Commit ed1865bf authored by Carsten  Rose's avatar Carsten Rose
Browse files

Refs #6914. First implemention of customized typeMessageViolation.

parent c384b8d5
Pipeline #1418 passed with stage
in 2 minutes and 27 seconds
......@@ -95,6 +95,9 @@ const SANITIZE_ALLOW_NUMERICAL_MESSAGE = 'Allowed characters: 0...9 and .+-';
const SANITIZE_ALLOW_EMAIL_MESSAGE = 'Requested format: string@domain.tld';
const SANITIZE_ALLOW_ALLBUT_MESSAGE = 'Forbidden characters: ^[]{}%\#';
const SANITIZE_TYPE_MESSAGE_VIOLATE_EMPTY = 'e';
const SANITIZE_TYPE_MESSAGE_VIOLATE_ZERO = '0';
const SANITIZE_TYPE_MESSAGE_VIOLATE_CLASS = 'c';
const PATTERN_ALNUMX = '^[@\-_\.,;: \/\(\)a-zA-Z0-9ÀÈÌÒÙàèìòùÁÉÍÓÚÝáéíóúýÂÊÎÔÛâêîôûÃÑÕãñõÄËÏÖÜŸäëïöüÿç]*$';
const PATTERN_DIGIT = '^[\d]*$';
......
......@@ -14,6 +14,7 @@ require_once(__DIR__ . '/../core/store/Store.php');
require_once(__DIR__ . '/../core/database/Database.php');
require_once(__DIR__ . '/helper/Support.php');
require_once(__DIR__ . '/helper/OnString.php');
require_once(__DIR__ . '/helper/KeyValueStringParser.php');
require_once(__DIR__ . '/report/Link.php');
const EVALUATE_DB_INDEX_DEFAULT = 0;
......@@ -88,11 +89,11 @@ class Evaluate {
$arr = array();
// In case there is an Element 'fillStoreVar', process that first.
if(!empty($tokenArray[FE_FILL_STORE_VAR]) && is_string($tokenArray[FE_FILL_STORE_VAR])){
if (!empty($tokenArray[FE_FILL_STORE_VAR]) && is_string($tokenArray[FE_FILL_STORE_VAR])) {
$arr=$this->parse($tokenArray[FE_FILL_STORE_VAR], ROW_REGULAR, 0, $debugStack);
if(!empty($arr)){
$this->store::appendToStore($arr[0],STORE_VAR);
$arr = $this->parse($tokenArray[FE_FILL_STORE_VAR], ROW_REGULAR, 0, $debugStack);
if (!empty($arr)) {
$this->store::appendToStore($arr[0], STORE_VAR);
}
unset($tokenArray[FE_FILL_STORE_VAR]);
}
......@@ -276,9 +277,9 @@ class Evaluate {
* Tries to substitute $token.
* Token might be:
* a) a SQL statement to fire
* b) fetch from a store. Syntax: 'form', 'form:C', 'form:SC0', 'form:S:alnumx', 'form:F:all:s','form:F:all:s:default'
* b) fetch from a store. Syntax: '\[db index\]form:[store]:[sanitize]:[escape]:[default]:[type violate message]', ''
*
* The token have to be _without_ Delimiter '{{' , '}}'
* The token have to be *without* Delimiter '{{' , '}}'
* If neither a) or b) match, return the token itself.
*
* @param string $token
......@@ -315,6 +316,7 @@ class Evaluate {
return '';
}
// Get SQL column / row separated
if ($token[0] === '!') {
$token = trim(substr($token, 1));
$sqlMode = ROW_REGULAR;
......@@ -349,14 +351,14 @@ class Evaluate {
}
}
// explode for: <key>:<store priority>:<sanitize class>:<escape>:<default>
$arrToken = explode(':', $token, 5);
$arrToken = array_merge($arrToken, [null, null, null, null, null]); // fake isset()
// explode for: <key>:<store priority>:<sanitize class>:<escape>:<default>:<type violate message>
$arrToken = array_merge(KeyValueStringParser::explodeEscape(':', $token, 6), [null, null, null, null, null, null]);
$escapeTypes = (empty($arrToken[3])) ? $this->escapeTypeDefault : $arrToken[3];
$typeMessageViolate = ($arrToken[5] === null || $arrToken[5] === '') ? SANITIZE_TYPE_MESSAGE_VIOLATE_CLASS : $arrToken[5];
// search for value in stores
$value = $this->store->getVar($arrToken[0], $arrToken[1], $arrToken[2], $foundInStore);
$value = $this->store->getVar($arrToken[0], $arrToken[1], $arrToken[2], $foundInStore, $typeMessageViolate);
// escape ticks
if (is_string($value)) {
......@@ -385,7 +387,7 @@ class Evaluate {
case TOKEN_ESCAPE_NONE: // do nothing
break;
default:
throw new UserFormException("Unknown Escape qualifier: $escape", UNKNOWN_TYPE);
throw new UserFormException("Unknown escape qualifier: $escape", UNKNOWN_TYPE);
break;
}
}
......
......@@ -23,11 +23,11 @@ require_once(__DIR__ . '/../../core/Constants.php');
class Sanitize {
private static $sanitizePattern = [
SANITIZE_ALLOW_ALNUMX => PATTERN_ALNUMX, // ':alnum:' does not work here in FF
SANITIZE_ALLOW_ALNUMX => PATTERN_ALNUMX, // ':alnum:' does not work here in FF
SANITIZE_ALLOW_DIGIT => PATTERN_DIGIT,
SANITIZE_ALLOW_NUMERICAL => PATTERN_NUMERICAL,
SANITIZE_ALLOW_EMAIL => PATTERN_EMAIL,
SANITIZE_ALLOW_ALLBUT => PATTERN_ALLBUT,
SANITIZE_ALLOW_ALLBUT => PATTERN_ALLBUT,
SANITIZE_ALLOW_ALL => PATTERN_ALL,
SANITIZE_ALLOW_PATTERN => '',
];
......@@ -37,7 +37,7 @@ class Sanitize {
SANITIZE_ALLOW_DIGIT => SANITIZE_ALLOW_DIGIT_MESSAGE,
SANITIZE_ALLOW_NUMERICAL => SANITIZE_ALLOW_NUMERICAL_MESSAGE,
SANITIZE_ALLOW_EMAIL => SANITIZE_ALLOW_EMAIL_MESSAGE,
SANITIZE_ALLOW_ALLBUT => SANITIZE_ALLOW_ALLBUT_MESSAGE,
SANITIZE_ALLOW_ALLBUT => SANITIZE_ALLOW_ALLBUT_MESSAGE,
SANITIZE_ALLOW_ALL => '',
SANITIZE_ALLOW_PATTERN => F_FE_DATA_PATTERN_ERROR_DEFAULT,
];
......@@ -48,7 +48,13 @@ class Sanitize {
/**
* Check $value against given checkType/pattern. If check succeed, returns values.
* If check fails, depending on $mode, throws an UserException or return an empty string.
* If check fails, depending on $mode
* a) throws an UserException
* b) return message:
* $typeMessageViolate=SANITIZE_TYPE_MESSAGE_VIOLATE_EMPTY - return empty string
* $typeMessageViolate=SANITIZE_TYPE_MESSAGE_VIOLATE_ZERO - return '0'
* $typeMessageViolate=SANITIZE_TYPE_MESSAGE_VIOLATE_EMPTY - return '!!<sanitize class>!!'
* $typeMessageViolate=<nothing from the above> - return '$typeMessageViolate'
*
* @param string $value value to check
* @param string $sanitizeClass
......@@ -56,11 +62,13 @@ class Sanitize {
* @param string $decimalFormat with 'size,precision'
* @param string $mode SANITIZE_EXCEPTION | SANITIZE_EMPTY_STRING
* @param string $dataPatternErrorText
* @param string $typeMessageViolate SANITIZE_TYPE_MESSAGE_VIOLATE_EMPTY | SANITIZE_TYPE_MESSAGE_VIOLATE_ZERO | SANITIZE_TYPE_MESSAGE_VIOLATE_CLASS | <custom>
* @return string
* @throws CodeException
* @throws UserFormException
*/
public static function sanitize($value, $sanitizeClass = SANITIZE_DEFAULT, $pattern = '', $decimalFormat = '', $mode = SANITIZE_EMPTY_STRING, $dataPatternErrorText = '') {
public static function sanitize($value, $sanitizeClass = SANITIZE_DEFAULT, $pattern = '', $decimalFormat = '',
$mode = SANITIZE_EMPTY_STRING, $dataPatternErrorText = '', $typeMessageViolate = SANITIZE_TYPE_MESSAGE_VIOLATE_CLASS) {
$pattern = self::getInputCheckPattern($sanitizeClass, $pattern, $decimalFormat, $sanitizeMessage);
......@@ -87,7 +95,21 @@ class Sanitize {
throw new UserFormException($errorText, $errorCode);
}
return SANITIZE_VIOLATE . $sanitizeClass . SANITIZE_VIOLATE;
switch ($typeMessageViolate) {
case SANITIZE_TYPE_MESSAGE_VIOLATE_EMPTY:
$message = '';
break;
case SANITIZE_TYPE_MESSAGE_VIOLATE_ZERO:
$message = '0';
break;
case SANITIZE_TYPE_MESSAGE_VIOLATE_CLASS:
$message = SANITIZE_VIOLATE . $sanitizeClass . SANITIZE_VIOLATE;
break;
default:
$message = $typeMessageViolate;
}
return $message;
}
/**
......
......@@ -423,7 +423,7 @@ class Store {
/**
* Returns a complete $store.
*
* @param string $store STORE_SYSTEM, ...
* @param string $store STORE_SYSTEM, ...
*
* @return array
* @throws UserFormException
......@@ -664,11 +664,13 @@ class Store {
* @param string $foundInStore Returns the name of the store where $key has been found. If $key is not found,
* return ''.
*
* @param string $typeMessageViolate
* @return string|array a) if found: value, b) false. STORE_EXTRA returns an array for the given key.
* @throws CodeException
* @throws UserFormException
* @throws UserFormException SANITIZE_TYPE_MESSAGE_VIOLATE_ZERO | SANITIZE_TYPE_MESSAGE_VIOLATE_EMPTY | SANITIZE_TYPE_MESSAGE_VIOLATE_CLASS
*/
public static function getVar($key, $useStores = STORE_USE_DEFAULT, $sanitizeClass = '', &$foundInStore = '') {
public static function getVar($key, $useStores = STORE_USE_DEFAULT, $sanitizeClass = '', &$foundInStore = '',
$typeMessageViolate = SANITIZE_TYPE_MESSAGE_VIOLATE_CLASS) {
// no store specified?
if ($useStores === "" || $useStores === null) {
......@@ -719,7 +721,7 @@ class Store {
$sanitizeClass = SANITIZE_ALLOW_ALL;
}
return Sanitize::sanitize($rawVal, $sanitizeClass, '', '', SANITIZE_EMPTY_STRING);
return Sanitize::sanitize($rawVal, $sanitizeClass, '', '', SANITIZE_EMPTY_STRING, '', $typeMessageViolate);
} else {
if ($store == STORE_SIP && (substr($key, 0, $len) == SIP_PREFIX_BASE64)) {
$rawVal = base64_decode($rawVal);
......
......@@ -1325,8 +1325,8 @@ EOF;
$result = $this->report->process("10.sql = SELECT 'normal ', 'hidden' AS _hidden, 'text ' FROM Person ORDER BY id\n10.10.sql = SELECT '{{fakeDontExist:V:::not found}} '");
$this->assertEquals("normal text not found normal text not found ", $result);
$result = $this->report->process("10.sql = SELECT 'normal ', 'hidden' AS _hidden, 'text ' FROM Person ORDER BY id\n10.10.sql = SELECT '{{fakeDontExist:V:::{{EDIT_FORM_PAGE:Y}}}} '");
$this->assertEquals("normal text {{EDIT_FORM_PAGE:Y}} normal text {{EDIT_FORM_PAGE:Y}} ", $result);
$result = $this->report->process("10.sql = SELECT 'normal ', 'hidden' AS _hidden, 'text ' FROM Person ORDER BY id\n10.10.sql = SELECT '{{fakeDontExist:V:::{{editFormPage:Y}}}} '");
$this->assertEquals("normal text form normal text form ", $result);
// store various
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment