twb
/
tts_framework
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changed sanitizers names, used Generators instead of arrays.

Browse Source
main
Robert 3 years ago
parent fca0d6af11
commit bb63f57f63
4 changed files with 212 additions and 94 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 233
      src/bootstrap/safer_io.php
  2. 2
      src/classes/database/help_load.php
  3. 61
      src/classes/database/help_save.php
  4. 10
      src/classes/html.php

233
src/bootstrap/safer_io.php
Unescape View File

@ -322,111 +322,210 @@ final class safer_io {
return $data; return $data;
} }
/**
* Initialize JSON post data into static array, if used....
* @param int $levels_deep are JSON Levels to use
*/
public static function init_json(int $levels_deep = 512): void {
self::$JSON_POST_DATA = self::get_json_post_data(true, $levels_deep);
}
/** /**
* Sanitize the inputs based on the rules an optionally trim the string * Sanitize the inputs based on the rules an optionally trim the string
* @param array $inputs [input, field, html, rule, message, skip_db]
* @param FIELD_FILTER $default_filter FILTER_SANITIZE_STRING * @param FIELD_FILTER $default_filter FILTER_SANITIZE_STRING
* @param bool $trim * @param bool $trim
* @return array [meta, fields, html, errors] * @return array [meta, fields, html, errors]
*/ */
public static function sanitize( private static function sanitize_helper(
array $inputs, string $from,
string $input_field_name,
array $a,
FIELD_FILTER $default_filter = FIELD_FILTER::raw_string, FIELD_FILTER $default_filter = FIELD_FILTER::raw_string,
bool $trim = true, bool $trim = true,
int $levels_deep = 512 // JSON Levels
) : array { ) : array {
self::$JSON_POST_DATA = self::get_json_post_data(true, $levels_deep);
$meta = []; $meta = [];
$meta['missing'] = []; $meta['missing'] = [];
$safer_data = []; $safer_data = "";
$safer_db_data = [];
$safer_html_data = [];
$rules = []; $rules = [];
$messages = []; $messages = [];
foreach ($inputs as $input_field_name => $a) {
if (isset($a['field']) && $a['field'] instanceof \UnitEnum) {
$field_type = $a['field'];
} else {
$field_type = $default_filter;
}
if (isset($a['input']) && $a['input'] instanceof \UnitEnum) { if (isset($a['field']) && $a['field'] instanceof \UnitEnum) {
$user_text = self::get_input_by_type($input_field_name, $a['input'], $field_type); $field_type = $a['field'];
} else { } else {
$meta['missing'][] = $input_field_name; $field_type = $default_filter;
continue; }
}
$safer_data[$input_field_name] = false; // needs to be false to fail the validator
$safer_html_data[$input_field_name] = null; // should be null for ?? operator to work with it....
if (isset($a['rule'])) {
$rules[$input_field_name] = $a['rule'];
}
if (isset($a['message']) && isset($a['rule'])) {
$messages[$input_field_name] = $a['message'];
}
$db = (isset($a['skip_db'])) ? $a['skip_db'] : false; if (isset($a['input']) && $a['input'] instanceof \UnitEnum) {
$meta[$input_field_name]['type'] = $field_type->name; $user_text = self::get_input_by_type($input_field_name, $a['input'], $field_type);
$meta[$input_field_name]['skip_db'] = $db; } else {
$ret['name'] = $input_field_name;
if ($user_text === null) { $ret['meta']['missing'][] = $input_field_name;
continue; $ret['errors'][$input_field_name] = "Missing Field $input_field_name";
} $ret['html'] = null;
$ret['db'] = false;
$ret['logic'] = false;
return $ret;
}
$safer_data = false; // needs to be false to fail the validator
$safer_html_data = null; // should be null for ?? operator to work with it....
if (isset($a['rule'])) {
$rules[$input_field_name] = $a['rule'];
}
if (isset($a['message']) && isset($a['rule'])) {
$messages[$input_field_name] = $a['message'];
}
$db = (isset($a['skip_db'])) ? $a['skip_db'] : false;
$meta[$input_field_name]['type'] = $field_type->name;
$meta[$input_field_name]['skip_db'] = $db;
if ($user_text === null) {
$safer_data = null;
$safer_db_data = null;
$safer_html_data = null;
} else {
$field_filter_resolved = $field_type->resolve(); $field_filter_resolved = $field_type->resolve();
$safer_data[$input_field_name] = $user_text; $safer_data = $user_text;
if ($field_type == FIELD_FILTER::email) { if ($field_type == FIELD_FILTER::email) {
$safer_data[$input_field_name] = substr($safer_data[$input_field_name], 0, 254); $safer_data = substr($safer_data, 0, 254);
} }
$safer_data[$input_field_name] = filter_var($safer_data[$input_field_name], FILTER_DEFAULT, $field_filter_resolved); $safer_data = filter_var($safer_data, FILTER_DEFAULT, $field_filter_resolved);
// FallBack: These field types should never allow arrays anyways // FallBack: These field types should never allow arrays anyways
if ($field_type == FIELD_FILTER::raw_string || if ($field_type == FIELD_FILTER::raw_string ||
$field_type == FIELD_FILTER::raw $field_type == FIELD_FILTER::raw
) { ) {
if (\tts\common::get_count($safer_data[$input_field_name])) { if (\tts\common::get_count($safer_data)) {
$safer_data[$input_field_name] = $safer_data[$input_field_name][0]; $safer_data = $safer_data[0];
} }
} }
$safer_html = self::get_safer_html($safer_data[$input_field_name], $a); if ($from === "html") {
if ($safer_html !== false) { $safer_html = self::get_safer_html($safer_data, $a);
$safer_html_data[$input_field_name] = $safer_html; if ($safer_html !== false) {
} $safer_html_data = $safer_html;
}
$safer_data[$input_field_name] = self::t($safer_data[$input_field_name], $trim); if (isset($safer_html_data)) {
if (isset($safer_html_data[$input_field_name])) { $safer_html_data = self::t($safer_html_data, $trim);
$safer_html_data[$input_field_name] = self::t($safer_html_data[$input_field_name], $trim); }
} else {
$safer_data = self::t($safer_data, $trim);
} }
if ($field_type == FIELD_FILTER::integer_number) { if ($field_type == FIELD_FILTER::integer_number) {
$safer_data[$input_field_name] = intval($safer_data[$input_field_name]); $safer_data = intval($safer_data);
} }
if ($field_type == FIELD_FILTER::floating_point) { if ($field_type == FIELD_FILTER::floating_point) {
$safer_data[$input_field_name] = floatval($safer_data[$input_field_name]); $safer_data = floatval($safer_data);
} }
if ($field_type == FIELD_FILTER::integer_number || $field_type == FIELD_FILTER::floating_point) { if ($from === "db") {
$safer_db_data[$input_field_name] = $safer_data[$input_field_name]; if ($field_type == FIELD_FILTER::integer_number || $field_type == FIELD_FILTER::floating_point) {
} else { $safer_db_data = $safer_data;
if (isset($a['db']) && $a['db'] == DB_FILTER::ON) {
$safe_for_db = \tts\safer_sql::get_safer_sql_text($safer_data[$input_field_name]);
$text = $safe_for_db["text"];
} else { } else {
$text = $safer_data[$input_field_name]; if (isset($a['db']) && $a['db'] == DB_FILTER::ON) {
$safe_for_db = \tts\safer_sql::get_safer_sql_text($safer_data);
$text = $safe_for_db["text"];
} else {
$text = $safer_data;
}
$safer_db_data = $text;
} }
$safer_db_data[$input_field_name] = $text;
} }
}
$ret['name'] = $input_field_name;
$ret['meta'] = $meta;
if ($from === "db") {
$ret['db'] = $safer_db_data;
$data[$input_field_name] = $safer_db_data;
} elseif ($from === "logic") {
$ret['logic'] = $safer_data;
$data[$input_field_name] = $safer_data;
} elseif ($from === "html") {
$ret['html'] = $safer_html_data;
$data[$input_field_name] = $safer_html_data;
} }
$errors = (count($rules)) ? \tts\validator::validate($safer_data, $rules, $messages) : []; $ret['errors'] = (count($rules)) ? \tts\validator::validate($data, $rules, $messages) : [];
return $ret;
}
return ['meta' => $meta, 'fields' => $safer_data, 'db'=>$safer_db_data, 'html' => $safer_html_data, 'errors' => $errors]; /**
* Sanitize the inputs based on the rules an optionally trim the string
* @param array $inputs [input, field, html, rule, message, skip_db, db]
* @param FIELD_FILTER $default_filter FILTER_SANITIZE_STRING
* @param bool $trim
* @return Generator
*/
public static function db_sanitize(
array $inputs,
FIELD_FILTER $default_filter = FIELD_FILTER::raw_string,
bool $trim = true,
) : \Generator {
foreach ($inputs as $input_field_name => $a) {
$yield = static::sanitize_helper(
"db",
$input_field_name,
$a,
$default_filter,
$trim
);
yield $yield;
}
}
/**
* Sanitize the inputs based on the rules an optionally trim the string
* @param array $inputs [input, field, html, rule, message, skip_db, db]
* @param FIELD_FILTER $default_filter FILTER_SANITIZE_STRING
* @param bool $trim
* @return Generator
*/
public static function logic_sanitize(
array $inputs,
FIELD_FILTER $default_filter = FIELD_FILTER::raw_string,
bool $trim = true,
) : \Generator {
foreach ($inputs as $input_field_name => $a) {
$yield = static::sanitize_helper(
"logic",
$input_field_name,
$a,
$default_filter,
$trim
);
yield $yield;
}
}
/**
* Sanitize the inputs based on the rules an optionally trim the string
* @param array $inputs [input, field, html, rule, message, skip_db, db]
* @param FIELD_FILTER $default_filter FILTER_SANITIZE_STRING
* @param bool $trim
* @return Generator
*/
public static function html_sanitize(
array $inputs,
FIELD_FILTER $default_filter = FIELD_FILTER::raw_string,
bool $trim = true,
) : \Generator {
foreach ($inputs as $input_field_name => $a) {
$yield = static::sanitize_helper(
"html",
$input_field_name,
$a,
$default_filter,
$trim
);
yield $yield;
}
} }
} }

2
src/classes/database/help_load.php
Unescape View File

@ -16,7 +16,7 @@ class help_load {
* @param \PDOStatement $stmt * @param \PDOStatement $stmt
* @return \Generator * @return \Generator
*/ */
public static function fetch_lazy(\PDOStatement $stmt): \Generator { public static function pdo_fetch_lazy(\PDOStatement $stmt): \Generator {
foreach($stmt as $record) { foreach($stmt as $record) {
yield $record; yield $record;
} }

61
src/classes/database/help_save.php
Unescape View File

@ -4,6 +4,8 @@ declare(strict_types=1);
namespace tts\database; namespace tts\database;
use \tts\safer_io as SafeIO;
final class help_save { final class help_save {
use \tts\traits\database\run_sql; use \tts\traits\database\run_sql;
@ -22,6 +24,7 @@ final class help_save {
private $error_message; private $error_message;
private $pdo; private $pdo;
private $primary_key = 'id'; private $primary_key = 'id';
private $db_skiped = [];
public function __construct($pdo, $table) { public function __construct($pdo, $table) {
$this->pdo = $pdo; $this->pdo = $pdo;
@ -59,6 +62,10 @@ final class help_save {
unset($diff[$key]); // Who cares about IDs unset($diff[$key]); // Who cares about IDs
} }
foreach($this->db_skiped as $skip) {
unset($diff[$skip]);
}
if (count($diff)) { if (count($diff)) {
echo "Diff on fields:<br>" . PHP_EOL; echo "Diff on fields:<br>" . PHP_EOL;
$this->do_dump($diff); $this->do_dump($diff);
@ -77,35 +84,45 @@ final class help_save {
$this->primary_key = $key; $this->primary_key = $key;
} }
/** public function set_members_by_generator(array $input): bool {
* @param array $data [fields=[key=>value]] $good = true;
*/ foreach(SafeIO::db_sanitize($input) as $data) {
public function set_members_by_array(array $data): bool { $key = $data['name'] ?? false;
$error_count = (isset($data['errors'])) ? count($data['errors']) : 0; $value = $data['db'] ?? null;
if ($error_count) { $error_count = (isset($data['errors'])) ? \tts\common::get_count($data['errors']) : 0;
return false; if ($error_count) {
} return false;
}
if (count($data['meta']['missing'])) {
$this->missing = $data['meta']['missing']; if (isset($data['meta']['missing']) && \tts\common::get_count($data['meta']['missing'])) {
} $this->missing = $data['meta']['missing'];
}
if (count($data['db'])) {
foreach($data['db'] as $key => $value) { $meta = $data['meta'][$key] ?? false;
$meta = $data['meta'][$key] ?? false; if ($meta !== false) {
if ($meta !== false) { $skip_db = $meta['skip_db'] ?? false;
$skip_db = $meta['skip_db'] ?? false; if ($skip_db === true) {
if ($skip_db === true) { $this->db_skiped[$key] = true;
continue; // Skip Field continue; // Skip Field
}
} }
}
if ($key !== false) {
$this->members[$key] = $value; $this->members[$key] = $value;
} else {
$good = false;
} }
} }
return true; return $good;
} }
/**
* Do not use this one in production! AS anyone can override
* the DB security and Inject stuff into the DB via POST, etc...
*/
public function auto_set_members(array $post = [], array $skip = ['route', 'm'], array $only_these = []): void { public function auto_set_members(array $post = [], array $skip = ['route', 'm'], array $only_these = []): void {
if (\tts\main\configure::get('tts', 'live') === true) {
return; // Bail if LIVE
}
if (isset($post['json'])) { if (isset($post['json'])) {
$globals = \tts\safer_io::get_json_post_data(); $globals = \tts\safer_io::get_json_post_data();
} else { } else {

10
src/classes/html.php
Unescape View File

@ -90,7 +90,6 @@ final class html {
*/ */
public static function show_table_from_generator( public static function show_table_from_generator(
array $header_fields, array $header_fields,
array $db_field_names,
\Iterator $records, \Iterator $records,
bool $escape = true bool $escape = true
): void { ): void {
@ -102,11 +101,14 @@ final class html {
echo "\t\t<th>{$field}</th>{$nl}"; echo "\t\t<th>{$field}</th>{$nl}";
} }
echo "\t</tr>{$nl}"; echo "\t</tr>{$nl}";
foreach($records as $record) { foreach($records as $record) {
echo "\t<tr>{$nl}"; echo "\t<tr>{$nl}";
foreach($db_field_names as $field_name) { foreach($record as $key => $value) {
$td = $record[$field_name] ?? ""; if (! is_string($key)) {
continue; // Remove Duplicate records
}
$td = $value ?? "";
if (is_string($td)) { if (is_string($td)) {
$cell = ($escape) ? \tts\safer_io::h($td) : $td; $cell = ($escape) ? \tts\safer_io::h($td) : $td;
} else { } else {

Write Preview
Loading…
Cancel
Save