Commit b84c83dd authored by bbaer's avatar bbaer
Browse files

Merge remote-tracking branch 'origin/master' into punktetool

parents 8f83790f 06e1392b
......@@ -37,6 +37,39 @@ Bug Fixes
^^^^^^^^^
Version 0.25.11
---------------
Date: 31.01.2018
Notes
^^^^^
* Violating a sanitize class now returns '!!<sanitize class>!!' instead of an empty string.
Features
^^^^^^^^
* #5022 / Variable violates sanatize class: 'msg' instead of empty string - new identifier "!!<sanitize class>!!"
* #4813 / Exception during form load: show 'form edit link' if editor is logged in.
* formEditor.sql: Increas size of Form.title to give more room for SQL statements in.
* Manual.rst: enhance debug tipps.
* #5321 / Plain Link - render mode- only url - implemented
* Add regex101 link to checkPattern FormEditor
Bug Fixes
^^^^^^^^^
* Fixed some broken help links in formEditor.sql.
* #5306 / Exception: tt_content_uid wrong - fixed
* #4303 - Download von doc/docx-Dateien / Download.php - Mime type wird nicht mehr an Dateiname angehängt
* #5316 / Help on how to send an E-Mail is wrong - several places fixed.
* #5311 / Error Msg SLQ_RAW != SQL_FINAL: Debug message shows outdated SQL_RAW
* #5309 / min/max broken for date fields. Add min/max attributes to input and date input tag
* Fabric now detects 'dirty'
* Manual.rst: Remove broken link to W3C file upload.
Version 0.25.10
---------------
......@@ -94,7 +127,7 @@ Features
Bug Fixes
^^^^^^^^^
* Bug in sendeEmail: invalid SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 575. Patch for sendEmail (see https://unix.stackexchange.com/a/68952).
* Bug in sendEmail: invalid SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 575. Patch for sendEmail (see https://unix.stackexchange.com/a/68952).
Version 0.25.8
......
......@@ -47,8 +47,8 @@ Neue Versionsnummer
6) **New Tag**:
git tag v0.25.10
git push -u origin v0.25.10
git tag v0.25.11a
git push -u origin v0.25.11a
7) PhpStorm: **Sync** all files to VM qfq.
......
......@@ -983,10 +983,6 @@ Only in FormElement:
+------------------+------+-------+-----------------------------------------------------------------------------------------+
| **email** | Form | Query | [a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,} |
+------------------+------+-------+-----------------------------------------------------------------------------------------+
| **min|max** | Form | | Compares the value against an lower and upper limit (numeric or string). |
+------------------+------+-------+-----------------------------------------------------------------------------------------+
| **min|max date** | Form | | Compares the value against an lower and upper date or datetime. |
+------------------+------+-------+-----------------------------------------------------------------------------------------+
| **pattern** | Form | | Compares the value against a regexp. |
+------------------+------+-------+-----------------------------------------------------------------------------------------+
......@@ -2327,7 +2323,6 @@ Fields:
+---------------------+-----------------------------+-----------------------------------------------------------------------------------------------------+
|Check Type | enum('alnumx','digit', | _`field-checktype` |
| | 'numerical','email', | |
| | 'min|max','min|max date', | |
| | 'pattern','allbut','all') | |
+---------------------+-----------------------------+-----------------------------------------------------------------------------------------------------+
|Check Pattern | 'regexp' |_`field-checkpattern`: If $checkType=='pattern': pattern to match |
......@@ -2495,6 +2490,12 @@ See also at specific *FormElement* definitions.
+------------------------+--------+----------------------------------------------------------------------------------------------------------+
| fillStoreVar | string | Fill the STORE_VAR with custom values. See `STORE_VARS`_. |
+------------------------+--------+----------------------------------------------------------------------------------------------------------+
| min | s/d/n | Minimum and/or maximum allowed values for input field. Can be used for numbers, dates, or strings. |
+------------------------+--------+ |
| max | s/d/n | *Always use the international format 'yyyy-mm-dd[ hh:mm[:ss]]* |
+------------------------+--------+----------------------------------------------------------------------------------------------------------+
* `s/d/n`: string or date or number.
Effect matrix
......@@ -3105,8 +3106,6 @@ Type: time
Type: upload
^^^^^^^^^^^^
* See: https://www.w3.org/TR/html5/forms.html#file-upload-state-(type=file)
An upload element is based on a 'file browse'-button and a 'trash'-button (=delete). Only one of them is shown at a time.
The 'file browse'-button is displayed, if there is no file uploaded already.
The 'trash'-button is displayed, if there is a file uploaded already.
......@@ -3224,9 +3223,8 @@ Requires: *'upload'-FormElement.name = 'column name'* of an column in the primar
After moving the file to `fileDestination`, the current record/column will be updated to `fileDestination`.
The database definition of the named column has to be a string variant (varchar, text but not numeric or else).
On form load, the column value will be displayed,
On form load, the column value will be displayed as the whole value (pathFileName)
* as the whole value (pathFileName)
Deleting an uploaded file in the form (by clicking on the trash near beside) will delete
the file on the filesystem as well. The column will be updated to an empty string.
......@@ -4834,7 +4832,7 @@ Column: _link
+---+---+--------------+-----------------------------------+---------------------------+----------------------------------------------------------------------------------------------------------------------------------------+
| | |Text |t:<text> |t:Firstname Lastname |- |
+---+---+--------------+-----------------------------------+---------------------------+----------------------------------------------------------------------------------------------------------------------------------------+
| | |Render |r:<mode> |r:[0-5] |See: `render-mode`_, Default: 0 |
| | |Render |r:<mode> |r:3 |See: `render-mode`_, Default: 0 |
+---+---+--------------+-----------------------------------+---------------------------+----------------------------------------------------------------------------------------------------------------------------------------+
| | |Button |b[:0|1|<btn class>] | b:0, b:1, b:success |'b', 'b:1': a bootstrap button is created. 'b:0' disable the button. <btn class>: default, primary, success, info, warning,danger |
+---+---+--------------+-----------------------------------+---------------------------+----------------------------------------------------------------------------------------------------------------------------------------+
......@@ -5289,27 +5287,27 @@ The colum name is composed of the string *page* and a trailing character to spec
* Optional set of predefined icons.
* Optional set of dialog boxes.
+-------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
| Parameter | Description | Default value |Example |
+=============+=================================================================================================+==========================================================+===============================================================+
|<page> |TYPO3 page id or page alias. |The current page: *{{pageId}}* |45 application application&N_param1=1045 |
+-------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<text> |Text, wrapped by the link. If there is an icon, text will be displayed to the right of it. |empty string | |
+-------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<tooltip> |Text to appear as a ToolTip |empty string | |
+-------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<question> |If there is a question text given, an alert will be opened. Only if the user clicks on 'ok', |**Expected "=" to follow "see"** | |
| |the link will be called | | |
+-------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<class> |CSS Class for the <a> tag | | |
| | | | |
+-------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<target> |Parameter for HTML 'target='. F.e.: Opens a new window |empty |P |
+-------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<rendermode> |Show/render a link at all or not. See `render-mode`_ 0-5 | | |
+-------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<create sip> |s | |'s': create a SIP |
+-------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
+--------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
| Parameter | Description | Default value |Example |
+==============+=================================================================================================+==========================================================+===============================================================+
|<page> |TYPO3 page id or page alias. |The current page: *{{pageId}}* |45 application application&N_param1=1045 |
+--------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<text> |Text, wrapped by the link. If there is an icon, text will be displayed to the right of it. |empty string | |
+--------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<tooltip> |Text to appear as a ToolTip |empty string | |
+--------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<question> |If there is a question text given, an alert will be opened. Only if the user clicks on 'ok', |**Expected "=" to follow "see"** | |
| |the link will be called | | |
+--------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<class> |CSS Class for the <a> tag | | |
| | | | |
+--------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<target> |Parameter for HTML 'target='. F.e.: Opens a new window |empty |P |
+--------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<render mode> |Show/render a link at all or not. See `render-mode`_ | | |
+--------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
|<create sip> |s | |'s': create a SIP |
+--------------+-------------------------------------------------------------------------------------------------+----------------------------------------------------------+---------------------------------------------------------------+
.. _column_paged:
......@@ -5926,8 +5924,13 @@ QFQ CSS Classes
---------------
* `qfq-table-50`, `qfq-table-80`, `qfq-table-100` - set min-width and column width to 'auto'
* Background Color: `qfq-color-grey-1`, `qfq-color-grey-2` (table, row, cell)
* `qfq-100`: Makes an element 'width: 100%'.
* `qfq-left`: Text align left.
Bootstrap
'''''''''
* Table: `table`
* Table > hover: `table-hover`
* Table > condensed: `table-condensed`
......@@ -5937,9 +5940,9 @@ E.g.::
10.sql = SELECT id, name, firstName, ...
10.head = <table class='table table-condensed qfq-table-50'>
* `qfq-full-width-left` - makes e.g. a button full width and aligns the text left. ::
* `qfq-100`, `qfq-left` - makes e.g. a button full width and aligns the text left. ::
10.sql = SELECT "p:home&r=0|t:Home|c:qfq-full-width-left" AS _pagev
10.sql = SELECT "p:home&r=0|t:Home|c:qfq-100 qfq-left" AS _pagev
Examples
--------
......
......@@ -37,6 +37,39 @@ Bug Fixes
^^^^^^^^^
Version 0.25.11
---------------
Date: 31.01.2018
Notes
^^^^^
* Violating a sanitize class now returns '!!<sanitize class>!!' instead of an empty string.
Features
^^^^^^^^
* #5022 / Variable violates sanatize class: 'msg' instead of empty string - new identifier "!!<sanitize class>!!"
* #4813 / Exception during form load: show 'form edit link' if editor is logged in.
* formEditor.sql: Increas size of Form.title to give more room for SQL statements in.
* Manual.rst: enhance debug tipps.
* #5321 / Plain Link - render mode- only url - implemented
* Add regex101 link to checkPattern FormEditor
Bug Fixes
^^^^^^^^^
* Fixed some broken help links in formEditor.sql.
* #5306 / Exception: tt_content_uid wrong - fixed
* #4303 - Download von doc/docx-Dateien / Download.php - Mime type wird nicht mehr an Dateiname angehängt
* #5316 / Help on how to send an E-Mail is wrong - several places fixed.
* #5311 / Error Msg SLQ_RAW != SQL_FINAL: Debug message shows outdated SQL_RAW
* #5309 / min/max broken for date fields. Add min/max attributes to input and date input tag
* Fabric now detects 'dirty'
* Manual.rst: Remove broken link to W3C file upload.
Version 0.25.10
---------------
......@@ -94,7 +127,7 @@ Features
Bug Fixes
^^^^^^^^^
* Bug in sendeEmail: invalid SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 575. Patch for sendEmail (see https://unix.stackexchange.com/a/68952).
* Bug in sendEmail: invalid SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 575. Patch for sendEmail (see https://unix.stackexchange.com/a/68952).
Version 0.25.8
......
......@@ -3,7 +3,7 @@
project = QFQ - Quick Form Query
version = 0.25
release = 0.25.10
release = 0.25.11a
t3author = Carsten Rose
copyright = since 2017 by the author
......
......@@ -59,7 +59,7 @@ copyright = u'2017, Carsten Rose'
# The short X.Y version.
version = '0.25'
# The full version, including alpha/beta/rc tags.
release = '0.25.10'
release = '0.25.11a'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
......
......@@ -37,6 +37,39 @@ Bug Fixes
^^^^^^^^^
Version 0.25.11
---------------
Date: 31.01.2018
Notes
^^^^^
* Violating a sanitize class now returns '!!<sanitize class>!!' instead of an empty string.
Features
^^^^^^^^
* #5022 / Variable violates sanatize class: 'msg' instead of empty string - new identifier "!!<sanitize class>!!"
* #4813 / Exception during form load: show 'form edit link' if editor is logged in.
* formEditor.sql: Increas size of Form.title to give more room for SQL statements in.
* Manual.rst: enhance debug tipps.
* #5321 / Plain Link - render mode- only url - implemented
* Add regex101 link to checkPattern FormEditor
Bug Fixes
^^^^^^^^^
* Fixed some broken help links in formEditor.sql.
* #5306 / Exception: tt_content_uid wrong - fixed
* #4303 - Download von doc/docx-Dateien / Download.php - Mime type wird nicht mehr an Dateiname angehängt
* #5316 / Help on how to send an E-Mail is wrong - several places fixed.
* #5311 / Error Msg SLQ_RAW != SQL_FINAL: Debug message shows outdated SQL_RAW
* #5309 / min/max broken for date fields. Add min/max attributes to input and date input tag
* Fabric now detects 'dirty'
* Manual.rst: Remove broken link to W3C file upload.
Version 0.25.10
---------------
......@@ -94,7 +127,7 @@ Features
Bug Fixes
^^^^^^^^^
* Bug in sendeEmail: invalid SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 575. Patch for sendEmail (see https://unix.stackexchange.com/a/68952).
* Bug in sendEmail: invalid SSL_version specified at /usr/share/perl5/IO/Socket/SSL.pm line 575. Patch for sendEmail (see https://unix.stackexchange.com/a/68952).
Version 0.25.8
......
......@@ -10,6 +10,6 @@ $EM_CONF[$_EXTKEY] = array(
'dependencies' => 'fluid,extbase',
'clearcacheonload' => true,
'state' => 'alpha',
'version' => '0.25.10'
'version' => '0.25.11a'
);
......@@ -1130,6 +1130,7 @@ abstract class AbstractBuildForm {
$attribute .= Support::doAttribute('data-load', ($formElement[FE_DYNAMIC_UPDATE] === 'yes') ? 'data-load' : '');
$attribute .= Support::doAttribute('title', $formElement[FE_TOOLTIP]);
$attribute .= $this->getInputCheckPattern($formElement[FE_CHECK_TYPE], $formElement[FE_CHECK_PATTERN]);
$attribute .= $this->getAttributeList($formElement, [FE_MIN, FE_MAX]);
$attribute .= $this->getAttributeFeMode($formElement[FE_MODE], false);
......@@ -1399,16 +1400,6 @@ abstract class AbstractBuildForm {
}
switch ($type) {
case SANITIZE_ALLOW_MIN_MAX:
case SANITIZE_ALLOW_MIN_MAX_DATE:
$arrData = explode("|", $data);
if (count($arrData) != 2 || $arrData[0] == '' || $arrData[1] == '')
throw new UserFormException("Missing MIN|MAX values", ERROR_MISSING_MIN_MAX);
$attribute = 'min="' . $arrData[0] . '" ';
$attribute .= 'max="' . $arrData[1] . '" ';
break;
case SANITIZE_ALLOW_PATTERN:
$attribute = 'pattern="' . $data . '" ';
break;
......@@ -2913,6 +2904,10 @@ abstract class AbstractBuildForm {
$link = new Link($this->sip);
$value = $link->renderLink('s|M:file|d|F:' . $value . '|' . $formElement[FE_FILE_DOWNLOAD_BUTTON]);
} else {
// In case debugging is off: showing download button means 'never show the real pathfilename'
if (!$this->showDebugInfoFlag) {
$value = '';
}
$value .= " - file not found, please check field 'value'";
}
}
......@@ -3087,8 +3082,6 @@ abstract class AbstractBuildForm {
$attribute .= Support::doAttribute('name', $htmlFormElementName);
$attribute .= Support::doAttribute('class', 'form-control');
$arrMinMax = null;
$this->adjustMaxLength($formElement);
$showTime = ($formElement[FE_TYPE] == 'time' || $formElement[FE_TYPE] == 'datetime') ? 1 : 0;
if ($value == 'CURRENT_TIMESTAMP') {
......@@ -3104,12 +3097,6 @@ abstract class AbstractBuildForm {
case SANITIZE_ALLOW_PATTERN:
$formElement[FE_CHECK_PATTERN] = $tmpPattern;
break;
case SANITIZE_ALLOW_MIN_MAX_DATE:
$arrMinMax = explode('|', $formElement[FE_CHECK_PATTERN], 2);
if (count($arrMinMax) != 2) {
throw new UserFormException('Missing min|max definition', ERROR_MISSING_MIN_MAX);
}
break;
case SANITIZE_ALLOW_ALL:
case SANITIZE_ALLOW_ALNUMX:
case SANITIZE_ALLOW_ALLBUT:
......@@ -3161,11 +3148,7 @@ abstract class AbstractBuildForm {
$attribute .= Support::doAttribute('data-load', ($formElement[FE_DYNAMIC_UPDATE] === 'yes') ? 'data-load' : '');
$attribute .= Support::doAttribute('title', $formElement[FE_TOOLTIP]);
$attribute .= $this->getInputCheckPattern($formElement[FE_CHECK_TYPE], $formElement[FE_CHECK_PATTERN]);
if (is_array($arrMinMax)) {
$attribute .= Support::doAttribute('min', $arrMinMax[0]);
$attribute .= Support::doAttribute('max', $arrMinMax[1]);
}
$attribute .= $this->getAttributeList($formElement, [FE_MIN, FE_MAX]);
$json = $this->getFormElementForJson($htmlFormElementName, $value, $formElement);
......
......@@ -146,8 +146,6 @@ const ERROR_UNKNOWN_FORWARD_MODE = 1036;
const ERROR_MISSING_HIDDEN_FIELD_IN_SIP = 1038;
const ERROR_MISSING_MIN_MAX = 1040;
const ERROR_MIN_MAX_VIOLATION = 1041;
const ERROR_UNKNOWN_CHECKTYPE = 1042;
const ERROR_PATTERN_VIOLATION = 1043;
const ERROR_RECORDID_0_FORBIDDEN = 1044;
......@@ -188,6 +186,8 @@ const ERROR_QFQ_VERSION = 1079;
const ERROR_PLAY_SQL_FILE = 1080;
const ERROR_MISSING_FILE_NAME = 1081;
const ERROR_MAX_FILE_SIZE_TOO_BIG = 1082;
const ERROR_SMALLER_THAN_MIN = 1083;
const ERROR_LARGER_THAN_MAX = 1084;
// Subrecord
const ERROR_SUBRECORD_MISSING_COLUMN_ID = 1100;
......@@ -965,6 +965,9 @@ const FE_IMAGE_CUT_ORIGINAL_EXTENSION = '.save';
const FE_FLAG_ROW_OPEN_TAG = '_flagRowOpenTag'; // will be automatically computed during Formload: true | false
const FE_FLAG_ROW_CLOSE_TAG = '_flagRowCloseTag'; // will be automatically computed during Formload: true | false
const FE_MIN = 'min';
const FE_MAX = 'max';
const RETYPE_FE_NAME_EXTENSION = 'RETYPE';
const TYPEAHEAD_PLACEHOLDER = '?';
......
......@@ -58,7 +58,7 @@ class Evaluate {
}
/**
* Evaluate a whole array or a array of arrays.
* Evaluate a whole array or an array of arrays.
*
* @param $tokenArray
* @param array $skip Optional Array with keynames, which will not be evaluated.
......
......@@ -654,7 +654,7 @@ class QuickFormQuery {
$formSpec = $this->eval->parseArray($form);
// Setting defaults later is to late.
// Setting defaults later is too late.
if (!isset($formSpec[F_DB_INDEX_DATA])) {
$formSpec[F_DB_INDEX_DATA] = $this->dbIndexData;
}
......
......@@ -98,6 +98,10 @@ $UPDATE_ARRAY = array(
"ALTER TABLE `FormElement` CHANGE `type` `type` ENUM( 'checkbox', 'date', 'datetime', 'dateJQW', 'datetimeJQW', 'extra', 'gridJQW', 'text', 'editor', 'annotate', 'imageCut', 'time', 'note', 'password', 'radio', 'select', 'subrecord', 'upload', 'fieldset', 'pill', 'templateGroup', 'beforeLoad', 'beforeSave', 'beforeInsert', 'beforeUpdate', 'beforeDelete', 'afterLoad', 'afterSave', 'afterInsert', 'afterUpdate', 'afterDelete', 'sendMail', 'paste' ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'text';",
],
'0.25.11' => [
"UPDATE FormElement SET checkType = 'alnumx', checkPattern = '', parameter = CONCAT(parameter, '\nmin = ', SUBSTRING_INDEX(checkPattern, '|', 1), '\nmax = ', SUBSTRING_INDEX(checkPattern, '|', -1)) WHERE checkType LIKE 'min|max%' AND checkPattern <> ''",
"ALTER TABLE `FormElement` CHANGE `checkType` `checkType` ENUM('alnumx','digit','numerical','email','pattern','allbut','all') CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT 'alnumx';",
],
);
......
......@@ -112,7 +112,7 @@ class AbstractException extends \Exception {
}
}
$debug = "<table border=1>" . $debug . "</table>";
$debug = '<table border=1 class="qfq-table-100">' . $debug . "</table>";
}
$html = "<h2>Error</h2>" . Support::wrapTag('<p>', $html . $htmlForm);
......
......@@ -32,71 +32,18 @@ class Sanitize {
* If check fails, depending on $mode, throws an UserException or return an empty string.
*
* @param string $value value to check
* @param string $sanitizeClass SANITIZE_ALLOW_*
* @param string $patternOrRange Pattern as regexp or MIN|MAX values
* @param string $sanitizeClass
* @param string $pattern Pattern as regexp
* @param string $mode SANITIZE_EXCEPTION | SANITIZE_EMPTY_STRING
*
* @return string
* @throws UserFormException
* @throws \qfq\CodeException
*/
public static function sanitize($value, $sanitizeClass = SANITIZE_DEFAULT, $patternOrRange = '', $mode = SANITIZE_EMPTY_STRING) {
$pattern = '';
$minMax = array();
$valueCompare = '';
$errorCode = 0;
$errorText = '';
// Prepare MIN|MAX
public static function sanitize($value, $sanitizeClass = SANITIZE_DEFAULT, $pattern = '', $mode = SANITIZE_EMPTY_STRING) {
// Prepare pattern check
switch ($sanitizeClass) {
case SANITIZE_ALLOW_MIN_MAX:
$minMax = explode('|', $patternOrRange);
$valueCompare = $value;
break;
case SANITIZE_ALLOW_MIN_MAX_DATE:
$minMax = explode('|', $patternOrRange);
//TODO: hier sollten die Exceptions abgefangen werden um zwei unterschiedliche Fehlermeldungen ausgeben zu koennen:
// a) der Value verletzt die Datumsgrenzen
// b) die Definition der Grenzen ist buggy
// try {
$valueCompare = Support::dateTimeGermanToInternational($value);
// } catch (UserFormException $e) {
// throw new UserFormException("Date or time not recognized '" . $value . "' - " . $e->formatMessage(), ERROR_SANATIZE_INVALID_VALUE);
// }
// try {
$minMax[0] = Support::dateTimeGermanToInternational($minMax[0]);
$minMax[1] = Support::dateTimeGermanToInternational($minMax[1]);
// } catch (UserFormException $e) {
// throw new UserFormException("Date or time of min|max definition not recognized '" . $patternOrRange . "' - " . $e->formatMessage(), ERROR_SANATIZE_INVALID_VALUE);
// }
break;
default:
break;
}
// Prepare Check
switch ($sanitizeClass) {
case SANITIZE_ALLOW_MIN_MAX:
case SANITIZE_ALLOW_MIN_MAX_DATE:
if ($minMax[0] === '' || $minMax[1] === '') {
throw new UserFormException('Missing definition of value for min or max.', ERROR_MISSING_MIN_MAX);
}
$errorText = "Value '$value' is out of range of '$patternOrRange'.";
if ($minMax[0] <= $valueCompare && $valueCompare <= $minMax[1])
return $value;
$errorCode = ERROR_MIN_MAX_VIOLATION;
break;
case SANITIZE_ALLOW_PATTERN:
$pattern = $patternOrRange;
break;
case SANITIZE_ALLOW_DIGIT:
......@@ -105,34 +52,69 @@ class Sanitize {
case SANITIZE_ALLOW_ALNUMX:
case SANITIZE_ALLOW_ALLBUT:
$arr = self::inputCheckPatternArray();
$pattern = $arr[$sanitizeClass];
$pattern = $arr[$sanitizeClass];
break;
case SANITIZE_ALLOW_ALL: // no checktype specified.
case SANITIZE_ALLOW_ALL: // no checkType specified.
return $value;
default:
throw new CodeException("Unknown checkType: " . $sanitizeClass, ERROR_UNKNOWN_CHECKTYPE);
}
// No error until here: do a final check
if ($errorCode == 0) {
if (preg_match("/$pattern/", $value) === 1)
return $value;
else
$errorCode = ERROR_PATTERN_VIOLATION;
// Pattern check
if ($pattern === '' || preg_match("/$pattern/", $value) === 1) {
return $value;
}
// check failed
if ($mode === SANITIZE_EXCEPTION) {
if ($errorText === '')
$errorText = "Value '$value' violates checkrule " . $sanitizeClass . " with pattern '$pattern'.";
$errorCode = ERROR_PATTERN_VIOLATION;
$errorText = "Value '$value' violates checkrule " . $sanitizeClass . " with pattern '$pattern'.";
throw new UserFormException($errorText, $errorCode);
}
// check failed: return marker
return SANITIZE_VIOLATE . $sanitizeClass . SANITIZE_VIOLATE;
}
/**
* Check $value against $formElement's min/max values. If check succeeds, returns value.
* If check fails, depending on $mode, throws an UserException or return an empty string.
*
* @param string $value value to check
* @param $formElement
* @param string $mode SANITIZE_EXCEPTION | SANITIZE_EMPTY_STRING
*
* @return string
* @throws UserFormException
* @throws \qfq\CodeException
*/
public static function checkMinMax($value, $formElement, $mode = SANITIZE_EMPTY_STRING) {
$min = Support::setIfNotSet($formElement, FE_MIN);
$max = Support::setIfNotSet($formElement, FE_MAX);
$errorCode = 0;
$errorText = '';
if ($min !== '' && $value < $min) {
$errorCode = ERROR_SMALLER_THAN_MIN;
$errorText = "Value '$value' is smaller than the allowed minimum of '$min'.";
}
if ($max !== '' && $value > $max) {
$errorCode = ERROR_LARGER_THAN_MAX;
$errorText = "Value '$value' is larger than the allowed maximum of '$max'.";
}
if ($errorCode == 0)
return $value;
// check failed
if ($mode === SANITIZE_EXCEPTION) {
throw new UserFormException($errorText, $errorCode);
}
return '';
}
/**
* @return array
*/
......@@ -143,8 +125,6 @@ class Sanitize {