Add class MD_STD_IN for input parsing and sanitization

2020-08-19 14:55:38 +02:00
parent b8d8be54b9
commit 17d1b6e88b
2 changed files with 112 additions and 17 deletions
--- a/MD_STD_IN.php
+++ b/MD_STD_IN.php
@ -0,0 +1,95 @@
+<?PHP
+/**
+ * Gathers wrappers for handling inputs.
+ */
+declare(strict_types = 1);
+
+/**
+ * Standard class providing overrides of default PHP functions as static
+ * functions.
+ */
+class MD_STD_IN {
+
+    /**
+     * Generic sanitization function for input strings.
+     *
+     * @param mixed $input Input string.
+     *
+     * @return integer
+     */
+    final public static function sanitize_id($input):int {
+
+        $input = filter_var($input, FILTER_VALIDATE_INT, [
+                'options' => [
+                    'min_range' => 1,           // Minimum number of an ID generated.
+                    'max_range' => 4294967295   // Max value for MySQL's int data type
+                ],
+            ]
+        );
+
+        if (!($input)) {
+            throw new MDpageParameterNotNumericException("Value is not numeric.");
+        }
+
+        return $input;
+
+    }
+
+    /**
+     * General string sanitization for all purposes. For use of inputs with MySQL's
+     * MATCH AGAINST, use the dedicated sanitization function.
+     *
+     * @param mixed $input Input string.
+     *
+     * @return string
+     */
+    final public static function sanitize_text($input):string {
+
+        $output = \filter_var($input,
+            FILTER_SANITIZE_STRING,
+            FILTER_FLAG_NO_ENCODE_QUOTES) ?: "";
+
+        return trim($output);
+
+    }
+
+    /**
+     * Retrieves HTTP input texts from GET or POST variables, whatever is provided.
+     * If neither is given, returns a provided default.
+     *
+     * @param string $var_name Variable name.
+     * @param string $default  Default value for the output.
+     *
+     * @return string
+     */
+    final public static function get_http_input_text(string $var_name, string $default = ""):string {
+
+        if (isset($_GET[$var_name])) {
+            return self::sanitize_text($_GET[$var_name]);
+        }
+        else if (isset($_POST[$var_name])) {
+            return self::sanitize_text($_POST[$var_name]);
+        }
+        else return self::sanitize_text($default);
+
+    }
+
+    /**
+     * Retrieves HTTP input texts from POST variables.
+     * If none is given, returns a provided default.
+     *
+     * @param string $var_name Variable name.
+     * @param string $default  Default value for the output.
+     *
+     * @return string
+     */
+    final public static function get_http_post_text(string $var_name, string $default = ""):string {
+
+        if (isset($_POST[$var_name])) {
+            return self::sanitize_text($_POST[$var_name]);
+        }
+        else return self::sanitize_text($default);
+
+    }
+
+}