museum-digital/MD_STD
33
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add functionality to restrict allowed values taken from get via

Browse Source 
MD_STD_IN
This commit is contained in:
Joshua Ramon Enslin 2020-08-19 15:32:15 +02:00 committed by Stefan Rohde-Enslin
parent 17d1b6e88b
commit 0fece80ed0
1 changed files with 25 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
MD_STD_IN.php
View File

@ -57,20 +57,27 @@ class MD_STD_IN {
* Retrieves HTTP input texts from GET or POST variables, whatever is provided. * Retrieves HTTP input texts from GET or POST variables, whatever is provided.
* If neither is given, returns a provided default. * If neither is given, returns a provided default.
* *
* @param string $var_name Variable name. * @param string $var_name Variable name.
* @param string $default Default value for the output. * @param string $default Default value for the output.
* @param array<string> $allowed List of allowed values. Defaults to empty (all values allowed).
* *
* @return string * @return string
*/ */
final public static function get_http_input_text(string $var_name, string $default = ""):string { final public static function get_http_input_text(string $var_name, string $default = "", array $allowed = []):string {
if (isset($_GET[$var_name])) { if (isset($_GET[$var_name])) {
return self::sanitize_text($_GET[$var_name]); $output = self::sanitize_text($_GET[$var_name]);
} }
else if (isset($_POST[$var_name])) { else if (isset($_POST[$var_name])) {
return self::sanitize_text($_POST[$var_name]); $output = self::sanitize_text($_POST[$var_name]);
} }
else return self::sanitize_text($default); else $output = self::sanitize_text($default);
if (!empty($allowed) and !in_array($output, $allowed)) {
Throw new MDpageParameterNotFromListException("Parameter `{$var_name}` must be any of the allowed values: " . implode(', ', $allowed));
}
return $output;
} }
@ -78,17 +85,24 @@ class MD_STD_IN {
* Retrieves HTTP input texts from POST variables. * Retrieves HTTP input texts from POST variables.
* If none is given, returns a provided default. * If none is given, returns a provided default.
* *
* @param string $var_name Variable name. * @param string $var_name Variable name.
* @param string $default Default value for the output. * @param string $default Default value for the output.
* @param array<string> $allowed List of allowed values. Defaults to empty (all values allowed).
* *
* @return string * @return string
*/ */
final public static function get_http_post_text(string $var_name, string $default = ""):string { final public static function get_http_post_text(string $var_name, string $default = "", array $allowed = []):string {
if (isset($_POST[$var_name])) { if (isset($_POST[$var_name])) {
return self::sanitize_text($_POST[$var_name]); $output = self::sanitize_text($_POST[$var_name]);
} }
else return self::sanitize_text($default); else $output = self::sanitize_text($default);
if (!empty($allowed) and !in_array($output, $allowed)) {
Throw new MDpageParameterNotFromListException("Parameter `{$var_name}` must be any of the allowed values: " . implode(', ', $allowed));
}
return $output;
} }