Add class MD_STD_IN for input parsing and sanitization

MD_STD.php

@@ -20,13 +20,13 @@ class MD_STD {
      */
     public static function file_get_contents(string $filename):string {
 
-        if (substr($filename, 0, 4) !== 'http' && !file_exists($filename)) {
+        if (\substr($filename, 0, 4) !== 'http' && !\file_exists($filename)) {
             throw new MDFileDoesNotExist("There is no file {$filename}");
         }
 
-        $contents = file_get_contents($filename);
+        $contents = \file_get_contents($filename);
 
-        if (is_bool($contents)) {
+        if (\is_bool($contents)) {
             throw new MDFileIsNotReadable("File {$filename} is not readable");
         }
 
@@ -44,8 +44,8 @@ class MD_STD {
      */
     public static function realpath(string $path):string {
 
-        $output = realpath($path);
+        $output = \realpath($path);
-        if (!is_string($output)) throw new MDFileDoesNotExist("The file {$path} does not exist or is not readable.");
+        if (!\is_string($output)) throw new MDFileDoesNotExist("The file {$path} does not exist or is not readable.");
         return $output;
 
     }
@@ -59,11 +59,11 @@ class MD_STD {
      */
     public static function scandir(string $filepath):array {
 
-        if (!is_dir($filepath) || ($output = scandir($filepath)) === false) {
+        if (!\is_dir($filepath) || ($output = \scandir($filepath)) === false) {
             throw new MDFileDoesNotExist("There is no file {$filepath}");
         }
 
-        return array_values(array_diff($output, ['.', '..', '.git']));
+        return \array_values(\array_diff($output, ['.', '..', '.git']));
 
     }
 
@@ -75,7 +75,7 @@ class MD_STD {
      */
     public static function ob_get_clean():string {
 
-        $output = ob_get_clean();
+        $output = \ob_get_clean();
         if ($output === false) throw new MDOutputBufferNotStarted("Output buffer was not started");
         return $output;
 
@@ -126,7 +126,7 @@ class MD_STD {
      */
     public static function preg_replace_str(string $pattern, string $replacement, string $subject):string {
 
-        $output = preg_replace($pattern, $replacement, $subject);
+        $output = \preg_replace($pattern, $replacement, $subject);
         if ($output === null) {
             throw new Exception("Error replacing in $subject: Replacing $pattern with $replacement");
         }
@@ -148,7 +148,7 @@ class MD_STD {
      */
     public static function json_encode(array $value, int $options = 0, int $depth = 512):string {
 
-        $output = json_encode($value, $options, $depth);
+        $output = \json_encode($value, $options, $depth);
         if ($output === false) throw new Exception("JSON output could not be generated");
         return $output;
 
@@ -233,7 +233,7 @@ class MD_STD {
 
             // Alle Infos über diese Sprache rausholen
             // phpcs:disable Generic.Strings.UnnecessaryStringConcat
-            $res = preg_match('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i', $accepted_language, $matches);
+            $res = \preg_match('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i', $accepted_language, $matches);
             // phpcs:enable
 
             // war die Syntax gültig?
@@ -243,7 +243,7 @@ class MD_STD {
             }
 
             // Sprachcode holen und dann sofort in die Einzelteile trennen
-            $lang_code = explode('-', $matches[1]);
+            $lang_code = \explode('-', $matches[1]);
 
             // Wurde eine Qualität mitgegeben?
             if (isset($matches[2])) {
@@ -259,11 +259,11 @@ class MD_STD {
             while (!empty($lang_code)) {
                 // phpcs:enable
                 // mal sehen, ob der Sprachcode angeboten wird
-                if (in_array(strtolower(join('-', $lang_code)), $allowed_languages)) {
+                if (\in_array(\strtolower(\join('-', $lang_code)), $allowed_languages)) {
                     // Qualität anschauen
                     if ($lang_quality > $current_q) {
                         // diese Sprache verwenden
-                        $current_lang = strtolower(join('-', $lang_code));
+                        $current_lang = \strtolower(join('-', $lang_code));
                         $current_q = $lang_quality;
                         // Hier die innere while-Schleife verlassen
                         break;
@@ -275,7 +275,7 @@ class MD_STD {
                     break;
                 }
                 // den rechtesten Teil des Sprachcodes abschneiden
-                array_pop($lang_code);
+                \array_pop($lang_code);
             }
         }
 
@@ -296,8 +296,8 @@ class MD_STD {
     public static function human_filesize(int $bytes, int $decimals = 2):string {
 
         $size = ['B','kB','MB','GB','TB','PB','EB','ZB','YB'];
-        $factor = floor((strlen((string)$bytes) - 1) / 3);
+        $factor = \floor((\strlen((string)$bytes) - 1) / 3);
-        return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . $size[$factor];
+        return \sprintf("%.{$decimals}f", $bytes / \pow(1024, $factor)) . $size[$factor];
 
     }
 

MD_STD_IN.php

@@ -0,0 +1,95 @@
+<?PHP
+/**
+ * Gathers wrappers for handling inputs.
+ */
+declare(strict_types = 1);
+
+/**
+ * Standard class providing overrides of default PHP functions as static
+ * functions.
+ */
+class MD_STD_IN {
+
+    /**
+     * Generic sanitization function for input strings.
+     *
+     * @param mixed $input Input string.
+     *
+     * @return integer
+     */
+    final public static function sanitize_id($input):int {
+
+        $input = filter_var($input, FILTER_VALIDATE_INT, [
+                'options' => [
+                    'min_range' => 1,           // Minimum number of an ID generated.
+                    'max_range' => 4294967295   // Max value for MySQL's int data type
+                ],
+            ]
+        );
+
+        if (!($input)) {
+            throw new MDpageParameterNotNumericException("Value is not numeric.");
+        }
+
+        return $input;
+
+    }
+
+    /**
+     * General string sanitization for all purposes. For use of inputs with MySQL's
+     * MATCH AGAINST, use the dedicated sanitization function.
+     *
+     * @param mixed $input Input string.
+     *
+     * @return string
+     */
+    final public static function sanitize_text($input):string {
+
+        $output = \filter_var($input,
+            FILTER_SANITIZE_STRING,
+            FILTER_FLAG_NO_ENCODE_QUOTES) ?: "";
+
+        return trim($output);
+
+    }
+
+    /**
+     * Retrieves HTTP input texts from GET or POST variables, whatever is provided.
+     * If neither is given, returns a provided default.
+     *
+     * @param string $var_name Variable name.
+     * @param string $default  Default value for the output.
+     *
+     * @return string
+     */
+    final public static function get_http_input_text(string $var_name, string $default = ""):string {
+
+        if (isset($_GET[$var_name])) {
+            return self::sanitize_text($_GET[$var_name]);
+        }
+        else if (isset($_POST[$var_name])) {
+            return self::sanitize_text($_POST[$var_name]);
+        }
+        else return self::sanitize_text($default);
+
+    }
+
+    /**
+     * Retrieves HTTP input texts from POST variables.
+     * If none is given, returns a provided default.
+     *
+     * @param string $var_name Variable name.
+     * @param string $default  Default value for the output.
+     *
+     * @return string
+     */
+    final public static function get_http_post_text(string $var_name, string $default = ""):string {
+
+        if (isset($_POST[$var_name])) {
+            return self::sanitize_text($_POST[$var_name]);
+        }
+        else return self::sanitize_text($default);
+
+    }
+
+}