changeset 244:70c424d025d6

Improve input validation helper functions.
author Matti Hamalainen <ccr@tnsp.org>
date Fri, 22 Nov 2013 15:45:20 +0200
parents e284f867c1d8
children bb96aef874a9
files msitegen.inc.php
diffstat 1 files changed, 35 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- a/msitegen.inc.php	Fri Nov 22 01:08:30 2013 +0200
+++ b/msitegen.inc.php	Fri Nov 22 15:45:20 2013 +0200
@@ -22,7 +22,10 @@
 define("CHK_ISLT", 2);
 define("CHK_ISGT", 3);
 define("CHK_ISEQ", 4);
-define("CHK_CUSTOM", 5);
+define("CHK_GTEQ", 5);
+define("CHK_LTEQ", 6);
+define("CHK_RANGE", 7);
+define("CHK_CUSTOM", 8);
 
 
 function stDebug($msg)
@@ -276,8 +279,34 @@
 //  stChkRequestItem("name", FALSE,
 //    array(CHK_ISGT, VT_STR, 0, "Handle / name not given."),
 //    array(CHK_ISGT, VT_STR, 3, "Handle / name too short, should be 3 characters or more."),
-//    array(CHK_ISLT, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters."));
+//    array(CHK_LTEQ, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters."),
+//    array(CHK_RANGE, VT_STR, array(3, SET_LEN_USERNAME), "Ulululu!"),
+//                             ^- ranges specified as array of MIN and MAX values (inclusive)
+//
+//    array(CHK_CUSTOM, VT_STR, function($value) { return FALSE; }, "Error! Error!"),
+//                              ^- can be any callable/anonymous function etc.
+//    ...
 //
+function stChkRequestDataItem($type, $value, $cmp)
+{
+  switch ($type)
+  {
+    case CHK_ISLT : return $value <  $cmp;
+    case CHK_ISGT : return $value >  $cmp;
+    case CHK_ISEQ : return $value == $cmp;
+    case CHK_LTEQ : return $value <= $cmp;
+    case CHK_GTEQ : return $value >= $cmp;
+    case CHK_RANGE:
+      if (!is_array($cmp))
+        return FALSE;
+      else
+        return ($value >= $cmp[0] && $value <= $cmp[1]);
+      break;
+    default: return FALSE;
+  }
+}
+
+
 function stChkRequestItem($name, &$sdata)
 {
   if (!isset($_REQUEST[$name]))
@@ -316,28 +345,22 @@
         }
         break;
 
-      case CHK_ISLT:
-      case CHK_ISGT:
-      case CHK_ISEQ:
+      case CHK_ISLT: case CHK_ISGT: case CHK_ISEQ:
+      case CHK_GTEQ: case CHK_LTEQ: case CHK_RANGE:
         // Check length or value of the data
         switch ($check[1])
         {
           case VT_STR:
           case VT_TEXT:
             // Strings get their length checked
-            if (($check[0] == CHK_ISLT && $slen >= $check[2]) ||
-                ($check[0] == CHK_ISGT && $slen <= $check[2]) ||
-                ($check[0] == CHK_ISEQ && $slen != $check[2]))
+            if (!stChkRequestDataItem($check[0], $slen, $check[2]))
                 return stErrorStrF($check[3], $data);
             break;
 
           case VT_INT:
           case VT_BOOL:
             // Integer values checked against .. value
-            $sval = to_int($data);
-            if (($check[0] == CHK_ISLT && $sval >= $check[2]) ||
-                ($check[0] == CHK_ISGT && $sval <= $check[2]) ||
-                ($check[0] == CHK_ISEQ && $sval != $check[2]))
+            if (!stChkRequestDataItem($check[0], to_int($data), $check[2]))
                 return stErrorStrF($check[3], $data);
             break;
         }