/**
* Performs value sanitation.
*
* Sanitizes a value with a given filter.
* Valid values for $filter are all PHP defined FILTER_SANITIZE_* constants or a string value.
* If $filter is one of those constants, $filter_options apply as in PHP documentation.
* See http://www.php.net/manual/en/filter.filters.sanitize.php for details on that.
* If $filter is a string see code below for details.
* Mentionable here:
* - 'array': Will treat value as an array. You may provide filter_options to
* be a string (like 'int') defining a type for all array elements or
* to be an array that should contain the same keys (count and name) as the
* value and each filter_option[key] value defines another type.
* Sample: $filter='array', $filter_options=array('int','bool','string')
* - 'object': Will treat the value as object and simply return it if it is one.
* May also be a string defining the storage_id of an object in object store.
* In that case restore_object($value) will be returned.
*
* Another note: sanitize will fill the log with messages severity WARN if something unexpected
* happen. This is especially the case when default values are returned for invalid inputs.
* So have an eye on the logs!
*
* @param mixed $value The value to be sanitized
* @param string|int $filter Type of filter
* @param mixed $filter_options Optional options for the filter
* @return mixed The sanitized value
*/
public static function sanitize($value, $filter, $filter_options = null)
{
if (is_string($filter)) {
$filter = strtoupper($filter);
switch ($filter) {
case 'STRING':
case 'TEXT':
case 'STRIPPED':
case 'VARCHAR':
return filter_var($value, FILTER_SANITIZE_STRING);
case 'URL':
case 'URI':
return filter_var($value, FILTER_SANITIZE_URL);
case 'MAIL':
case 'EMAIL':
$value = filter_var($value, FILTER_SANITIZE_EMAIL);
if (!preg_match("/^[a-zA-Z0-9,!#\$%&'\\*\\+\\/=\\?\\^_`\\{\\|}~-]+(\\.[a-zA-Z0-9,!#\$%&'\\*\\+\\/=\\?\\^_`\\{\\|}~-]+)*@[a-zA-Z0-9-]+(\\.[a-z0-9-]+)*\\.([a-zA-Z]{2,})\$/", $value)) {
if (is_null($filter_options) || ($filter_options = false)) {
log_warn("Invalid eMail address '{$value}'. Retuning empty string");
return "";
}
}
return $value;
case 'INT':
case 'INTEGER':
if (intval($value) . "" == "{$value}") {
return intval($value);
}
log_warn("Value '{$value}' is no valid '{$filter}'. Returning 0");
return 0;
case 'BOOL':
case 'BOOLEAN':
if (is_string($value)) {
if ($value == '' || $value == '0' || strtolower($value) == "false") {
return false;
} else {
return true;
}
}
return $value == true;
case 'FLOAT':
case 'DOUBLE':
if (is_string($value) && !is_null(self::$_ci)) {
return self::$_ci->NumberFormat->StrToNumber($value);
}
log_warn("No CultureInfo specified for '{$filter}'. Returning doubleval({$value})");
return doubleval($value);
case 'CURRENCY':
if (is_string($value) && !is_null(self::$_ci)) {
return self::$_ci->CurrencyFormat->StrToCurrencyValue($value);
}
log_warn("No CultureInfo specified for '{$filter}'. Returning doubleval({$value})");
return doubleval($value);
case 'ARRAY':
if (is_array($value)) {
if (!is_null($filter_options)) {
if (is_string($filter_options)) {
foreach ($value as $k => $v) {
$value[$k] = self::sanitize($v, "{$filter_options}");
}
return $value;
}
if (is_array($filter_options)) {
foreach ($value as $k => $v) {
if (isset($filter_options[$k])) {
$value[$k] = self::sanitize($v, $filter_options[$k] . '');
} else {
log_warn("Array elements filter not given for key '{$k}'. Leaving value unfiltered");
}
}
return $value;
}
}
return $value;
}
log_warn("Value is no array. Returning empty array");
return array();
case 'OBJECT':
if (is_string($value) && in_object_storage($value)) {
return restore_object($value);
}
if (is_object($value)) {
return $value;
}
log_warn("Value is not an object nor in session storage. Returning NULL");
return null;
}
log_warn("Unknown filter '{$filter}'. Returning unsanitized value '{$value}'");
return $value;
}
return filter_var($value, $filter, $filter_options);
}
/**
* Tries to set up a category for a logged in user.
*
* Checks the object store for an object with id $object_storage_id
* that contains a field $fieldname. Then adds content of that field as category to all loggers.
*
* Note: This will NOT extend the logger with information as logging_extend_logger does!
* @param string $object_storage_id Storage ID of the object to check for
* @param string $fieldname Name of field/property to use as category ('name' will use $obj->name as category)
* @return void
*/
function logging_set_user($object_storage_id = 'user', $fieldname = 'username')
{
if (in_object_storage('user')) {
$lu = restore_object('user');
if ($lu && isset($lu->username) && $lu->username) {
logging_add_category($lu->username);
}
}
}
/**
* Instanciates the previously chosen controller
*
* Checks what is requested: and object from the object-store, a controller via classname and loads/instaciates it.
* Will also die in AJAX requests when something weird is called or throw an exception if in normal mode.
* @param mixed $controller_id Whatever system_parse_request_path() returned
* @return ICallable Fresh Instance of whatever is needed
*/
function system_instanciate_controller($controller_id)
{
if (in_object_storage($controller_id)) {
$res = restore_object($controller_id);
} elseif (class_exists($controller_id)) {
$res = new $controller_id();
} else {
WdfException::Raise("ACCESS DENIED: Unknown controller '{$controller_id}'");
}
if (system_is_ajax_call()) {
if (!$res instanceof Renderable && !$res instanceof WdfResource) {
log_fatal("ACCESS DENIED: {$controller_id} is no Renderable");
die("__SESSION_TIMEOUT__");
}
} else {
if (!$res instanceof ICallable) {
WdfException::Raise("ACCESS DENIED: {$controller_id} is no ICallable");
}
}
return $res;
}
/**
* Checks a given array for data for this and updates another array accordingly
*
* This is kind of internal, so will not be documented further. Only that it ensures typed data in the $args argument
* from the $data argument. We will most likely clean this procedure up in the future.
* @param array $data Combined request data
* @param array $args resulting typed values
* @return boolean|string true if everything went fine, an error string if not
*/
function UpdateArgs($data, &$args)
{
global $CONFIG;
if ($CONFIG['requestparam']['ignore_case']) {
$name = strtolower($this->Name);
foreach ($data as $k => $v) {
unset($data[$k]);
$data[strtolower($k)] = $v;
}
} else {
$name = $this->Name;
}
if (isset($GLOBALS['routing_args']) && count($GLOBALS['routing_args']) > 0 && !isset($data[$name])) {
$data[$name] = array_shift($GLOBALS['routing_args']);
}
if (!isset($data[$name])) {
if (!is_null($this->Default)) {
$args[$this->Name] = $this->Default;
return true;
}
$args[$this->Name] = null;
return 'missing';
}
if (!isset($GLOBALS['request_param_detected_ci'])) {
if (isset($CONFIG['requestparam']['ci_detection_func']) && function_exists($CONFIG['requestparam']['ci_detection_func'])) {
$GLOBALS['request_param_detected_ci'] = $CONFIG['requestparam']['ci_detection_func']();
} else {
$GLOBALS['request_param_detected_ci'] = Localization::detectCulture();
}
}
$ci = $GLOBALS['request_param_detected_ci'];
if (!is_null($this->Type)) {
switch (strtolower($this->Type)) {
case 'object':
if (!in_object_storage($data[$name])) {
return 'object not found';
}
$args[$this->Name] = restore_object($data[$name]);
return true;
case 'array':
case 'file':
if (isset($data[$name]) && is_array($data[$name])) {
$args[$this->Name] = $data[$name];
}
return true;
case 'string':
case 'text':
if ($this->Filter) {
$args[$this->Name] = filter_var($data[$name], $this->Filter, FILTER_FLAG_NO_ENCODE_QUOTES);
} else {
$args[$this->Name] = $data[$name];
}
return true;
case 'email':
$args[$this->Name] = filter_var($data[$name], FILTER_SANITIZE_EMAIL);
return true;
case 'url':
case 'uri':
$args[$this->Name] = filter_var($data[$name], FILTER_SANITIZE_URL);
return true;
case 'int':
case 'integer':
if (intval($data[$name]) . "" != $data[$name]) {
// if( floatval($data[$name])."" != $data[$name] )
return 'invalid int value';
}
$args[$this->Name] = intval($data[$name]);
return true;
case 'float':
case 'double':
case 'currency':
if ($data[$name] . "" == "" && $this->IsOptional()) {
$data[$name] = $this->Default;
$args[$this->Name] = $this->Default;
return true;
}
// if( isset($CONFIG['localization']['float_conversion']) )
// $data[$name] = call_user_func($CONFIG['localization']['float_conversion'],$data[$name]);
// else if( !is_float(floatval($data[$name])) )
// $data[$name] = false;
if (strtolower($this->Type) == 'currency') {
$data[$name] = $ci->CurrencyFormat->StrToCurrencyValue($data[$name]);
} else {
$data[$name] = $ci->NumberFormat->StrToNumber($data[$name]);
}
if ($data[$name] === false) {
return 'invalid float value';
} else {
$args[$this->Name] = $data[$name];
}
return true;
case 'bool':
case 'boolean':
if ($data[$name] == '' || $data[$name] == '0' || strtolower($data[$name]) == "false") {
$args[$this->Name] = false;
} else {
$args[$this->Name] = true;
}
return true;
}
return 'wrong type';
}
$args[$this->Name] = $data[$name];
return true;
}
