Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
typo3
qfq
Commits
e48fa888
Commit
e48fa888
authored
Feb 03, 2018
by
Carsten Rose
Browse files
Feature 4437 violate sanitize message
parent
c4f24888
Changes
3
Hide whitespace changes
Inline
Side-by-side
extension/qfq/qfq/AbstractBuildForm.php
View file @
e48fa888
...
...
@@ -1129,14 +1129,16 @@ abstract class AbstractBuildForm {
}
$attribute
.
=
$this
->
getAttributeList
(
$formElement
,
[
FE_INPUT_AUTOCOMPLETE
,
'autofocus'
,
'placeholder'
]);
$attribute
.
=
$this
->
getAttributeList
(
$formElement
,
[
F_FE_DATA_PATTERN_ERROR
,
F_FE_DATA_REQUIRED_ERROR
,
F_FE_DATA_MATCH_ERROR
,
F_FE_DATA_ERROR
]);
$attribute
.
=
Support
::
doAttribute
(
'data-load'
,
(
$formElement
[
FE_DYNAMIC_UPDATE
]
===
'yes'
)
?
'data-load'
:
''
);
$attribute
.
=
Support
::
doAttribute
(
'title'
,
$formElement
[
FE_TOOLTIP
]);
$pattern
=
Sanitize
::
getInputCheckPattern
(
$formElement
[
FE_CHECK_TYPE
],
$formElement
[
FE_CHECK_PATTERN
],
$formElement
[
FE_DECIMAL_FORMAT
]);
$pattern
=
Sanitize
::
getInputCheckPattern
(
$formElement
[
FE_CHECK_TYPE
],
$formElement
[
FE_CHECK_PATTERN
],
$formElement
[
FE_DECIMAL_FORMAT
]
,
$sanitizeMessage
);
$attribute
.
=
(
$pattern
===
''
)
?
''
:
'pattern="'
.
$pattern
.
'" '
;
if
(
empty
(
$formElement
[
F_FE_DATA_PATTERN_ERROR
]))
{
$formElement
[
F_FE_DATA_PATTERN_ERROR
]
=
$sanitizeMessage
;
};
$attribute
.
=
$this
->
getAttributeList
(
$formElement
,
[
F_FE_DATA_PATTERN_ERROR
,
F_FE_DATA_REQUIRED_ERROR
,
F_FE_DATA_MATCH_ERROR
,
F_FE_DATA_ERROR
,
FE_MIN
,
FE_MAX
]);
$attribute
.
=
Support
::
doAttribute
(
'data-load'
,
(
$formElement
[
FE_DYNAMIC_UPDATE
]
===
'yes'
)
?
'data-load'
:
''
);
$attribute
.
=
Support
::
doAttribute
(
'title'
,
$formElement
[
FE_TOOLTIP
]);
$attribute
.
=
$this
->
getAttributeList
(
$formElement
,
[
FE_MIN
,
FE_MAX
]);
$attribute
.
=
$this
->
getAttributeFeMode
(
$formElement
[
FE_MODE
],
false
);
...
...
@@ -3113,7 +3115,7 @@ abstract class AbstractBuildForm {
$attribute
.
=
Support
::
doAttribute
(
'data-load'
,
(
$formElement
[
FE_DYNAMIC_UPDATE
]
===
'yes'
)
?
'data-load'
:
''
);
$attribute
.
=
Support
::
doAttribute
(
'title'
,
$formElement
[
FE_TOOLTIP
]);
$pattern
=
Sanitize
::
getInputCheckPattern
(
$formElement
[
FE_CHECK_TYPE
],
$formElement
[
FE_CHECK_PATTERN
]);
$pattern
=
Sanitize
::
getInputCheckPattern
(
$formElement
[
FE_CHECK_TYPE
],
$formElement
[
FE_CHECK_PATTERN
]
,
''
,
$rcSanitizeMessage
);
$attribute
.
=
(
$pattern
===
''
)
?
''
:
'pattern="'
.
$pattern
.
'" '
;
$attribute
.
=
$this
->
getAttributeList
(
$formElement
,
[
FE_MIN
,
FE_MAX
]);
...
...
extension/qfq/qfq/helper/Sanitize.php
View file @
e48fa888
...
...
@@ -22,6 +22,26 @@ require_once(__DIR__ . '/../../qfq/Constants.php');
*/
class
Sanitize
{
private
static
$sanitizePattern
=
[
SANITIZE_ALLOW_ALNUMX
=>
'^[@\-_\.,;: \/\(\)a-zA-Z0-9ÀÈÌÒÙàèìòùÁÉÍÓÚÝáéíóúýÂÊÎÔÛâêîôûÃÑÕãñõÄËÏÖÜŸäëïöüÿç]*$'
,
// ':alnum:' does not work here in FF
SANITIZE_ALLOW_DIGIT
=>
'^[\d]*$'
,
SANITIZE_ALLOW_NUMERICAL
=>
'^[\d.+-]*$'
,
SANITIZE_ALLOW_EMAIL
=>
'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
,
SANITIZE_ALLOW_PATTERN
=>
''
,
SANITIZE_ALLOW_ALLBUT
=>
'^[^\[\]{}%&\\\\#]*$'
,
SANITIZE_ALLOW_ALL
=>
'.*'
,
];
private
static
$sanitizeMessage
=
[
SANITIZE_ALLOW_ALNUMX
=>
'Allowed characters: 0...9, [latin character], @-_.m;: /()'
,
SANITIZE_ALLOW_DIGIT
=>
'Allowed characters: 0...9'
,
SANITIZE_ALLOW_NUMERICAL
=>
'Allowed characters: 0...9 and .+-'
,
SANITIZE_ALLOW_EMAIL
=>
'Requested format: string@domain'
,
SANITIZE_ALLOW_PATTERN
=>
'Please match the requested format'
,
SANITIZE_ALLOW_ALLBUT
=>
'Forbidden characters: ^[]{}%&\#'
,
SANITIZE_ALLOW_ALL
=>
''
,
];
private
function
__construct
()
{
// Class should never be instantiated
...
...
@@ -42,7 +62,8 @@ class Sanitize {
* @throws \qfq\CodeException
*/
public
static
function
sanitize
(
$value
,
$sanitizeClass
=
SANITIZE_DEFAULT
,
$pattern
=
''
,
$decimalFormat
=
''
,
$mode
=
SANITIZE_EMPTY_STRING
)
{
$pattern
=
self
::
getInputCheckPattern
(
$sanitizeClass
,
$pattern
,
$decimalFormat
);
$pattern
=
self
::
getInputCheckPattern
(
$sanitizeClass
,
$pattern
,
$decimalFormat
,
$dummy
);
// Pattern check
if
(
$pattern
===
''
||
preg_match
(
"/
$pattern
/"
,
$value
)
===
1
)
{
...
...
@@ -65,10 +86,12 @@ class Sanitize {
* @param string $pattern
* @param string $decimalFormat e.g. "10,2"
*
* @param string $rcSanitizeMessage Message specific to a pattern
* @return string
* @throws CodeException
*/
public
static
function
getInputCheckPattern
(
$checkType
=
SANITIZE_DEFAULT
,
$pattern
=
''
,
$decimalFormat
=
''
)
{
public
static
function
getInputCheckPattern
(
$checkType
=
SANITIZE_DEFAULT
,
$pattern
=
''
,
$decimalFormat
=
''
,
&
$rcSanitizeMessage
)
{
switch
(
$checkType
)
{
case
SANITIZE_ALLOW_PATTERN
:
return
$pattern
;
...
...
@@ -82,19 +105,21 @@ class Sanitize {
case
SANITIZE_ALLOW_EMAIL
:
case
SANITIZE_ALLOW_ALNUMX
:
case
SANITIZE_ALLOW_ALLBUT
:
$arr
=
self
::
inputCheckPatternArray
();
$pattern
=
$arr
[
$checkType
];
$pattern
=
self
::
$sanitizePattern
[
$checkType
];
break
;
default
:
throw
new
CodeException
(
"Unknown checkType: "
.
$checkType
,
ERROR_UNKNOWN_CHECKTYPE
);
}
$rcSanitizeMessage
=
self
::
$sanitizeMessage
[
$checkType
];
// decimalFormat
if
(
$decimalFormat
!=
''
&&
$checkType
!==
SANITIZE_ALLOW_DIGIT
)
{
// overwrite pattern with decimalFormat pattern
$decimalFormatArray
=
explode
(
','
,
$decimalFormat
);
$pattern
=
"^-?[0-9]{0,"
.
(
$decimalFormatArray
[
0
]
-
$decimalFormatArray
[
1
])
.
"}(\.[0-9]
{
0,$decimalFormatArray[1]
}
)?$"
;
$rcSanitizeMessage
=
"Requested decimal format (mantis,decimal):
$decimalFormat
"
;
}
return
$pattern
;
...
...
@@ -136,22 +161,6 @@ class Sanitize {
return
''
;
}
/**
* @return array
*/
public
static
function
inputCheckPatternArray
()
{
//EMail Regex: http://www.regular-expressions.info/email.html
return
[
SANITIZE_ALLOW_ALNUMX
=>
'^[@\-_\.,;: \/\(\)a-zA-Z0-9ÀÈÌÒÙàèìòùÁÉÍÓÚÝáéíóúýÂÊÎÔÛâêîôûÃÑÕãñõÄËÏÖÜŸäëïöüÿç]*$'
,
// ':alnum:' does not work here in FF
SANITIZE_ALLOW_DIGIT
=>
'^[\d]*$'
,
SANITIZE_ALLOW_NUMERICAL
=>
'^[\d.+-]*$'
,
SANITIZE_ALLOW_EMAIL
=>
'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
,
SANITIZE_ALLOW_PATTERN
=>
''
,
SANITIZE_ALLOW_ALLBUT
=>
'^[^\[\]{}%&\\\\#]*$'
,
SANITIZE_ALLOW_ALL
=>
'.*'
,
];
}
/**
* Sanitizes a filename. Copied from http://www.phpit.net/code/filename-safe/
*
...
...
extension/qfq/tests/phpunit/BuildFormPlainTest.php
View file @
e48fa888
...
...
@@ -117,13 +117,13 @@ class BuildFormPlainTest extends AbstractDatabaseTest {
$formElement
[
FE_CHECK_TYPE
]
=
SANITIZE_ALLOW_DIGIT
;
$formElement
[
FE_CHECK_PATTERN
]
=
''
;
$result
=
$build
->
buildInput
(
$formElement
,
'name:1'
,
''
,
$json
);
$this
->
assertEquals
(
'<input id="123" name="name:1" class="form-control" maxlength="255" type="input" value="" pattern="^[\d]*$" data-hidden="no" data-required="no" ><div class="help-block with-errors hidden"></div>'
,
$result
);
$this
->
assertEquals
(
'<input id="123" name="name:1" class="form-control" maxlength="255" type="input" value="" pattern="^[\d]*$"
data-pattern-error="Allowed characters: 0...9"
data-hidden="no" data-required="no" ><div class="help-block with-errors hidden"></div>'
,
$result
);
$this
->
assertEquals
([
'disabled'
=>
false
,
FE_MODE_REQUIRED
=>
''
,
'form-element'
=>
'name:1'
,
'value'
=>
''
,
'disabled'
=>
false
,
API_ELEMENT_UPDATE
=>
$label
],
$json
);
$formElement
[
FE_CHECK_TYPE
]
=
SANITIZE_ALLOW_EMAIL
;
$formElement
[
FE_CHECK_PATTERN
]
=
''
;
$result
=
$build
->
buildInput
(
$formElement
,
'name:1'
,
''
,
$json
);
$this
->
assertEquals
(
'<input id="123" name="name:1" class="form-control" maxlength="255" type="input" value="" pattern="^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$" data-hidden="no" data-required="no" ><div class="help-block with-errors hidden"></div>'
,
$result
);
$this
->
assertEquals
(
'<input id="123" name="name:1" class="form-control" maxlength="255" type="input" value="" pattern="^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$"
data-pattern-error="Requested format: string@domain"
data-hidden="no" data-required="no" ><div class="help-block with-errors hidden"></div>'
,
$result
);
$this
->
assertEquals
([
'disabled'
=>
false
,
FE_MODE_REQUIRED
=>
''
,
'form-element'
=>
'name:1'
,
'value'
=>
''
,
'disabled'
=>
false
,
API_ELEMENT_UPDATE
=>
$label
],
$json
);
$formElement
[
FE_CHECK_TYPE
]
=
SANITIZE_ALLOW_ALL
;
...
...
@@ -133,7 +133,7 @@ class BuildFormPlainTest extends AbstractDatabaseTest {
// Decimal format
$formElement
[
FE_DECIMAL_FORMAT
]
=
'5,2'
;
$result
=
$build
->
buildInput
(
$formElement
,
'name:1'
,
''
,
$json
);
$this
->
assertEquals
(
'<input id="123" name="name:1" class="form-control" maxlength="255" type="input" value="" pattern="^-?[0-9]{0,3}(\.[0-9]{0,2})?$" data-hidden="no" data-required="no" ><div class="help-block with-errors hidden"></div>'
,
$result
);
$this
->
assertEquals
(
'<input id="123" name="name:1" class="form-control" maxlength="255" type="input" value="" pattern="^-?[0-9]{0,3}(\.[0-9]{0,2})?$"
data-pattern-error="Requested decimal format (mantis,decimal): 5,2"
data-hidden="no" data-required="no" ><div class="help-block with-errors hidden"></div>'
,
$result
);
$this
->
assertEquals
([
'disabled'
=>
false
,
FE_MODE_REQUIRED
=>
''
,
'form-element'
=>
'name:1'
,
'value'
=>
''
,
'disabled'
=>
false
,
API_ELEMENT_UPDATE
=>
$label
],
$json
);
$formElement
[
FE_DECIMAL_FORMAT
]
=
''
;
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment