Commit b552c77d authored by Carsten  Rose's avatar Carsten Rose
Browse files

Fixed typo sanatize to sanitize

parent a9531e43
...@@ -33,11 +33,11 @@ const RETURN_SIP = 'return_sip'; ...@@ -33,11 +33,11 @@ const RETURN_SIP = 'return_sip';
const SQL_FORM_ELEMENT_SPECIFIC_CONTAINER = "SELECT *, ? AS 'nestedInFieldSet' FROM FormElement AS fe WHERE fe.formId = ? AND fe.deleted = 'no' AND FIND_IN_SET(fe.class, ? ) AND fe.feIdContainer = ? AND fe.enabled='yes' ORDER BY fe.ord, fe.id"; const SQL_FORM_ELEMENT_SPECIFIC_CONTAINER = "SELECT *, ? AS 'nestedInFieldSet' FROM FormElement AS fe WHERE fe.formId = ? AND fe.deleted = 'no' AND FIND_IN_SET(fe.class, ? ) AND fe.feIdContainer = ? AND fe.enabled='yes' ORDER BY fe.ord, fe.id";
const SQL_FORM_ELEMENT_ALL_CONTAINER = "SELECT *, ? AS 'nestedInFieldSet' FROM FormElement AS fe WHERE fe.formId = ? AND fe.deleted = 'no' AND FIND_IN_SET(fe.class, ? ) AND fe.enabled='yes' ORDER BY fe.ord, fe.id"; const SQL_FORM_ELEMENT_ALL_CONTAINER = "SELECT *, ? AS 'nestedInFieldSet' FROM FormElement AS fe WHERE fe.formId = ? AND fe.deleted = 'no' AND FIND_IN_SET(fe.class, ? ) AND fe.enabled='yes' ORDER BY fe.ord, fe.id";
// Sanatize Classifier // SANITIZE Classifier
const SANATIZE_ALLOW_ALNUMX = "alnumx"; const SANITIZE_ALLOW_ALNUMX = "alnumx";
const SANATIZE_ALLOW_DIGIT = "digit"; const SANITIZE_ALLOW_DIGIT = "digit";
const SANATIZE_ALLOW_ALL = "all"; const SANITIZE_ALLOW_ALL = "all";
const SANATIZE_DEFAULT = SANATIZE_ALLOW_DIGIT; const SANITIZE_DEFAULT = SANITIZE_ALLOW_DIGIT;
// Index wrap setup table // Index wrap setup table
const WRAP_SETUP_TITLE = 'title'; const WRAP_SETUP_TITLE = 'title';
...@@ -70,7 +70,7 @@ const FORM_ELEMENTS_SUBRECORD = 'subrecord'; ...@@ -70,7 +70,7 @@ const FORM_ELEMENTS_SUBRECORD = 'subrecord';
const FORM_ELEMENTS_NATIVE_SUBRECORD = 'native_subrecord'; const FORM_ELEMENTS_NATIVE_SUBRECORD = 'native_subrecord';
// QFQ Error Codes // QFQ Error Codes
const ERROR_UNKNOW_SANATIZE_CLASS = 1001; const ERROR_UNKNOW_SANITIZE_CLASS = 1001;
const ERROR_CODE_SHOULD_NOT_HAPPEN = 1003; const ERROR_CODE_SHOULD_NOT_HAPPEN = 1003;
const ERROR_SIP_MALFORMED = 1005; const ERROR_SIP_MALFORMED = 1005;
...@@ -207,19 +207,19 @@ const SYSTEM_TESTDB = 'TESTDB'; ...@@ -207,19 +207,19 @@ const SYSTEM_TESTDB = 'TESTDB';
const SYSTEM_SESSIONNAME = 'SESSIONNAME'; const SYSTEM_SESSIONNAME = 'SESSIONNAME';
const SYSTEM_SQL_LOG = 'SQLLOG'; // Logging to file const SYSTEM_SQL_LOG = 'SQLLOG'; // Logging to file
// Information for: Log / Debug / Exception // Information for: Log / Debug / Exception
const SYSTEM_SQL_RAW = 'sqlRaw'; // Type: SANATIZE_ALL / String. SQL Query (before substitute). Useful for error reporting. const SYSTEM_SQL_RAW = 'sqlRaw'; // Type: SANITIZE_ALL / String. SQL Query (before substitute). Useful for error reporting.
const SYSTEM_SQL_FINAL = 'sqlFinal'; // Type: SANATIZE_ALL / String. SQL Query (after substitute). Useful for error reporting. const SYSTEM_SQL_FINAL = 'sqlFinal'; // Type: SANITIZE_ALL / String. SQL Query (after substitute). Useful for error reporting.
const SYSTEM_SQL_COUNT = 'sqlCount'; // Type: SANATIZE_DIGIT / Int.Number of rows in SQL ResultSet. Useful for error reporting. const SYSTEM_SQL_COUNT = 'sqlCount'; // Type: SANITIZE_DIGIT / Int.Number of rows in SQL ResultSet. Useful for error reporting.
const SYSTEM_SQL_PARAM_ARRAY = 'sqlParamArray'; // Type: SANATIZE_ALL / Parameter of prepared SQL Statement. Useful for error reporting. const SYSTEM_SQL_PARAM_ARRAY = 'sqlParamArray'; // Type: SANITIZE_ALL / Parameter of prepared SQL Statement. Useful for error reporting.
const SYSTEM_FORM = CLIENT_FORM; // '<formName> / <formId>' const SYSTEM_FORM = CLIENT_FORM; // '<formName> / <formId>'
const SYSTEM_FORM_ELEMENT = 'formElement'; // '<formElementName> / <formElementeId>' const SYSTEM_FORM_ELEMENT = 'formElement'; // '<formElementName> / <formElementeId>'
const SYSTEM_FORM_ELEMENT_COLUMN = 'formElementColumn'; // '<columnname of current processed formElement>' const SYSTEM_FORM_ELEMENT_COLUMN = 'formElementColumn'; // '<columnname of current processed formElement>'
const SYSTEM_FORM_ELEMENT_MESSAGE = 'formElementMessage'; // '<columnname of current processed formElement>' const SYSTEM_FORM_ELEMENT_MESSAGE = 'formElementMessage'; // '<columnname of current processed formElement>'
// die folgenden Elemente sind vermutlich nicht noetig, wenn Store Klassen gloable Vars benutzt. // die folgenden Elemente sind vermutlich nicht noetig, wenn Store Klassen gloable Vars benutzt.
//const SYSTEM_FORM_DEF = 'formDefinition'; // Type: SANATIZE_ALNUMX / AssocArray. Final form to process. Useful for error reporting. //const SYSTEM_FORM_DEF = 'formDefinition'; // Type: SANITIZE_ALNUMX / AssocArray. Final form to process. Useful for error reporting.
//const SYSTEM_FORM_ELEMENT_DEF = 'formElementDefinition'; // Type: SANATIZE_ALL / AssocArray. Formelement which are processed at the moment. Useful for error reporting. //const SYSTEM_FORM_ELEMENT_DEF = 'formElementDefinition'; // Type: SANITIZE_ALL / AssocArray. Formelement which are processed at the moment. Useful for error reporting.
//const SYSTEM_FORM_ELEMENT_FIELD = 'formElementField'; // Type: SANATIZE_ALNUMX / String. Fieldname of processed Formelement. Useful for error reporting. //const SYSTEM_FORM_ELEMENT_FIELD = 'formElementField'; // Type: SANITIZE_ALNUMX / String. Fieldname of processed Formelement. Useful for error reporting.
const SIP_SIP = CLIENT_SIP; // s const SIP_SIP = CLIENT_SIP; // s
const SIP_RECORD_ID = CLIENT_RECORD_ID; // r const SIP_RECORD_ID = CLIENT_RECORD_ID; // r
......
...@@ -155,7 +155,7 @@ class Evaluate { ...@@ -155,7 +155,7 @@ class Evaluate {
return $this->db->sql($token, $sqlMode); return $this->db->sql($token, $sqlMode);
} }
// explode for: <key>:<store priority>:<sanatize class> // explode for: <key>:<store priority>:<sanitize class>
$arr = explode(':', $token, 3); $arr = explode(':', $token, 3);
if (!isset($arr[1])) if (!isset($arr[1]))
$arr[1] = null; $arr[1] = null;
...@@ -166,7 +166,7 @@ class Evaluate { ...@@ -166,7 +166,7 @@ class Evaluate {
// search for value in stores // search for value in stores
$value = $this->store->getVar($arr[0], $arr[1], $arr[2]); $value = $this->store->getVar($arr[0], $arr[1], $arr[2]);
// nothing replaced: put ticks around, to sanatize strings for SQL statements. Nothing to substitute is not a wished situation. // nothing replaced: put ticks around, to sanitize strings for SQL statements. Nothing to substitute is not a wished situation.
return ($value === false) ? "'" . $token . "'" : $value; return ($value === false) ? "'" . $token . "'" : $value;
} }
......
...@@ -14,45 +14,45 @@ use qfq\CodeException; ...@@ -14,45 +14,45 @@ use qfq\CodeException;
require_once(__DIR__ . '/../../qfq/Constants.php'); require_once(__DIR__ . '/../../qfq/Constants.php');
/** /**
* Class Sanatize * Class Sanitize
* @package qfq * @package qfq
*/ */
class Sanatize { class Sanitize {
private function __construct() { private function __construct() {
// Class should never be instantiated // Class should never be instantiated
} }
/** /**
* Sanatize: check value by sanatize class. Return verified value or empty string if failed. * Sanitize: check value by sanitize class. Return verified value or empty string if failed.
* *
* @param string $value - value to check * @param string $value - value to check
* @param string $sanatizeClass - class used to check * @param string $sanitizeClass - class used to check
* @return string - if check failed: empty string, if check is ok: value * @return string - if check failed: empty string, if check is ok: value
* @throws CodeException * @throws CodeException
*/ */
public static function sanatize($value, $sanatizeClass = SANATIZE_DEFAULT) { public static function sanitize($value, $sanitizeClass = SANITIZE_DEFAULT) {
switch ($sanatizeClass) { switch ($sanitizeClass) {
case SANATIZE_DEFAULT: case SANITIZE_DEFAULT:
case SANATIZE_ALLOW_DIGIT: case SANITIZE_ALLOW_DIGIT:
if (!is_numeric($value)) { if (!is_numeric($value)) {
$value = ''; $value = '';
} }
break; break;
case SANATIZE_ALLOW_ALNUMX: case SANITIZE_ALLOW_ALNUMX:
// replace ALNUMX valid characters, which are not part of ctype_alnum, by valid ctype_alnum characters, to fake ctype_alnum // replace ALNUMX valid characters, which are not part of ctype_alnum, by valid ctype_alnum characters, to fake ctype_alnum
// definetely forbidden: ' " \ % $ // definetely forbidden: ' " \ % $
if (!ctype_alnum(str_replace(array('@', '-', '_', '.', ',', ';', ' ', '/', '(', ')'), 'a', $value))) if (!ctype_alnum(str_replace(array('@', '-', '_', '.', ',', ';', ' ', '/', '(', ')'), 'a', $value)))
$value = ''; $value = '';
break; break;
case SANATIZE_ALLOW_ALL: case SANITIZE_ALLOW_ALL:
break; break;
default: default:
throw new CodeException("Sanatize class '$sanatizeClass' unknown. Used to sanatize GET/POST Variable.", ERROR_UNKNOW_SANATIZE_CLASS); throw new CodeException("Sanitize class '$sanitizeClass' unknown. Used to sanitize GET/POST Variable.", ERROR_UNKNOW_SANITIZE_CLASS);
break; break;
} }
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
namespace qfq; namespace qfq;
require_once(__DIR__ . '/Sanatize.php'); require_once(__DIR__ . '/Sanitize.php');
class Support { class Support {
......
...@@ -14,7 +14,7 @@ use qfq\OnArray; ...@@ -14,7 +14,7 @@ use qfq\OnArray;
use qfq; use qfq;
require_once(__DIR__ . '/../../qfq/helper/KeyValueStringParser.php'); require_once(__DIR__ . '/../../qfq/helper/KeyValueStringParser.php');
require_once(__DIR__ . '/../../qfq/helper/Sanatize.php'); require_once(__DIR__ . '/../../qfq/helper/sanitize.php');
require_once(__DIR__ . '/../../qfq/Constants.php'); require_once(__DIR__ . '/../../qfq/Constants.php');
require_once(__DIR__ . '/../../qfq/store/Sip.php'); require_once(__DIR__ . '/../../qfq/store/Sip.php');
require_once(__DIR__ . '/../../qfq/Database.php'); require_once(__DIR__ . '/../../qfq/Database.php');
...@@ -58,78 +58,78 @@ class Store { ...@@ -58,78 +58,78 @@ class Store {
private static $raw = array(); private static $raw = array();
/** /**
* @var array Default sanatize classes. * @var array Default sanitize classes.
*/ */
private static $sanatizeClass = array(); private static $sanitizeClass = array();
/** /**
* $sanatizeClass['S'] = false * $sanitizeClass['S'] = false
* $sanatizeClass['C'] = true * $sanitizeClass['C'] = true
* ... * ...
* *
* @var array each entry with true/false - depending if store needs to be sanatized. * @var array each entry with true/false - depending if store needs to be sanitized.
*/ */
private static $sanatizeStore = array(); private static $sanitizeStore = array();
/** /**
* @param string $bodytext * @param string $bodytext
*/ */
private function __construct($bodytext = '') { private function __construct($bodytext = '') {
self::$sanatizeClass = [ self::$sanitizeClass = [
// TYPO3_DEBUG_LOAD => SANATIZE_ALLOW_DIGIT, // TYPO3_DEBUG_LOAD => SANITIZE_ALLOW_DIGIT,
// TYPO3_DEBUG_SAVE => SANATIZE_ALLOW_DIGIT, // TYPO3_DEBUG_SAVE => SANITIZE_ALLOW_DIGIT,
// TYPO3_FORM => SANATIZE_ALLOW_ALNUMX, // TYPO3_FORM => SANITIZE_ALLOW_ALNUMX,
// TYPO3_FE_USER => SANATIZE_ALLOW_ALNUMX, // TYPO3_FE_USER => SANITIZE_ALLOW_ALNUMX,
// TYPO3_FE_USER_UID => SANATIZE_ALLOW_DIGIT, // TYPO3_FE_USER_UID => SANITIZE_ALLOW_DIGIT,
// TYPO3_FE_USER_GROUP => SANATIZE_ALLOW_ALNUMX, // TYPO3_FE_USER_GROUP => SANITIZE_ALLOW_ALNUMX,
CLIENT_SIP => SANATIZE_ALLOW_ALNUMX, CLIENT_SIP => SANITIZE_ALLOW_ALNUMX,
CLIENT_RECORD_ID => SANATIZE_ALLOW_DIGIT, CLIENT_RECORD_ID => SANITIZE_ALLOW_DIGIT,
CLIENT_KEY_SEM_ID => SANATIZE_ALLOW_DIGIT, CLIENT_KEY_SEM_ID => SANITIZE_ALLOW_DIGIT,
CLIENT_KEY_SEM_ID_USER => SANATIZE_ALLOW_DIGIT, CLIENT_KEY_SEM_ID_USER => SANITIZE_ALLOW_DIGIT,
CLIENT_PAGE_ID => SANATIZE_ALLOW_DIGIT, CLIENT_PAGE_ID => SANITIZE_ALLOW_DIGIT,
CLIENT_PAGE_TYPE => SANATIZE_ALLOW_DIGIT, CLIENT_PAGE_TYPE => SANITIZE_ALLOW_DIGIT,
CLIENT_PAGE_LANGUAGE => SANATIZE_ALLOW_DIGIT, CLIENT_PAGE_LANGUAGE => SANITIZE_ALLOW_DIGIT,
CLIENT_FORM => SANATIZE_ALLOW_ALNUMX, CLIENT_FORM => SANITIZE_ALLOW_ALNUMX,
// Part of $_SERVER. Missing vars must be requested individual with the needed sanatize class. // Part of $_SERVER. Missing vars must be requested individual with the needed sanitize class.
CLIENT_SCRIPT_URL => SANATIZE_ALLOW_ALNUMX, CLIENT_SCRIPT_URL => SANITIZE_ALLOW_ALNUMX,
CLIENT_SCRIPT_URI => SANATIZE_ALLOW_ALNUMX, CLIENT_SCRIPT_URI => SANITIZE_ALLOW_ALNUMX,
CLIENT_HTTP_HOST => SANATIZE_ALLOW_ALNUMX, CLIENT_HTTP_HOST => SANITIZE_ALLOW_ALNUMX,
CLIENT_HTTP_USER_AGENT => SANATIZE_ALLOW_ALNUMX, CLIENT_HTTP_USER_AGENT => SANITIZE_ALLOW_ALNUMX,
CLIENT_SERVER_NAME => SANATIZE_ALLOW_ALNUMX, CLIENT_SERVER_NAME => SANITIZE_ALLOW_ALNUMX,
CLIENT_SERVER_ADDRESS => SANATIZE_ALLOW_ALNUMX, CLIENT_SERVER_ADDRESS => SANITIZE_ALLOW_ALNUMX,
CLIENT_SERVER_PORT => SANATIZE_ALLOW_DIGIT, CLIENT_SERVER_PORT => SANITIZE_ALLOW_DIGIT,
CLIENT_REMOTE_ADDRESS => SANATIZE_ALLOW_ALNUMX, CLIENT_REMOTE_ADDRESS => SANITIZE_ALLOW_ALNUMX,
CLIENT_REQUEST_SCHEME => SANATIZE_ALLOW_ALNUMX, CLIENT_REQUEST_SCHEME => SANITIZE_ALLOW_ALNUMX,
CLIENT_SCRIPT_FILENAME => SANATIZE_ALLOW_ALNUMX, CLIENT_SCRIPT_FILENAME => SANITIZE_ALLOW_ALNUMX,
CLIENT_QUERY_STRING => SANATIZE_ALLOW_ALL, CLIENT_QUERY_STRING => SANITIZE_ALLOW_ALL,
CLIENT_REQUEST_URI => SANATIZE_ALLOW_ALL, CLIENT_REQUEST_URI => SANITIZE_ALLOW_ALL,
CLIENT_SCRIPT_NAME => SANATIZE_ALLOW_ALNUMX, CLIENT_SCRIPT_NAME => SANITIZE_ALLOW_ALNUMX,
CLIENT_PHP_SELF => SANATIZE_ALLOW_ALNUMX, CLIENT_PHP_SELF => SANITIZE_ALLOW_ALNUMX,
// SYSTEM_DBUSER => SANATIZE_ALLOW_ALNUMX, // SYSTEM_DBUSER => SANITIZE_ALLOW_ALNUMX,
// SYSTEM_DBSERVER => SANATIZE_ALLOW_ALNUMX, // SYSTEM_DBSERVER => SANITIZE_ALLOW_ALNUMX,
// SYSTEM_DBPW => SANATIZE_ALLOW_ALL, // SYSTEM_DBPW => SANITIZE_ALLOW_ALL,
// SYSTEM_DB => SANATIZE_ALLOW_ALNUMX, // SYSTEM_DB => SANITIZE_ALLOW_ALNUMX,
// SYSTEM_TESTDB => SANATIZE_ALLOW_ALNUMX, // SYSTEM_TESTDB => SANITIZE_ALLOW_ALNUMX,
// SYSTEM_SESSIONNAME => SANATIZE_ALLOW_ALNUMX, // SYSTEM_SESSIONNAME => SANITIZE_ALLOW_ALNUMX,
// SYSTEM_DBH => SANATIZE_ALLOW_ALL, // SYSTEM_DBH => SANITIZE_ALLOW_ALL,
// SYSTEM_SQL_RAW => SANATIZE_ALLOW_ALL, // SYSTEM_SQL_RAW => SANITIZE_ALLOW_ALL,
// SYSTEM_SQL_FINAL => SANATIZE_ALLOW_ALL, // SYSTEM_SQL_FINAL => SANITIZE_ALLOW_ALL,
// SYSTEM_SQL_COUNT => SANATIZE_ALLOW_DIGIT, // SYSTEM_SQL_COUNT => SANITIZE_ALLOW_DIGIT,
// SYSTEM_SQL_PARAM_ARRAY => SANATIZE_ALLOW_ALL, // SYSTEM_SQL_PARAM_ARRAY => SANITIZE_ALLOW_ALL,
// SIP_SIP => SANATIZE_ALLOW_ALNUMX, // SIP_SIP => SANITIZE_ALLOW_ALNUMX,
// SIP_RECORD_ID => SANATIZE_ALLOW_DIGIT, // SIP_RECORD_ID => SANITIZE_ALLOW_DIGIT,
// SIP_FORM => SANATIZE_ALLOW_ALNUMX, // SIP_FORM => SANITIZE_ALLOW_ALNUMX,
// SIP_URLPARAM => SANATIZE_ALLOW_ALL // SIP_URLPARAM => SANITIZE_ALLOW_ALL
]; ];
self::$sanatizeStore = [ self::$sanitizeStore = [
STORE_FORM => true, STORE_FORM => true,
STORE_SIP => false, STORE_SIP => false,
STORE_RECORD => false, STORE_RECORD => false,
...@@ -175,7 +175,7 @@ class Store { ...@@ -175,7 +175,7 @@ class Store {
*/ */
public function setVarArray(array $dataArray, $store, $flagOverwrite = false) { public function setVarArray(array $dataArray, $store, $flagOverwrite = false) {
// Check valid Storename // Check valid Storename
if (!isset(self::$sanatizeStore)) if (!isset(self::$sanitizeStore))
throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE); throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE);
...@@ -243,23 +243,23 @@ class Store { ...@@ -243,23 +243,23 @@ class Store {
/** /**
* Cycles through all stores in $useStore. * Cycles through all stores in $useStore.
* First match will return the found value. * First match will return the found value.
* During cycling: fill cache with requestet value and sanatize raw value. * During cycling: fill cache with requestet value and sanitize raw value.
* *
* @param string $key * @param string $key
* @param string $useStores f.e.: 'FSRD' * @param string $useStores f.e.: 'FSRD'
* @param string $sanatizeClass * @param string $sanitizeClass
* @return string a) if found: value, b) false * @return string a) if found: value, b) false
*/ */
public static function getVar($key, $useStores = STORE_USE_DEFAULT, $sanatizeClass = '') { public static function getVar($key, $useStores = STORE_USE_DEFAULT, $sanitizeClass = '') {
// no store specifed? // no store specifed?
if ($useStores === "" || $useStores === null) { if ($useStores === "" || $useStores === null) {
$useStores = STORE_USE_DEFAULT; $useStores = STORE_USE_DEFAULT;
} }
// no sanatizeClass specified: take last/default // no sanitizeClass specified: take last/default
if ($sanatizeClass === '') { if ($sanitizeClass === '') {
$sanatizeClass = isset(self::$sanatizeClass[$key]) ? self::$sanatizeClass[$key] : SANATIZE_DEFAULT; $sanitizeClass = isset(self::$sanitizeClass[$key]) ? self::$sanitizeClass[$key] : SANITIZE_DEFAULT;
} }
while ($useStores !== false) { while ($useStores !== false) {
...@@ -277,8 +277,8 @@ class Store { ...@@ -277,8 +277,8 @@ class Store {
$rawVal = isset(self::$raw[$store][$key]) ? self::$raw[$store][$key] : null; $rawVal = isset(self::$raw[$store][$key]) ? self::$raw[$store][$key] : null;
if (self::$sanatizeStore[$store] && $sanatizeClass != '') { if (self::$sanitizeStore[$store] && $sanitizeClass != '') {
return \qfq\Sanatize::sanatize($rawVal, $sanatizeClass); return \qfq\Sanitize::sanitize($rawVal, $sanitizeClass);
} else { } else {
return $rawVal; return $rawVal;
} }
...@@ -318,7 +318,7 @@ class Store { ...@@ -318,7 +318,7 @@ class Store {
*/ */
public static function unsetStore($store) { public static function unsetStore($store) {
// Check valid Storename // Check valid Storename
if (!isset(self::$sanatizeStore)) if (!isset(self::$sanitizeStore))
throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE); throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE);
if ($store === STORE_ZERO) if ($store === STORE_ZERO)
...@@ -371,7 +371,7 @@ class Store { ...@@ -371,7 +371,7 @@ class Store {
*/ */
public static function setVar($key, $value, $store, $overWrite = true) { public static function setVar($key, $value, $store, $overWrite = true) {
// Check valid Storename // Check valid Storename
if (!isset(self::$sanatizeStore)) if (!isset(self::$sanitizeStore))
throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE); throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE);
if ($store === STORE_ZERO) if ($store === STORE_ZERO)
...@@ -390,7 +390,7 @@ class Store { ...@@ -390,7 +390,7 @@ class Store {
*/ */
public static function getStore($store) { public static function getStore($store) {
// Check valid Storename // Check valid Storename
if (!isset(self::$sanatizeStore[$store])) if (!isset(self::$sanitizeStore[$store]))
throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE); throw new UserException("Unknown Store: $store", ERROR_UNNOWN_STORE);
if ($store === STORE_ZERO) if ($store === STORE_ZERO)
......
...@@ -182,7 +182,7 @@ class DatabaseTest extends AbstractDatabaseTest { ...@@ -182,7 +182,7 @@ class DatabaseTest extends AbstractDatabaseTest {
/** /**
* @expectedException \qfq\DbException * @expectedException \qfq\DbException
*/ */
public function testSanatizeException() { public function testSanitizeException() {
$this->db->sql('some garbage'); $this->db->sql('some garbage');
} }
......
<?php
/**
* Created by PhpStorm.
* User: crose
* Date: 1/2/16
* Time: 11:10 PM
*/
namespace qfq;
//use qfq\Sanatize;
//use qfq\exceptions\CodeException;
require_once(__DIR__ . '/../../qfq/helper/Sanatize.php');
require_once(__DIR__ . '/../../qfq/exceptions/CodeException.php');
class SanatizeTest extends \PHPUnit_Framework_TestCase {
public function testSanatize() {
# Violates SANATIZE class: sanatized string is always an empty string.
# Access are cached: use new variables for every test.
# Check '1'
$this->assertEquals('1', Sanatize::sanatize('1', SANATIZE_ALLOW_DIGIT), "SANATIZE_DIGIT fails");
$this->assertEquals('1', Sanatize::sanatize('1', SANATIZE_ALLOW_ALNUMX), "SANATIZE_ALNUMX fails");
$this->assertEquals('1', Sanatize::sanatize('1', SANATIZE_ALLOW_ALL), "SANATIZE_ALL fails");
# Check '-3'
$this->assertEquals('-3', Sanatize::sanatize('-3', SANATIZE_ALLOW_DIGIT), "SANATIZE_DIGIT fails");
$this->assertEquals('-3', Sanatize::sanatize('-3', SANATIZE_ALLOW_ALNUMX), "SANATIZE_ALNUMX fails");
$this->assertEquals('-3', Sanatize::sanatize('-3', SANATIZE_ALLOW_ALL), "SANATIZE_ALL fails");
# Check 'a'
$this->assertEquals('', Sanatize::sanatize('a', SANATIZE_ALLOW_DIGIT), "SANATIZE_DIGIT fails");
$this->assertEquals('a', Sanatize::sanatize('a', SANATIZE_ALLOW_ALNUMX), "SANATIZE_ALNUMX fails");
$this->assertEquals('a', Sanatize::sanatize('a', SANATIZE_ALLOW_ALL), "SANATIZE_ALL fails");
# Check 'a@-_.,;Z09'
$this->assertEquals('', Sanatize::sanatize('a@-_.,;Z09', SANATIZE_ALLOW_DIGIT), "SANATIZE_DIGIT fails");
$this->assertEquals('a@-_.,;Z09', Sanatize::sanatize('a@-_.,;Z09', SANATIZE_ALLOW_ALNUMX), "SANATIZE_ALNUMX fails");
$this->assertEquals('a@-_.,;Z09', Sanatize::sanatize('a@-_.,;Z09', SANATIZE_ALLOW_ALL), "SANATIZE_ALL fails");
# Check 'a+Z09'
$this->assertEquals('', Sanatize::sanatize('a+Z09', SANATIZE_ALLOW_DIGIT), "SANATIZE_DIGIT fails");
$this->assertEquals('', Sanatize::sanatize('a+Z09', SANATIZE_ALLOW_ALNUMX), "SANATIZE_ALNUMX fails");
$this->assertEquals('a+Z09', Sanatize::sanatize('a+Z09', SANATIZE_ALLOW_ALL), "SANATIZE_ALL fails");
}
/**
* @expectedException \qfq\CodeException
*
*/
public function testSanatizeException() {
Sanatize::sanatize('Hello World', 'invalid sanatize class');
}
}
<?php
/**
* Created by PhpStorm.
* User: crose
* Date: 1/2/16
* Time: 11:10 PM
*/
namespace qfq;
require_once(__DIR__ . '/../../qfq/helper/SANITIZE.php');
require_once(__DIR__ . '/../../qfq/exceptions/CodeException.php');
class SanitizeTest extends \PHPUnit_Framework_TestCase {
public function testSanitize() {
# Violates SANITIZE class: SANITIZE string is always an empty string.
# Access are cached: use new variables for every test.
# Check '1'
$this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
$this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
$this->assertEquals('1', Sanitize::sanitize('1', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
# Check '-3'
$this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
$this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
$this->assertEquals('-3', Sanitize::sanitize('-3', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
# Check 'a'
$this->assertEquals('', Sanitize::sanitize('a', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
$this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
$this->assertEquals('a', Sanitize::sanitize('a', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
# Check 'a@-_.,;Z09'
$this->assertEquals('', Sanitize::sanitize('a@-_.,;Z09', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
$this->assertEquals('a@-_.,;Z09', Sanitize::sanitize('a@-_.,;Z09', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
$this->assertEquals('a@-_.,;Z09', Sanitize::sanitize('a@-_.,;Z09', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
# Check 'a+Z09'
$this->assertEquals('', Sanitize::sanitize('a+Z09', SANITIZE_ALLOW_DIGIT), "SANITIZE_DIGIT fails");
$this->assertEquals('', Sanitize::sanitize('a+Z09', SANITIZE_ALLOW_ALNUMX), "SANITIZE_ALNUMX fails");
$this->assertEquals('a+Z09', Sanitize::sanitize('a+Z09', SANITIZE_ALLOW_ALL), "SANITIZE_ALL fails");
}
/**
* @expectedException \qfq\CodeException
*
*/
public function testSanitizeException() {
Sanitize::sanitize('Hello World', 'invalid SANITIZE class');
}
}
...@@ -87,14 +87,14 @@ class StoreTest extends \PHPUnit_Framework_TestCase { ...@@ -87,14 +87,14 @@ class StoreTest extends \PHPUnit_Framework_TestCase {
public function testGetVarStoreClient() { public function testGetVarStoreClient() {