Add class MD_STD_IN for input parsing and sanitization

This commit is contained in:
Joshua Ramon Enslin 2020-08-19 14:55:38 +02:00 committed by Stefan Rohde-Enslin
parent b8d8be54b9
commit 17d1b6e88b
2 changed files with 112 additions and 17 deletions

View File

@ -20,13 +20,13 @@ class MD_STD {
*/ */
public static function file_get_contents(string $filename):string { public static function file_get_contents(string $filename):string {
if (substr($filename, 0, 4) !== 'http' && !file_exists($filename)) { if (\substr($filename, 0, 4) !== 'http' && !\file_exists($filename)) {
throw new MDFileDoesNotExist("There is no file {$filename}"); throw new MDFileDoesNotExist("There is no file {$filename}");
} }
$contents = file_get_contents($filename); $contents = \file_get_contents($filename);
if (is_bool($contents)) { if (\is_bool($contents)) {
throw new MDFileIsNotReadable("File {$filename} is not readable"); throw new MDFileIsNotReadable("File {$filename} is not readable");
} }
@ -44,8 +44,8 @@ class MD_STD {
*/ */
public static function realpath(string $path):string { public static function realpath(string $path):string {
$output = realpath($path); $output = \realpath($path);
if (!is_string($output)) throw new MDFileDoesNotExist("The file {$path} does not exist or is not readable."); if (!\is_string($output)) throw new MDFileDoesNotExist("The file {$path} does not exist or is not readable.");
return $output; return $output;
} }
@ -59,11 +59,11 @@ class MD_STD {
*/ */
public static function scandir(string $filepath):array { public static function scandir(string $filepath):array {
if (!is_dir($filepath) || ($output = scandir($filepath)) === false) { if (!\is_dir($filepath) || ($output = \scandir($filepath)) === false) {
throw new MDFileDoesNotExist("There is no file {$filepath}"); throw new MDFileDoesNotExist("There is no file {$filepath}");
} }
return array_values(array_diff($output, ['.', '..', '.git'])); return \array_values(\array_diff($output, ['.', '..', '.git']));
} }
@ -75,7 +75,7 @@ class MD_STD {
*/ */
public static function ob_get_clean():string { public static function ob_get_clean():string {
$output = ob_get_clean(); $output = \ob_get_clean();
if ($output === false) throw new MDOutputBufferNotStarted("Output buffer was not started"); if ($output === false) throw new MDOutputBufferNotStarted("Output buffer was not started");
return $output; return $output;
@ -126,7 +126,7 @@ class MD_STD {
*/ */
public static function preg_replace_str(string $pattern, string $replacement, string $subject):string { public static function preg_replace_str(string $pattern, string $replacement, string $subject):string {
$output = preg_replace($pattern, $replacement, $subject); $output = \preg_replace($pattern, $replacement, $subject);
if ($output === null) { if ($output === null) {
throw new Exception("Error replacing in $subject: Replacing $pattern with $replacement"); throw new Exception("Error replacing in $subject: Replacing $pattern with $replacement");
} }
@ -148,7 +148,7 @@ class MD_STD {
*/ */
public static function json_encode(array $value, int $options = 0, int $depth = 512):string { public static function json_encode(array $value, int $options = 0, int $depth = 512):string {
$output = json_encode($value, $options, $depth); $output = \json_encode($value, $options, $depth);
if ($output === false) throw new Exception("JSON output could not be generated"); if ($output === false) throw new Exception("JSON output could not be generated");
return $output; return $output;
@ -233,7 +233,7 @@ class MD_STD {
// Alle Infos über diese Sprache rausholen // Alle Infos über diese Sprache rausholen
// phpcs:disable Generic.Strings.UnnecessaryStringConcat // phpcs:disable Generic.Strings.UnnecessaryStringConcat
$res = preg_match('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i', $accepted_language, $matches); $res = \preg_match('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i', $accepted_language, $matches);
// phpcs:enable // phpcs:enable
// war die Syntax gültig? // war die Syntax gültig?
@ -243,7 +243,7 @@ class MD_STD {
} }
// Sprachcode holen und dann sofort in die Einzelteile trennen // Sprachcode holen und dann sofort in die Einzelteile trennen
$lang_code = explode('-', $matches[1]); $lang_code = \explode('-', $matches[1]);
// Wurde eine Qualität mitgegeben? // Wurde eine Qualität mitgegeben?
if (isset($matches[2])) { if (isset($matches[2])) {
@ -259,11 +259,11 @@ class MD_STD {
while (!empty($lang_code)) { while (!empty($lang_code)) {
// phpcs:enable // phpcs:enable
// mal sehen, ob der Sprachcode angeboten wird // mal sehen, ob der Sprachcode angeboten wird
if (in_array(strtolower(join('-', $lang_code)), $allowed_languages)) { if (\in_array(\strtolower(\join('-', $lang_code)), $allowed_languages)) {
// Qualität anschauen // Qualität anschauen
if ($lang_quality > $current_q) { if ($lang_quality > $current_q) {
// diese Sprache verwenden // diese Sprache verwenden
$current_lang = strtolower(join('-', $lang_code)); $current_lang = \strtolower(join('-', $lang_code));
$current_q = $lang_quality; $current_q = $lang_quality;
// Hier die innere while-Schleife verlassen // Hier die innere while-Schleife verlassen
break; break;
@ -275,7 +275,7 @@ class MD_STD {
break; break;
} }
// den rechtesten Teil des Sprachcodes abschneiden // den rechtesten Teil des Sprachcodes abschneiden
array_pop($lang_code); \array_pop($lang_code);
} }
} }
@ -296,8 +296,8 @@ class MD_STD {
public static function human_filesize(int $bytes, int $decimals = 2):string { public static function human_filesize(int $bytes, int $decimals = 2):string {
$size = ['B','kB','MB','GB','TB','PB','EB','ZB','YB']; $size = ['B','kB','MB','GB','TB','PB','EB','ZB','YB'];
$factor = floor((strlen((string)$bytes) - 1) / 3); $factor = \floor((\strlen((string)$bytes) - 1) / 3);
return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . $size[$factor]; return \sprintf("%.{$decimals}f", $bytes / \pow(1024, $factor)) . $size[$factor];
} }

95
MD_STD_IN.php Normal file
View File

@ -0,0 +1,95 @@
<?PHP
/**
* Gathers wrappers for handling inputs.
*/
declare(strict_types = 1);
/**
* Standard class providing overrides of default PHP functions as static
* functions.
*/
class MD_STD_IN {
/**
* Generic sanitization function for input strings.
*
* @param mixed $input Input string.
*
* @return integer
*/
final public static function sanitize_id($input):int {
$input = filter_var($input, FILTER_VALIDATE_INT, [
'options' => [
'min_range' => 1, // Minimum number of an ID generated.
'max_range' => 4294967295 // Max value for MySQL's int data type
],
]
);
if (!($input)) {
throw new MDpageParameterNotNumericException("Value is not numeric.");
}
return $input;
}
/**
* General string sanitization for all purposes. For use of inputs with MySQL's
* MATCH AGAINST, use the dedicated sanitization function.
*
* @param mixed $input Input string.
*
* @return string
*/
final public static function sanitize_text($input):string {
$output = \filter_var($input,
FILTER_SANITIZE_STRING,
FILTER_FLAG_NO_ENCODE_QUOTES) ?: "";
return trim($output);
}
/**
* Retrieves HTTP input texts from GET or POST variables, whatever is provided.
* If neither is given, returns a provided default.
*
* @param string $var_name Variable name.
* @param string $default Default value for the output.
*
* @return string
*/
final public static function get_http_input_text(string $var_name, string $default = ""):string {
if (isset($_GET[$var_name])) {
return self::sanitize_text($_GET[$var_name]);
}
else if (isset($_POST[$var_name])) {
return self::sanitize_text($_POST[$var_name]);
}
else return self::sanitize_text($default);
}
/**
* Retrieves HTTP input texts from POST variables.
* If none is given, returns a provided default.
*
* @param string $var_name Variable name.
* @param string $default Default value for the output.
*
* @return string
*/
final public static function get_http_post_text(string $var_name, string $default = ""):string {
if (isset($_POST[$var_name])) {
return self::sanitize_text($_POST[$var_name]);
}
else return self::sanitize_text($default);
}
}