$this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
$this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
$this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
# Check 'a'
$this->assertEquals('', Sanitize::sanitize('a', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
$this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
$this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
# Check 'a@-_.,;Z09'
$this->assertEquals('', Sanitize::sanitize('a@-_.,;Z09', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
$this->assertEquals('a@-_.,;Z09', Sanitize::sanitize('a@-_.,;Z09', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
$this->assertEquals('a@-_.,;Z09', Sanitize::sanitize('a@-_.,;Z09', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
# Check 'a+Z09'
$this->assertEquals('', Sanitize::sanitize('a+Z09', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
$this->assertEquals('', Sanitize::sanitize('a+Z09', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
$this->assertEquals('a+Z09', Sanitize::sanitize('a+Z09', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
}
/**
* @expectedException \qfq\CodeException
*
*/
public function testSanitizeException() {
Sanitize::sanitize('Hello World', 'invalid SANITIZE class');
}
}
......@@ -87,14 +87,14 @@ class StoreTest extends \PHPUnit_Framework_TestCase {
public function testGetVarStoreClient() {
# Violates SANATIZE class: sanatized string is always an empty string.
# Violates SANITIZE class: sanitized string is always an empty string.
# Access are cached:
# Test: Retrieve a variable, default sanatize class
$this->assertEquals('1234', $this->store->getVar(CLIENT_RECORD_ID, STORE_CLIENT), "FormName: default sanatize class");
# Test: Retrieve a variable, default sanitize class
$this->assertEquals('1234', $this->store->getVar(CLIENT_RECORD_ID, STORE_CLIENT), "FormName: default sanitize class");
# violates default SANATIZE digit: sanatized string is always an empty string.
$this->assertEquals('', $this->store->getVar(CLIENT_SIP, STORE_CLIENT), "sanatize class digit fails");
# violates default SANITIZE digit: sanitized string is always an empty string.
$this->assertEquals('', $this->store->getVar(CLIENT_SIP, STORE_CLIENT), "sanitize class digit fails");
// Test GET
$this->assertEquals('1234', $this->store->getVar('key01', STORE_CLIENT), "Param: GET");
......@@ -114,8 +114,8 @@ class StoreTest extends \PHPUnit_Framework_TestCase {
$this->store->getVar('keyUnknwon2');
$this->assertFalse($this->store->getVar('keyUnknown2', STORE_CLIENT), "Param: unknown from cache");
// Test overwrite default sanatize class
$this->assertEquals('', $this->store->getVar(CLIENT_FORM, STORE_CLIENT, SANATIZE_ALLOW_DIGIT), "Param: overwrite default sanatize class");
// Test overwrite default sanitize class
$this->assertEquals('', $this->store->getVar(CLIENT_FORM, STORE_CLIENT, SANITIZE_ALLOW_DIGIT), "Param: overwrite default sanitize class");
// Test: POST higher priority than GET
$this->assertEquals('5678', $this->store->getVar('key04', STORE_CLIENT), "Param: POST higher priority than GET");
......@@ -135,11 +135,11 @@ class StoreTest extends \PHPUnit_Framework_TestCase {
$this->assertEquals('male2', $this->store->getVar('gender'), "Retrieve 'gender' from STORE_SIP");
$this->store->setVar('gender', 'female2', STORE_FORM);
$this->assertEquals('female2', $this->store->getVar('gender', '', SANATIZE_ALLOW_ALNUMX), "Retrieve 'gender' from STORE_SIP");
$this->assertEquals('female2', $this->store->getVar('gender', '', SANITIZE_ALLOW_ALNUMX), "Retrieve 'gender' from STORE_SIP");
}
public function testStoreDifferentSanatizeClass() {
public function testStoreDifferentSanitizeClass() {
//default prio FSRD
$this->store->setVar('fruit', 'apple', STORE_RECORD);
......@@ -147,7 +147,7 @@ class StoreTest extends \PHPUnit_Framework_TestCase {
$this->store->setVar('color', 'green', STORE_FORM);
$this->assertEquals(false, $this->store->getVar('color'), "Retrieve 'color' from STORE_FORM");
$this->assertEquals('green', $this->store->getVar('color', '', SANATIZE_ALLOW_ALNUMX), "Retrieve 'color' from STORE_FORM");
$this->assertEquals('green', $this->store->getVar('color', '', SANITIZE_ALLOW_ALNUMX), "Retrieve 'color' from STORE_FORM");
}
public function testGetVarStore0() {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment