Add class MD_STD_IN for input parsing and sanitization
This commit is contained in:
parent
b8d8be54b9
commit
17d1b6e88b
34
MD_STD.php
34
MD_STD.php
|
@ -20,13 +20,13 @@ class MD_STD {
|
|||
*/
|
||||
public static function file_get_contents(string $filename):string {
|
||||
|
||||
if (substr($filename, 0, 4) !== 'http' && !file_exists($filename)) {
|
||||
if (\substr($filename, 0, 4) !== 'http' && !\file_exists($filename)) {
|
||||
throw new MDFileDoesNotExist("There is no file {$filename}");
|
||||
}
|
||||
|
||||
$contents = file_get_contents($filename);
|
||||
$contents = \file_get_contents($filename);
|
||||
|
||||
if (is_bool($contents)) {
|
||||
if (\is_bool($contents)) {
|
||||
throw new MDFileIsNotReadable("File {$filename} is not readable");
|
||||
}
|
||||
|
||||
|
@ -44,8 +44,8 @@ class MD_STD {
|
|||
*/
|
||||
public static function realpath(string $path):string {
|
||||
|
||||
$output = realpath($path);
|
||||
if (!is_string($output)) throw new MDFileDoesNotExist("The file {$path} does not exist or is not readable.");
|
||||
$output = \realpath($path);
|
||||
if (!\is_string($output)) throw new MDFileDoesNotExist("The file {$path} does not exist or is not readable.");
|
||||
return $output;
|
||||
|
||||
}
|
||||
|
@ -59,11 +59,11 @@ class MD_STD {
|
|||
*/
|
||||
public static function scandir(string $filepath):array {
|
||||
|
||||
if (!is_dir($filepath) || ($output = scandir($filepath)) === false) {
|
||||
if (!\is_dir($filepath) || ($output = \scandir($filepath)) === false) {
|
||||
throw new MDFileDoesNotExist("There is no file {$filepath}");
|
||||
}
|
||||
|
||||
return array_values(array_diff($output, ['.', '..', '.git']));
|
||||
return \array_values(\array_diff($output, ['.', '..', '.git']));
|
||||
|
||||
}
|
||||
|
||||
|
@ -75,7 +75,7 @@ class MD_STD {
|
|||
*/
|
||||
public static function ob_get_clean():string {
|
||||
|
||||
$output = ob_get_clean();
|
||||
$output = \ob_get_clean();
|
||||
if ($output === false) throw new MDOutputBufferNotStarted("Output buffer was not started");
|
||||
return $output;
|
||||
|
||||
|
@ -126,7 +126,7 @@ class MD_STD {
|
|||
*/
|
||||
public static function preg_replace_str(string $pattern, string $replacement, string $subject):string {
|
||||
|
||||
$output = preg_replace($pattern, $replacement, $subject);
|
||||
$output = \preg_replace($pattern, $replacement, $subject);
|
||||
if ($output === null) {
|
||||
throw new Exception("Error replacing in $subject: Replacing $pattern with $replacement");
|
||||
}
|
||||
|
@ -148,7 +148,7 @@ class MD_STD {
|
|||
*/
|
||||
public static function json_encode(array $value, int $options = 0, int $depth = 512):string {
|
||||
|
||||
$output = json_encode($value, $options, $depth);
|
||||
$output = \json_encode($value, $options, $depth);
|
||||
if ($output === false) throw new Exception("JSON output could not be generated");
|
||||
return $output;
|
||||
|
||||
|
@ -233,7 +233,7 @@ class MD_STD {
|
|||
|
||||
// Alle Infos über diese Sprache rausholen
|
||||
// phpcs:disable Generic.Strings.UnnecessaryStringConcat
|
||||
$res = preg_match('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i', $accepted_language, $matches);
|
||||
$res = \preg_match('/^([a-z]{1,8}(?:-[a-z]{1,8})*)(?:;\s*q=(0(?:\.[0-9]{1,3})?|1(?:\.0{1,3})?))?$/i', $accepted_language, $matches);
|
||||
// phpcs:enable
|
||||
|
||||
// war die Syntax gültig?
|
||||
|
@ -243,7 +243,7 @@ class MD_STD {
|
|||
}
|
||||
|
||||
// Sprachcode holen und dann sofort in die Einzelteile trennen
|
||||
$lang_code = explode('-', $matches[1]);
|
||||
$lang_code = \explode('-', $matches[1]);
|
||||
|
||||
// Wurde eine Qualität mitgegeben?
|
||||
if (isset($matches[2])) {
|
||||
|
@ -259,11 +259,11 @@ class MD_STD {
|
|||
while (!empty($lang_code)) {
|
||||
// phpcs:enable
|
||||
// mal sehen, ob der Sprachcode angeboten wird
|
||||
if (in_array(strtolower(join('-', $lang_code)), $allowed_languages)) {
|
||||
if (\in_array(\strtolower(\join('-', $lang_code)), $allowed_languages)) {
|
||||
// Qualität anschauen
|
||||
if ($lang_quality > $current_q) {
|
||||
// diese Sprache verwenden
|
||||
$current_lang = strtolower(join('-', $lang_code));
|
||||
$current_lang = \strtolower(join('-', $lang_code));
|
||||
$current_q = $lang_quality;
|
||||
// Hier die innere while-Schleife verlassen
|
||||
break;
|
||||
|
@ -275,7 +275,7 @@ class MD_STD {
|
|||
break;
|
||||
}
|
||||
// den rechtesten Teil des Sprachcodes abschneiden
|
||||
array_pop($lang_code);
|
||||
\array_pop($lang_code);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -296,8 +296,8 @@ class MD_STD {
|
|||
public static function human_filesize(int $bytes, int $decimals = 2):string {
|
||||
|
||||
$size = ['B','kB','MB','GB','TB','PB','EB','ZB','YB'];
|
||||
$factor = floor((strlen((string)$bytes) - 1) / 3);
|
||||
return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . $size[$factor];
|
||||
$factor = \floor((\strlen((string)$bytes) - 1) / 3);
|
||||
return \sprintf("%.{$decimals}f", $bytes / \pow(1024, $factor)) . $size[$factor];
|
||||
|
||||
}
|
||||
|
||||
|
|
95
MD_STD_IN.php
Normal file
95
MD_STD_IN.php
Normal file
|
@ -0,0 +1,95 @@
|
|||
<?PHP
|
||||
/**
|
||||
* Gathers wrappers for handling inputs.
|
||||
*/
|
||||
declare(strict_types = 1);
|
||||
|
||||
/**
|
||||
* Standard class providing overrides of default PHP functions as static
|
||||
* functions.
|
||||
*/
|
||||
class MD_STD_IN {
|
||||
|
||||
/**
|
||||
* Generic sanitization function for input strings.
|
||||
*
|
||||
* @param mixed $input Input string.
|
||||
*
|
||||
* @return integer
|
||||
*/
|
||||
final public static function sanitize_id($input):int {
|
||||
|
||||
$input = filter_var($input, FILTER_VALIDATE_INT, [
|
||||
'options' => [
|
||||
'min_range' => 1, // Minimum number of an ID generated.
|
||||
'max_range' => 4294967295 // Max value for MySQL's int data type
|
||||
],
|
||||
]
|
||||
);
|
||||
|
||||
if (!($input)) {
|
||||
throw new MDpageParameterNotNumericException("Value is not numeric.");
|
||||
}
|
||||
|
||||
return $input;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* General string sanitization for all purposes. For use of inputs with MySQL's
|
||||
* MATCH AGAINST, use the dedicated sanitization function.
|
||||
*
|
||||
* @param mixed $input Input string.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
final public static function sanitize_text($input):string {
|
||||
|
||||
$output = \filter_var($input,
|
||||
FILTER_SANITIZE_STRING,
|
||||
FILTER_FLAG_NO_ENCODE_QUOTES) ?: "";
|
||||
|
||||
return trim($output);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves HTTP input texts from GET or POST variables, whatever is provided.
|
||||
* If neither is given, returns a provided default.
|
||||
*
|
||||
* @param string $var_name Variable name.
|
||||
* @param string $default Default value for the output.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
final public static function get_http_input_text(string $var_name, string $default = ""):string {
|
||||
|
||||
if (isset($_GET[$var_name])) {
|
||||
return self::sanitize_text($_GET[$var_name]);
|
||||
}
|
||||
else if (isset($_POST[$var_name])) {
|
||||
return self::sanitize_text($_POST[$var_name]);
|
||||
}
|
||||
else return self::sanitize_text($default);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves HTTP input texts from POST variables.
|
||||
* If none is given, returns a provided default.
|
||||
*
|
||||
* @param string $var_name Variable name.
|
||||
* @param string $default Default value for the output.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
final public static function get_http_post_text(string $var_name, string $default = ""):string {
|
||||
|
||||
if (isset($_POST[$var_name])) {
|
||||
return self::sanitize_text($_POST[$var_name]);
|
||||
}
|
||||
else return self::sanitize_text($default);
|
||||
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user