|
|
|
|
@ -33,6 +33,7 @@ enum HTML_FLAG { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
enum INPUTS: int { |
|
|
|
|
case variable = 998; // User Defined VAR |
|
|
|
|
case debugging = 999; // check POST and then if debugging is set, check GET |
|
|
|
|
case json = 1000; // uses JSON on raw POST BODY |
|
|
|
|
case post = 0; // INPUT_POST; |
|
|
|
|
@ -98,6 +99,17 @@ enum FIELD_FILTER: string { |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
final class use_io { |
|
|
|
|
public $input_var; |
|
|
|
|
public $input_type; |
|
|
|
|
public $field_filter; |
|
|
|
|
public $escape_html; |
|
|
|
|
public $validation_rule; |
|
|
|
|
public $validation_message; |
|
|
|
|
public $skip_the_db; |
|
|
|
|
public $use_db_filter; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
final class safer_io { |
|
|
|
|
|
|
|
|
|
protected function __construct() { |
|
|
|
|
@ -259,7 +271,6 @@ final class safer_io { |
|
|
|
|
private static function get_input_by_type( |
|
|
|
|
string $input_field_name, |
|
|
|
|
INPUTS $input_type, |
|
|
|
|
FIELD_FILTER $options = FIELD_FILTER::raw_string |
|
|
|
|
): mixed { |
|
|
|
|
if ($input_type == INPUTS::debugging) { |
|
|
|
|
if (isset(self::$JSON_POST_DATA[$input_field_name])) { |
|
|
|
|
@ -284,7 +295,7 @@ final class safer_io { |
|
|
|
|
$resolve_input = $input_type->resolve(); |
|
|
|
|
$is_set = filter_has_var($resolve_input, $input_field_name); |
|
|
|
|
if ($is_set) { |
|
|
|
|
return filter_input($resolve_input, $input_field_name, FILTER_DEFAULT, $options->resolve()); |
|
|
|
|
return filter_input($resolve_input, $input_field_name); |
|
|
|
|
} |
|
|
|
|
return null; |
|
|
|
|
} |
|
|
|
|
@ -295,14 +306,14 @@ final class safer_io { |
|
|
|
|
* @param array $a['html'] of type HTML_FLAG |
|
|
|
|
* @return string|bool |
|
|
|
|
*/ |
|
|
|
|
private static function get_safer_string(string $data, array $a): string | bool { |
|
|
|
|
if (isset($a['html']) && $a['html'] instanceof \UnitEnum) { |
|
|
|
|
return self::safer_html($data, $a['html']); |
|
|
|
|
private static function get_safer_string(string $data, use_io $a): string | bool { |
|
|
|
|
if (isset($a->escape_html) && $a->escape_html instanceof \UnitEnum) { |
|
|
|
|
return self::safer_html($data, $a->escape_html); |
|
|
|
|
} |
|
|
|
|
return self::safer_html($data); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private static function get_safer_html($data, array $a) { |
|
|
|
|
private static function get_safer_html($data, use_io $a) { |
|
|
|
|
if (is_string($data)) { |
|
|
|
|
return self::get_safer_string($data, $a); |
|
|
|
|
} else if (\tts\common::get_count($data)) { |
|
|
|
|
@ -331,16 +342,10 @@ final class safer_io { |
|
|
|
|
self::$JSON_POST_DATA = self::get_json_post_data(true, $levels_deep); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Sanitize the inputs based on the rules an optionally trim the string |
|
|
|
|
* @param FIELD_FILTER $default_filter FILTER_SANITIZE_STRING |
|
|
|
|
* @param bool $trim |
|
|
|
|
* @return array [meta, fields, html, errors] |
|
|
|
|
*/ |
|
|
|
|
private static function sanitize_helper( |
|
|
|
|
string $from, |
|
|
|
|
string $input_field_name, |
|
|
|
|
array $a, |
|
|
|
|
use_io $a, |
|
|
|
|
FIELD_FILTER $default_filter = FIELD_FILTER::raw_string, |
|
|
|
|
bool $trim = true, |
|
|
|
|
) : array { |
|
|
|
|
@ -350,14 +355,16 @@ final class safer_io { |
|
|
|
|
$rules = []; |
|
|
|
|
$messages = []; |
|
|
|
|
|
|
|
|
|
if (isset($a['field']) && $a['field'] instanceof \UnitEnum) { |
|
|
|
|
$field_type = $a['field']; |
|
|
|
|
if (isset($a->field_filter) && $a->field_filter instanceof \UnitEnum) { |
|
|
|
|
$field_type = $a->field_filter; |
|
|
|
|
} else { |
|
|
|
|
$field_type = $default_filter; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (isset($a['input']) && $a['input'] instanceof \UnitEnum) { |
|
|
|
|
$user_text = self::get_input_by_type($input_field_name, $a['input'], $field_type); |
|
|
|
|
|
|
|
|
|
if (isset($a->input_var)) { |
|
|
|
|
$user_text = $a->input_var; |
|
|
|
|
} elseif (isset($a->input_type) && $a->input_type instanceof \UnitEnum) { |
|
|
|
|
$user_text = self::get_input_by_type($input_field_name, $a->input_type); |
|
|
|
|
} else { |
|
|
|
|
$ret['name'] = $input_field_name; |
|
|
|
|
$ret['meta']['missing'][] = $input_field_name; |
|
|
|
|
@ -371,15 +378,15 @@ final class safer_io { |
|
|
|
|
$safer_data = false; // needs to be false to fail the validator |
|
|
|
|
$safer_html_data = null; // should be null for ?? operator to work with it.... |
|
|
|
|
|
|
|
|
|
if (isset($a['rule'])) { |
|
|
|
|
$rules[$input_field_name] = $a['rule']; |
|
|
|
|
if (isset($a->validation_rule)) { |
|
|
|
|
$rules[$input_field_name] = $a->validation_rule; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (isset($a['message']) && isset($a['rule'])) { |
|
|
|
|
$messages[$input_field_name] = $a['message']; |
|
|
|
|
if (isset($a->validation_message) && isset($a->validation_rule)) { |
|
|
|
|
$messages[$input_field_name] = $a->validation_message; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
$db = (isset($a['skip_db'])) ? $a['skip_db'] : false; |
|
|
|
|
$db = (isset($a->skip_the_db)) ? $a->skip_the_db : false; |
|
|
|
|
$meta[$input_field_name]['type'] = $field_type->name; |
|
|
|
|
$meta[$input_field_name]['skip_db'] = $db; |
|
|
|
|
|
|
|
|
|
@ -429,7 +436,7 @@ final class safer_io { |
|
|
|
|
if ($field_type == FIELD_FILTER::integer_number || $field_type == FIELD_FILTER::floating_point) { |
|
|
|
|
$safer_db_data = $safer_data; |
|
|
|
|
} else { |
|
|
|
|
if (isset($a['db']) && $a['db'] == DB_FILTER::ON) { |
|
|
|
|
if (isset($a->use_db_filter) && $a->use_db_filter == DB_FILTER::ON) { |
|
|
|
|
$safe_for_db = \tts\safer_sql::get_safer_sql_text($safer_data); |
|
|
|
|
$text = $safe_for_db["text"]; |
|
|
|
|
} else { |
|
|
|
|
@ -455,20 +462,15 @@ final class safer_io { |
|
|
|
|
return $ret; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Sanitize the inputs based on the rules an optionally trim the string |
|
|
|
|
* @param array $inputs [input, field, html, rule, message, skip_db, db] |
|
|
|
|
* @param FIELD_FILTER $default_filter FILTER_SANITIZE_STRING |
|
|
|
|
* @param bool $trim |
|
|
|
|
* @return Generator |
|
|
|
|
*/ |
|
|
|
|
public static function db_sanitize( |
|
|
|
|
array $inputs, |
|
|
|
|
FIELD_FILTER $default_filter = FIELD_FILTER::raw_string, |
|
|
|
|
bool $trim = true, |
|
|
|
|
) : \Generator { |
|
|
|
|
foreach ($inputs as $input_field_name => $a) { |
|
|
|
|
if (! $a instanceof use_io) { |
|
|
|
|
continue; |
|
|
|
|
} |
|
|
|
|
$yield = static::sanitize_helper( |
|
|
|
|
"db", |
|
|
|
|
$input_field_name, |
|
|
|
|
@ -479,20 +481,16 @@ final class safer_io { |
|
|
|
|
yield $yield; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Sanitize the inputs based on the rules an optionally trim the string |
|
|
|
|
* @param array $inputs [input, field, html, rule, message, skip_db, db] |
|
|
|
|
* @param FIELD_FILTER $default_filter FILTER_SANITIZE_STRING |
|
|
|
|
* @param bool $trim |
|
|
|
|
* @return Generator |
|
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
public static function logic_sanitize( |
|
|
|
|
array $inputs, |
|
|
|
|
FIELD_FILTER $default_filter = FIELD_FILTER::raw_string, |
|
|
|
|
bool $trim = true, |
|
|
|
|
) : \Generator { |
|
|
|
|
foreach ($inputs as $input_field_name => $a) { |
|
|
|
|
if (! $a instanceof use_io) { |
|
|
|
|
continue; |
|
|
|
|
} |
|
|
|
|
$yield = static::sanitize_helper( |
|
|
|
|
"logic", |
|
|
|
|
$input_field_name, |
|
|
|
|
@ -506,17 +504,19 @@ final class safer_io { |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Sanitize the inputs based on the rules an optionally trim the string |
|
|
|
|
* @param array $inputs [input, field, html, rule, message, skip_db, db] |
|
|
|
|
* @param FIELD_FILTER $default_filter FILTER_SANITIZE_STRING |
|
|
|
|
* @param bool $trim |
|
|
|
|
* @return Generator |
|
|
|
|
*/ |
|
|
|
|
public static function html_sanitize( |
|
|
|
|
public static function html_escape_and_sanitize( |
|
|
|
|
array $inputs, |
|
|
|
|
FIELD_FILTER $default_filter = FIELD_FILTER::raw_string, |
|
|
|
|
bool $trim = true, |
|
|
|
|
) : \Generator { |
|
|
|
|
foreach ($inputs as $input_field_name => $a) { |
|
|
|
|
if (! $a instanceof use_io) { |
|
|
|
|
continue; |
|
|
|
|
} |
|
|
|
|
$yield = static::sanitize_helper( |
|
|
|
|
"html", |
|
|
|
|
$input_field_name, |
|
|
|
|
|
Robert
3 years ago