Example #1
0
 /**
  * Cleans the field value by type in a secure way for SQL
  *
  * @param  mixed                    $fieldValue
  * @param  string                   $type           const,sql,param : string,int,float,datetime,formula
  * @param  GetterInterface          $pluginParams
  * @param  DatabaseDriverInterface  $db
  * @param  array|null               $extDataModels
  * @return string|boolean                           STRING: sql-safe value, Quoted or type-casted to int or float, or FALSE in case of type error
  */
 public static function sqlCleanQuote($fieldValue, $type, GetterInterface $pluginParams, DatabaseDriverInterface $db, array $extDataModels = null)
 {
     $typeArray = explode(':', $type, 3);
     if (count($typeArray) < 2) {
         $typeArray = array('const', $type);
     }
     if ($typeArray[0] == 'param') {
         $fieldValue = $pluginParams->get($fieldValue);
     } elseif ($typeArray[0] == 'user') {
         // TODO: Change this to use Inversion Of Control, and allow XML valuetypes to be extended dynamically (e.g. instead of calling specifically CBLib\CB\User or similar when available, it is CB that adds the type and a closure to handle that type.
         if ($fieldValue == 'viewaccesslevels') {
             $fieldValue = Application::MyUser()->getAuthorisedViewLevels();
         } else {
             if ($fieldValue == 'usergroups') {
                 $fieldValue = Application::MyUser()->getAuthorisedGroups(false);
             } else {
                 $fieldValue = \CBuser::getMyUserDataInstance()->get($fieldValue);
             }
         }
     } elseif (in_array($typeArray[0], array('request', 'get', 'post', 'cookie', 'cbcookie', 'session', 'server', 'env'))) {
         $fieldValue = self::_globalConv($typeArray[0], $fieldValue);
     } elseif ($typeArray[0] == 'ext') {
         if (isset($typeArray[2]) && $extDataModels && isset($extDataModels[$typeArray[2]])) {
             $model = $extDataModels[$typeArray[2]];
             if (is_object($model)) {
                 if ($model instanceof ParamsInterface) {
                     $fieldValue = $model->get($fieldValue);
                 } elseif (isset($model->{$fieldValue})) {
                     $fieldValue = $model->{$fieldValue};
                 }
             } elseif (is_array($model)) {
                 if (isset($model[$fieldValue])) {
                     $fieldValue = $model[$fieldValue];
                 }
             } else {
                 $fieldValue = $model;
             }
         } else {
             trigger_error('SQLXML::sqlCleanQuote: ERROR: ext valuetype "' . htmlspecialchars($type) . '" has not been setExternalDataTypeValues.', E_USER_NOTICE);
         }
         // } elseif ( ( $typeArray[0] == 'const' ) || ( $cnt_valtypeArray[0] == 'sql' ) {
         //	$fieldValue	=	$fieldValue;
     }
     if (is_array($fieldValue)) {
         return self::cleanArrayType($fieldValue, $typeArray[1], $db);
     }
     return self::cleanScalarType($fieldValue, $typeArray[1], $db);
 }
Example #2
0
 /**
  * Check if a parameters path exists.
  *
  * @param   string  $key  The name of the param or sub-param, e.g. a.b.c
  * @return  boolean
  */
 public function has($key)
 {
     // Check for namespaced get( 'namespace/key' ):
     if (strpos($key, '/') !== false) {
         list($namespace, $subKey) = explode('/', $key, 2);
         return $this->getNamespaceRegistry($namespace)->has($subKey);
     }
     return $this->hasInThis($key) || $this->parent && $this->parent->has($key);
 }
Example #3
0
 /**
  * Check if a parameters path exists.
  *
  * @param   string  $key  The name of the param or sub-param, e.g. a.b.c
  * @return  boolean
  */
 public function has($key)
 {
     return $this->hasInThis($key) || $this->parent && $this->parent->has($key);
 }