From 17d1b6e88b2f7499e1c8380a1c8907e393450df2 Mon Sep 17 00:00:00 2001 From: Joshua Ramon Enslin Date: Wed, 19 Aug 2020 14:55:38 +0200 Subject: [PATCH] Add class MD_STD_IN for input parsing and sanitization --- MD_STD.php | 34 +++++++++--------- MD_STD_IN.php | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+), 17 deletions(-) create mode 100644 MD_STD_IN.php diff --git a/MD_STD.php b/MD_STD.php index 533fdcc..59e4848 100644 --- a/MD_STD.php +++ b/MD_STD.php @@ -20,13 +20,13 @@ class MD_STD { */ public static function file_get_contents(string $filename):string { - if (substr($filename, 0, 4) !== 'http' && !file_exists($filename)) { + if (\substr($filename, 0, 4) !== 'http' && !\file_exists($filename)) { throw new MDFileDoesNotExist("There is no file {$filename}"); } - $contents = file_get_contents($filename); + $contents = \file_get_contents($filename); - if (is_bool($contents)) { + if (\is_bool($contents)) { throw new MDFileIsNotReadable("File {$filename} is not readable"); } @@ -44,8 +44,8 @@ class MD_STD { */ public static function realpath(string $path):string { - $output = realpath($path); - if (!is_string($output)) throw new MDFileDoesNotExist("The file {$path} does not exist or is not readable."); + $output = \realpath($path); + if (!\is_string($output)) throw new MDFileDoesNotExist("The file {$path} does not exist or is not readable."); return $output; } @@ -59,11 +59,11 @@ class MD_STD { */ public static function scandir(string $filepath):array { - if (!is_dir($filepath) || ($output = scandir($filepath)) === false) { + if (!\is_dir($filepath) || ($output = \scandir($filepath)) === false) { throw new MDFileDoesNotExist("There is no file {$filepath}"); } - return array_values(array_diff($output, ['.', '..', '.git'])); + return \array_values(\array_diff($output, ['.', '..', '.git'])); } @@ -75,7 +75,7 @@ class MD_STD { */ public static function ob_get_clean():string { - $output = ob_get_clean(); + $output = \ob_get_clean(); if ($output === false) throw new MDOutputBufferNotStarted("Output buffer was not started"); return $output; @@ -126,7 +126,7 @@ class MD_STD { */ public static function preg_replace_str(string $pattern, string $replacement, string $subject):string { - $output = preg_replace($pattern, $replacement, $subject); + $output = \preg_replace($pattern, $replacement, $subject); if ($output === null) { throw new Exception("Error replacing in $subject: Replacing $pattern with $replacement"); } @@ -148,7 +148,7 @@ class MD_STD { */ public static function json_encode(array $value, int $options = 0, int $depth = 512):string { - $output = json_encode($value, $options, $depth); + $output = \json_encode($value, $options, $depth); if ($output === false) throw new Exception("JSON output could not be generated"); return $output; @@ -233,7 +233,7 @@ class MD_STD { // Alle Infos über diese Sprache rausholen // phpcs:disable Generic.Strings.UnnecessaryStringConcat - $res = preg_match('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i', $accepted_language, $matches); + $res = \preg_match('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i', $accepted_language, $matches); // phpcs:enable // war die Syntax gültig? @@ -243,7 +243,7 @@ class MD_STD { } // Sprachcode holen und dann sofort in die Einzelteile trennen - $lang_code = explode('-', $matches[1]); + $lang_code = \explode('-', $matches[1]); // Wurde eine Qualität mitgegeben? if (isset($matches[2])) { @@ -259,11 +259,11 @@ class MD_STD { while (!empty($lang_code)) { // phpcs:enable // mal sehen, ob der Sprachcode angeboten wird - if (in_array(strtolower(join('-', $lang_code)), $allowed_languages)) { + if (\in_array(\strtolower(\join('-', $lang_code)), $allowed_languages)) { // Qualität anschauen if ($lang_quality > $current_q) { // diese Sprache verwenden - $current_lang = strtolower(join('-', $lang_code)); + $current_lang = \strtolower(join('-', $lang_code)); $current_q = $lang_quality; // Hier die innere while-Schleife verlassen break; @@ -275,7 +275,7 @@ class MD_STD { break; } // den rechtesten Teil des Sprachcodes abschneiden - array_pop($lang_code); + \array_pop($lang_code); } } @@ -296,8 +296,8 @@ class MD_STD { public static function human_filesize(int $bytes, int $decimals = 2):string { $size = ['B','kB','MB','GB','TB','PB','EB','ZB','YB']; - $factor = floor((strlen((string)$bytes) - 1) / 3); - return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . $size[$factor]; + $factor = \floor((\strlen((string)$bytes) - 1) / 3); + return \sprintf("%.{$decimals}f", $bytes / \pow(1024, $factor)) . $size[$factor]; } diff --git a/MD_STD_IN.php b/MD_STD_IN.php new file mode 100644 index 0000000..b6d1ec1 --- /dev/null +++ b/MD_STD_IN.php @@ -0,0 +1,95 @@ + [ + 'min_range' => 1, // Minimum number of an ID generated. + 'max_range' => 4294967295 // Max value for MySQL's int data type + ], + ] + ); + + if (!($input)) { + throw new MDpageParameterNotNumericException("Value is not numeric."); + } + + return $input; + + } + + /** + * General string sanitization for all purposes. For use of inputs with MySQL's + * MATCH AGAINST, use the dedicated sanitization function. + * + * @param mixed $input Input string. + * + * @return string + */ + final public static function sanitize_text($input):string { + + $output = \filter_var($input, + FILTER_SANITIZE_STRING, + FILTER_FLAG_NO_ENCODE_QUOTES) ?: ""; + + return trim($output); + + } + + /** + * Retrieves HTTP input texts from GET or POST variables, whatever is provided. + * If neither is given, returns a provided default. + * + * @param string $var_name Variable name. + * @param string $default Default value for the output. + * + * @return string + */ + final public static function get_http_input_text(string $var_name, string $default = ""):string { + + if (isset($_GET[$var_name])) { + return self::sanitize_text($_GET[$var_name]); + } + else if (isset($_POST[$var_name])) { + return self::sanitize_text($_POST[$var_name]); + } + else return self::sanitize_text($default); + + } + + /** + * Retrieves HTTP input texts from POST variables. + * If none is given, returns a provided default. + * + * @param string $var_name Variable name. + * @param string $default Default value for the output. + * + * @return string + */ + final public static function get_http_post_text(string $var_name, string $default = ""):string { + + if (isset($_POST[$var_name])) { + return self::sanitize_text($_POST[$var_name]); + } + else return self::sanitize_text($default); + + } + +}