Commit f3656982 authored by enured's avatar enured
Browse files

C and F Store default sanitize -> digit. Default of all other Stores -> all.

parent 1376b300
Pipeline #6498 passed with stages
in 2 minutes and 49 seconds
......@@ -78,38 +78,6 @@ const SQL_FORM_ELEMENT_NATIVE_TG_COUNT = "SELECT `fe`.*, IFNULL(`feTg`.`maxLengt
const NAME_TG_COPIES = '_tgCopies'; // Number of templatesGroup copies to create on the fly. Also used in SQL_FORM_ELEMENT_NATIVE_TG_COUNT.
const FE_TG_INDEX = '_tgIndex'; // Index of the current copy of a templateGroup FE.
// SANITIZE Classifier
const SANITIZE_ALLOW_AUTO = "auto"; // Default for FormElements
const SANITIZE_ALLOW_ALNUMX = "alnumx";
const SANITIZE_ALLOW_DIGIT = "digit";
const SANITIZE_ALLOW_NUMERICAL = "numerical";
const SANITIZE_ALLOW_EMAIL = "email";
const SANITIZE_ALLOW_PATTERN = "pattern";
const SANITIZE_ALLOW_ALLBUT = "allbut";
const SANITIZE_ALLOW_ALL = "all";
const SANITIZE_DEFAULT = SANITIZE_ALLOW_DIGIT; // for {{variable}} expressions without checkType
const SANITIZE_EXCEPTION = 'exception';
const SANITIZE_EMPTY_STRING = 'empty string';
const SANITIZE_VIOLATE = '!!';
const SANITIZE_ALLOW_ALNUMX_MESSAGE = 'Allowed characters: 0...9, [latin character], @-_.m;: /()';
const SANITIZE_ALLOW_DIGIT_MESSAGE = 'Allowed characters: 0...9';
const SANITIZE_ALLOW_NUMERICAL_MESSAGE = 'Allowed characters: 0...9 and .+-';
const SANITIZE_ALLOW_EMAIL_MESSAGE = 'Requested format: string@domain.tld';
const SANITIZE_ALLOW_ALLBUT_MESSAGE = 'Forbidden characters: ^[]{}%\#';
const SANITIZE_TYPE_MESSAGE_VIOLATE_EMPTY = 'e';
const SANITIZE_TYPE_MESSAGE_VIOLATE_ZERO = '0';
const SANITIZE_TYPE_MESSAGE_VIOLATE_CLASS = 'c';
const PATTERN_ALNUMX = '^[@\-_\.,;: \/\(\)a-zA-Z0-9ÀÈÌÒÙàèìòùÁÉÍÓÚÝáéíóúýÂÊÎÔÛâêîôûÃÑÕãñõÄËÏÖÜŸäëïöüÿçß]*$';
const PATTERN_DIGIT = '^[\d]*$';
const PATTERN_NUMERICAL = '^[\d.+-]*$';
const PATTERN_EMAIL = '^([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})?$';
const PATTERN_ALLBUT = '^[^\[\]{}%\\\\#]*$';
const PATTERN_ALL = '.*';
// Index wrap setup table
......@@ -412,6 +380,59 @@ const STORE_ZERO = "0"; // value: 0, might helpfull if variable is empty but use
const STORE_USE_DEFAULT = "FSRVD";
// SANITIZE Classifier
const SANITIZE_ALLOW_AUTO = "auto"; // Default for FormElements
const SANITIZE_ALLOW_ALNUMX = "alnumx";
const SANITIZE_ALLOW_DIGIT = "digit";
const SANITIZE_ALLOW_NUMERICAL = "numerical";
const SANITIZE_ALLOW_EMAIL = "email";
const SANITIZE_ALLOW_PATTERN = "pattern";
const SANITIZE_ALLOW_ALLBUT = "allbut";
const SANITIZE_ALLOW_ALL = "all";
const SANITIZE_DEFAULT = SANITIZE_ALLOW_DIGIT; // for {{variable}} expressions without checkType
const SANITIZE_DEFAULT_OF_STORE = [
STORE_FORM => SANITIZE_ALLOW_DIGIT,
STORE_SIP => SANITIZE_ALLOW_ALL,
STORE_RECORD => SANITIZE_ALLOW_ALL,
STORE_BEFORE => SANITIZE_ALLOW_ALL,
STORE_PARENT_RECORD => SANITIZE_ALLOW_ALL,
STORE_TABLE_DEFAULT => SANITIZE_ALLOW_ALL,
STORE_TABLE_COLUMN_TYPES => SANITIZE_ALLOW_ALL,
STORE_CLIENT => SANITIZE_ALLOW_DIGIT,
STORE_TYPO3 => SANITIZE_ALLOW_ALL,
STORE_VAR => SANITIZE_ALLOW_ALL,
STORE_ZERO => SANITIZE_ALLOW_ALL,
STORE_EMPTY => SANITIZE_ALLOW_ALL,
STORE_SYSTEM => SANITIZE_ALLOW_ALL,
STORE_EXTRA => SANITIZE_ALLOW_ALL,
STORE_USER => SANITIZE_ALLOW_ALL,
STORE_LDAP => SANITIZE_ALLOW_ALL,
STORE_ADDITIONAL_FORM_ELEMENTS => SANITIZE_ALLOW_ALL,
];
const SANITIZE_EXCEPTION = 'exception';
const SANITIZE_EMPTY_STRING = 'empty string';
const SANITIZE_VIOLATE = '!!';
const SANITIZE_ALLOW_ALNUMX_MESSAGE = 'Allowed characters: 0...9, [latin character], @-_.m;: /()';
const SANITIZE_ALLOW_DIGIT_MESSAGE = 'Allowed characters: 0...9';
const SANITIZE_ALLOW_NUMERICAL_MESSAGE = 'Allowed characters: 0...9 and .+-';
const SANITIZE_ALLOW_EMAIL_MESSAGE = 'Requested format: string@domain.tld';
const SANITIZE_ALLOW_ALLBUT_MESSAGE = 'Forbidden characters: ^[]{}%\#';
const SANITIZE_TYPE_MESSAGE_VIOLATE_EMPTY = 'e';
const SANITIZE_TYPE_MESSAGE_VIOLATE_ZERO = '0';
const SANITIZE_TYPE_MESSAGE_VIOLATE_CLASS = 'c';
const PATTERN_ALNUMX = '^[@\-_\.,;: \/\(\)a-zA-Z0-9ÀÈÌÒÙàèìòùÁÉÍÓÚÝáéíóúýÂÊÎÔÛâêîôûÃÑÕãñõÄËÏÖÜŸäëïöüÿçß]*$';
const PATTERN_DIGIT = '^[\d]*$';
const PATTERN_NUMERICAL = '^[\d.+-]*$';
const PATTERN_EMAIL = '^([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})?$';
const PATTERN_ALLBUT = '^[^\[\]{}%\\\\#]*$';
const PATTERN_ALL = '.*';
//
// Store: Definitions / Members
//
......
......@@ -149,20 +149,20 @@ class Store {
self::$sanitizeStore = [
STORE_FORM => true,
STORE_SIP => false,
STORE_RECORD => false,
STORE_SIP => true,
STORE_RECORD => true,
STORE_BEFORE => false,
STORE_PARENT_RECORD => false,
STORE_TABLE_DEFAULT => false,
STORE_TABLE_COLUMN_TYPES => false,
STORE_CLIENT => true,
STORE_TYPO3 => false,
STORE_VAR => false,
STORE_VAR => true,
STORE_ZERO => false,
STORE_EMPTY => false,
STORE_SYSTEM => false,
STORE_EXTRA => false,
STORE_USER => false,
STORE_USER => true,
STORE_LDAP => false,
STORE_ADDITIONAL_FORM_ELEMENTS => false,
];
......@@ -530,10 +530,6 @@ class Store {
$useStores = STORE_USE_DEFAULT;
}
// no sanitizeClass specified: take predefined (if exist) or default.
if ($sanitizeClass === '' || $sanitizeClass === null) {
$sanitizeClass = isset(self::$sanitizeClass[$key]) ? self::$sanitizeClass[$key] : SANITIZE_DEFAULT;
}
$len = strlen(SIP_PREFIX_BASE64);
......@@ -567,6 +563,12 @@ class Store {
}
}
// no sanitizeClass specified: take predefined (if exist) or default.
if ($sanitizeClass === '' || $sanitizeClass === null) {
$sanitizeDefault = SANITIZE_DEFAULT_OF_STORE[$store];
$sanitizeClass = isset(self::$sanitizeClass[$key]) ? self::$sanitizeClass[$key] : $sanitizeDefault;
}
$rawVal = isset(self::$raw[$store][$finalKey]) ? self::$raw[$store][$finalKey] : null;
if (self::$sanitizeStore[$store] && $sanitizeClass != '') {
if ($sanitizeClass == SANITIZE_ALLOW_PATTERN) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment