Add functionality to restrict allowed values taken from get via
MD_STD_IN
This commit is contained in:
parent
17d1b6e88b
commit
0fece80ed0
@ -59,18 +59,25 @@ class MD_STD_IN {
|
|||||||
*
|
*
|
||||||
* @param string $var_name Variable name.
|
* @param string $var_name Variable name.
|
||||||
* @param string $default Default value for the output.
|
* @param string $default Default value for the output.
|
||||||
|
* @param array<string> $allowed List of allowed values. Defaults to empty (all values allowed).
|
||||||
*
|
*
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
final public static function get_http_input_text(string $var_name, string $default = ""):string {
|
final public static function get_http_input_text(string $var_name, string $default = "", array $allowed = []):string {
|
||||||
|
|
||||||
if (isset($_GET[$var_name])) {
|
if (isset($_GET[$var_name])) {
|
||||||
return self::sanitize_text($_GET[$var_name]);
|
$output = self::sanitize_text($_GET[$var_name]);
|
||||||
}
|
}
|
||||||
else if (isset($_POST[$var_name])) {
|
else if (isset($_POST[$var_name])) {
|
||||||
return self::sanitize_text($_POST[$var_name]);
|
$output = self::sanitize_text($_POST[$var_name]);
|
||||||
}
|
}
|
||||||
else return self::sanitize_text($default);
|
else $output = self::sanitize_text($default);
|
||||||
|
|
||||||
|
if (!empty($allowed) and !in_array($output, $allowed)) {
|
||||||
|
Throw new MDpageParameterNotFromListException("Parameter `{$var_name}` must be any of the allowed values: " . implode(', ', $allowed));
|
||||||
|
}
|
||||||
|
|
||||||
|
return $output;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -80,15 +87,22 @@ class MD_STD_IN {
|
|||||||
*
|
*
|
||||||
* @param string $var_name Variable name.
|
* @param string $var_name Variable name.
|
||||||
* @param string $default Default value for the output.
|
* @param string $default Default value for the output.
|
||||||
|
* @param array<string> $allowed List of allowed values. Defaults to empty (all values allowed).
|
||||||
*
|
*
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
final public static function get_http_post_text(string $var_name, string $default = ""):string {
|
final public static function get_http_post_text(string $var_name, string $default = "", array $allowed = []):string {
|
||||||
|
|
||||||
if (isset($_POST[$var_name])) {
|
if (isset($_POST[$var_name])) {
|
||||||
return self::sanitize_text($_POST[$var_name]);
|
$output = self::sanitize_text($_POST[$var_name]);
|
||||||
}
|
}
|
||||||
else return self::sanitize_text($default);
|
else $output = self::sanitize_text($default);
|
||||||
|
|
||||||
|
if (!empty($allowed) and !in_array($output, $allowed)) {
|
||||||
|
Throw new MDpageParameterNotFromListException("Parameter `{$var_name}` must be any of the allowed values: " . implode(', ', $allowed));
|
||||||
|
}
|
||||||
|
|
||||||
|
return $output;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user