Mercurial > hg > fapweb
changeset 244:70c424d025d6
Improve input validation helper functions.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Fri, 22 Nov 2013 15:45:20 +0200 |
| parents | e284f867c1d8 |
| children | bb96aef874a9 |
| files | msitegen.inc.php |
| diffstat | 1 files changed, 35 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/msitegen.inc.php Fri Nov 22 01:08:30 2013 +0200 +++ b/msitegen.inc.php Fri Nov 22 15:45:20 2013 +0200 @@ -22,7 +22,10 @@ define("CHK_ISLT", 2); define("CHK_ISGT", 3); define("CHK_ISEQ", 4); -define("CHK_CUSTOM", 5); +define("CHK_GTEQ", 5); +define("CHK_LTEQ", 6); +define("CHK_RANGE", 7); +define("CHK_CUSTOM", 8); function stDebug($msg) @@ -276,8 +279,34 @@ // stChkRequestItem("name", FALSE, // array(CHK_ISGT, VT_STR, 0, "Handle / name not given."), // array(CHK_ISGT, VT_STR, 3, "Handle / name too short, should be 3 characters or more."), -// array(CHK_ISLT, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters.")); +// array(CHK_LTEQ, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters."), +// array(CHK_RANGE, VT_STR, array(3, SET_LEN_USERNAME), "Ulululu!"), +// ^- ranges specified as array of MIN and MAX values (inclusive) +// +// array(CHK_CUSTOM, VT_STR, function($value) { return FALSE; }, "Error! Error!"), +// ^- can be any callable/anonymous function etc. +// ... // +function stChkRequestDataItem($type, $value, $cmp) +{ + switch ($type) + { + case CHK_ISLT : return $value < $cmp; + case CHK_ISGT : return $value > $cmp; + case CHK_ISEQ : return $value == $cmp; + case CHK_LTEQ : return $value <= $cmp; + case CHK_GTEQ : return $value >= $cmp; + case CHK_RANGE: + if (!is_array($cmp)) + return FALSE; + else + return ($value >= $cmp[0] && $value <= $cmp[1]); + break; + default: return FALSE; + } +} + + function stChkRequestItem($name, &$sdata) { if (!isset($_REQUEST[$name])) @@ -316,28 +345,22 @@ } break; - case CHK_ISLT: - case CHK_ISGT: - case CHK_ISEQ: + case CHK_ISLT: case CHK_ISGT: case CHK_ISEQ: + case CHK_GTEQ: case CHK_LTEQ: case CHK_RANGE: // Check length or value of the data switch ($check[1]) { case VT_STR: case VT_TEXT: // Strings get their length checked - if (($check[0] == CHK_ISLT && $slen >= $check[2]) || - ($check[0] == CHK_ISGT && $slen <= $check[2]) || - ($check[0] == CHK_ISEQ && $slen != $check[2])) + if (!stChkRequestDataItem($check[0], $slen, $check[2])) return stErrorStrF($check[3], $data); break; case VT_INT: case VT_BOOL: // Integer values checked against .. value - $sval = to_int($data); - if (($check[0] == CHK_ISLT && $sval >= $check[2]) || - ($check[0] == CHK_ISGT && $sval <= $check[2]) || - ($check[0] == CHK_ISEQ && $sval != $check[2])) + if (!stChkRequestDataItem($check[0], to_int($data), $check[2])) return stErrorStrF($check[3], $data); break; }