Commit ed9bd193 authored by Carsten  Rose's avatar Carsten Rose
Browse files

New sanatize class 'allbut'.

Sanitize.php, Constants.php: allbut implemented.
Support.php: Date regexp corrected to accept years 0001-1000.
AbstractBuildForm.php: Code reformatted
parent 117828fc
[Mon, 29 Feb 2016 15:32:39 +0100][SELECT * FROM Form AS f WHERE f.name LIKE 'formElement' AND f.deleted='no']
[Mon, 29 Feb 2016 15:32:39 +0100][Get rows: 1]
[Mon, 29 Feb 2016 15:32:39 +0100][SELECT id, " / ", title FROM Form WHERE id = 0]
[Mon, 29 Feb 2016 15:32:39 +0100][Get rows: 0]
[Mon, 29 Feb 2016 15:32:39 +0100][SELECT *, 'no' AS 'nestedInFieldSet' FROM FormElement AS fe WHERE fe.formId = '2' AND fe.deleted = 'no' AND FIND_IN_SET(fe.class, 'action' ) AND fe.enabled='yes' ORDER BY fe.ord, fe.id]
[Mon, 29 Feb 2016 15:32:39 +0100][Get rows: 0]
[Mon, 29 Feb 2016 15:32:39 +0100][SELECT *, 'no' AS 'nestedInFieldSet' FROM FormElement AS fe WHERE fe.formId = '2' AND fe.deleted = 'no' AND FIND_IN_SET(fe.class, 'native' ) AND fe.enabled='yes' ORDER BY fe.ord, fe.id]
[Mon, 29 Feb 2016 15:32:39 +0100][Get rows: 28]
[Mon, 29 Feb 2016 15:32:39 +0100][SHOW FIELDS FROM `FormElement`]
[Mon, 29 Feb 2016 15:32:39 +0100][Get rows: 29]
[Mon, 29 Feb 2016 15:32:39 +0100][UPDATE `FormElement` SET `formId` = '1', `feIdContainer` = '1', `enabled` = 'yes', `name` = 'id1', `label` = 'id', `mode` = 'readonly', `class` = 'native', `type` = 'text', `checkType` = '', `checkPattern` = '', `onChange` = '', `ord` = '100', `tabindex` = '0', `size` = '10', `note` = '', `tooltip` = '', `placeholder` = '', `value` = '', `sql1` = '', `parameter` = '', `clientJs` = '', `feGroup` = '', `debug` = 'no', `deleted` = 'no', `modified` = '2016-02-29 15:17:28', `created` = '0000-00-00 00:00:00' WHERE id = '6']
[Mon, 29 Feb 2016 15:32:39 +0100][Affected rows: 1]
[Mon, 29 Feb 2016 15:32:52 +0100][SELECT * FROM Form AS f WHERE f.name LIKE 'formElement' AND f.deleted='no']
[Mon, 29 Feb 2016 15:32:52 +0100][Get rows: 1]
[Mon, 29 Feb 2016 15:32:52 +0100][SELECT id, " / ", title FROM Form WHERE id = 0]
[Mon, 29 Feb 2016 15:32:52 +0100][Get rows: 0]
[Mon, 29 Feb 2016 15:32:52 +0100][SELECT *, 'no' AS 'nestedInFieldSet' FROM FormElement AS fe WHERE fe.formId = '2' AND fe.deleted = 'no' AND FIND_IN_SET(fe.class, 'action' ) AND fe.enabled='yes' ORDER BY fe.ord, fe.id]
[Mon, 29 Feb 2016 15:32:52 +0100][Get rows: 0]
[Mon, 29 Feb 2016 15:32:52 +0100][SELECT *, 'no' AS 'nestedInFieldSet' FROM FormElement AS fe WHERE fe.formId = '2' AND fe.deleted = 'no' AND FIND_IN_SET(fe.class, 'native' ) AND fe.enabled='yes' ORDER BY fe.ord, fe.id]
[Mon, 29 Feb 2016 15:32:52 +0100][Get rows: 28]
[Mon, 29 Feb 2016 15:32:52 +0100][SHOW FIELDS FROM `FormElement`]
[Mon, 29 Feb 2016 15:32:52 +0100][Get rows: 29]
[Mon, 29 Feb 2016 15:32:52 +0100][UPDATE `FormElement` SET `formId` = '1', `feIdContainer` = '1', `enabled` = 'yes', `name` = 'id', `label` = 'id', `mode` = 'readonly', `class` = 'native', `type` = 'text', `checkType` = '', `checkPattern` = '', `onChange` = '', `ord` = '100', `tabindex` = '0', `size` = '10', `note` = '', `tooltip` = '', `placeholder` = '', `value` = '', `sql1` = '', `parameter` = '', `clientJs` = '', `feGroup` = '', `debug` = 'no', `deleted` = 'no', `modified` = '2016-02-29 15:17:28', `created` = '0000-00-00 00:00:00' WHERE id = '6']
[Mon, 29 Feb 2016 15:32:52 +0100][Affected rows: 1]
......@@ -5,6 +5,7 @@
* Date: 1/6/16
* Time: 8:02 PM
*/
namespace qfq;
use qfq;
......@@ -1505,7 +1506,7 @@ abstract class AbstractBuildForm {
$attribute = $this->getAttributeMode($formElement);
$attribute .= Support::doAttribute('name', $htmlFormElementId);
$attribute .= Support::doAttribute('class', 'form-control');
// $attribute .= Support::doAttribute('class', 'form-control');
$attribute .= Support::doAttribute('type', 'file');
$attribute .= Support::doAttribute('title', $formElement['tooltip']);
$attribute .= $this->getAttributeList($formElement, ['autofocus', 'accept']);
......@@ -1599,18 +1600,19 @@ abstract class AbstractBuildForm {
switch ($formElement['checkType']) {
case 'pattern':
case SANITIZE_ALLOW_PATTERN:
$formElement['checkPattern'] = $tmpPattern;
break;
case 'min|max date':
case SANITIZE_ALLOW_MIN_MAX_DATE:
$arrMinMax = explode('|', $formElement['checkPattern'], 2);
if (count($arrMinMax) != 2) {
throw new UserFormException('Missing min|max definition', ERROR_MISSING_MIN_MAX);
}
break;
case 'all':
case 'alnumx':
$formElement['checkType'] = 'pattern';
case SANITIZE_ALLOW_ALL:
case SANITIZE_ALLOW_ALNUMX:
case SANITIZE_ALLOW_ALLBUT:
$formElement['checkType'] = SANITIZE_ALLOW_PATTERN;
break;
default:
throw new UserFormException("Checktype not applicable for date/time: '" . $formElement['checkType'] . "'", ERROR_NOT_APPLICABLE);
......
......@@ -50,6 +50,7 @@ const SANITIZE_ALLOW_EMAIL = "email";
const SANITIZE_ALLOW_MIN_MAX = "min|max";
const SANITIZE_ALLOW_MIN_MAX_DATE = "min|max date";
const SANITIZE_ALLOW_PATTERN = "pattern";
const SANITIZE_ALLOW_ALLBUT = "allbut";
const SANITIZE_ALLOW_ALL = "all";
const SANITIZE_DEFAULT = SANITIZE_ALLOW_DIGIT;
......@@ -184,9 +185,9 @@ const STORE_VAR = "V"; // Generic Vars
const STORE_ZERO = "0"; // value: 0, might helpfull if variable is empty but used in an SQL statement, which might produce a SQL error otherwise if substituted with an empty string
const STORE_EMPTY = "E"; // value: '', might helpfull if variable is not defined and should result in an empty string instead of {{...}} (cause not replaced)
const STORE_SYSTEM = "Y"; // various system values like db connection credentials
const STORE_EXTRA = 'X'; // Persistent Store: contains arrays! Not Usefull for user. Used by system.
const STORE_USE_DEFAULT = "FSRD";
//
// Store: Definitions / Members
//
......@@ -200,6 +201,8 @@ const CLIENT_KEY_SEM_ID_USER = 'keySemIdUser';
const CLIENT_PAGE_ID = 'id';
const CLIENT_PAGE_TYPE = 'type';
const CLIENT_PAGE_LANGUAGE = 'L';
const CLIENT_UPLOAD_FE_NAME = 'uploadFeName';
const CLIENT_UPLOAD_DELETE = 'uploadDeleteOld';
// ALL $_SERVER variables: http://php.net/manual/en/reserved.variables.server.php
// The following exist and might be the most used ones.
......@@ -218,6 +221,9 @@ const CLIENT_REQUEST_URI = 'REQUEST_URI';
const CLIENT_SCRIPT_NAME = 'SCRIPT_NAME';
const CLIENT_PHP_SELF = 'PHP_SELF';
// Extra:
const EXTRA_UPLOAD_DELETE = CLIENT_UPLOAD_DELETE;
// T3 Bodytext Keywords
const TYPO3_FORM = CLIENT_FORM;
const TYPO3_RECORD_ID = CLIENT_RECORD_ID;
......
......@@ -143,6 +143,7 @@ class Sanitize {
SANITIZE_ALLOW_MIN_MAX => '',
SANITIZE_ALLOW_MIN_MAX_DATE => '',
SANITIZE_ALLOW_PATTERN => '',
SANITIZE_ALLOW_ALLBUT => '^[^\[\]{}%&\\#]+$',
SANITIZE_ALLOW_ALL => '.*'
];
}
......
......@@ -230,10 +230,10 @@ class Support {
if ($format === FORMAT_DATE_GERMAN) {
// yyyy-mm-dd | 0000-00-00
$date = '(([1-9]|0[1-9]|1[0-9]|2[0-9]|3[01])\.([1-9]|0[1-9]|1[012])\.([1-9][0-9]{3}|[0-9]{2})|00\.00\.(00){1,2})';
$date = '(([1-9]|0[1-9]|1[0-9]|2[0-9]|3[01])\.([1-9]|0[1-9]|1[012])\.([0-9]{4}|[0-9]{2})|00\.00\.(00){1,2})';
} else {
// FORMAT_DATE_INTERNATIONAL: [d]d.[m]m.[yy]yy | 00.00.0000
$date = '([1-9][0-9]{3}-([1-9]|0[1-9]|1[012])-([1-9]|0[1-9]|1[0-9]|2[0-9]|3[01])|0000-00-00)';
$date = '([0-9]{4}-([1-9]|0[1-9]|1[012])-([1-9]|0[1-9]|1[0-9]|2[0-9]|3[01])|0000-00-00)';
}
// hh:mm[:ss]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment