/** * Sanitize a raw field value. * * @param string $name The name of the field to sanitize, as specified in the schema. * @param string $value The value to be sanitized. * @return string The sanitized value. */ public function sanitizeField($name, $value) { $schemaFields = $this->_schema->getSchema(); $fieldParameters = $schemaFields[$name]; $sanitizedValue = $value; // Field exists in schema, so validate accordingly if (!isset($fieldParameters['sanitizers']) || empty($fieldParameters['sanitizers'])) { return $this->purgeHtmlCharacters($sanitizedValue); } else { $processed = false; foreach ($fieldParameters['sanitizers'] as $sanitizer => $attributes) { switch (strtolower($sanitizer)) { case "purify": $sanitizedValue = $this->_purifier->purify($sanitizedValue); $processed = true; break; case "escape": $sanitizedValue = $this->escapeHtmlCharacters($sanitizedValue); $processed = true; break; case "purge": $sanitizedValue = $this->purgeHtmlCharacters($sanitizedValue); $processed = true; break; case "raw": $processed = true; break; default: break; } } // If no sanitizers have been applied, then apply purge by default if (!$processed) { $sanitizedValue = $this->purgeHtmlCharacters($sanitizedValue); } return $sanitizedValue; } }
/** * Generate FormValidation compatible rules from the specified RequestSchema, as HTML5 `data-*` attributes. * See [Setting validator options via HTML attributes](http://formvalidation.io/examples/attribute/) as an example of what this function will generate. * * @return array Returns an array of rules, mapping field names -> string of data-* attributes, separated by spaces. * Example: `data-fv-notempty data-fv-notempty-message="The gender is required"`. */ public function formValidationRulesHtml5() { $client_rules = array(); $implicit_rules = array(); foreach ($this->_schema->getSchema() as $field_name => $field) { $field_rules = ""; $validators = $field['validators']; foreach ($validators as $validator_name => $validator) { // Required validator if ($validator_name == "required") { $prefix = "data-fv-notempty"; $field_rules .= $this->html5Attributes($validator, $prefix); } // String length validator if ($validator_name == "length") { $prefix = "data-fv-stringlength"; $field_rules .= $this->html5Attributes($validator, $prefix); if (isset($validator['min'])) { $field_rules .= "{$prefix}-min={$validator['min']} "; } if (isset($validator['max'])) { $field_rules .= "{$prefix}-max={$validator['max']} "; } } // Numeric range validator if ($validator_name == "range") { if (isset($validator['min']) && isset($validator['max'])) { $prefix = "data-fv-between"; $field_rules .= $this->html5Attributes($validator, $prefix); $field_rules .= "{$prefix}-min={$validator['min']} "; $field_rules .= "{$prefix}-max={$validator['max']} "; } else { if (isset($validator['min'])) { $prefix = "data-fv-greaterthan"; $field_rules .= $this->html5Attributes($validator, $prefix); $field_rules .= "{$prefix}-value={$validator['min']} "; } if (isset($validator['max'])) { $prefix = "data-fv-lessthan"; $field_rules .= $this->html5Attributes($validator, $prefix); $field_rules .= "{$prefix}-value={$validator['max']} "; } } } // Integer validator if ($validator_name == "integer") { $prefix = "data-fv-integer"; $field_rules .= $this->html5Attributes($validator, $prefix); } // Array validator if ($validator_name == "array") { $prefix = "data-fv-choice"; $field_rules .= $this->html5Attributes($validator, $prefix); if (isset($validator['min'])) { $field_rules .= "{$prefix}-min={$validator['min']} "; } if (isset($validator['max'])) { $field_rules .= "{$prefix}-max={$validator['max']} "; } } // Email validator if ($validator_name == "email") { $prefix = "data-fv-emailaddress"; $field_rules .= $this->html5Attributes($validator, $prefix); } // Match another field if ($validator_name == "matches") { $prefix = "data-fv-identical"; if (isset($validator['field'])) { $field_rules .= "{$prefix}-field={$validator['field']} "; } else { return null; // TODO: throw exception } $field_rules = $this->html5Attributes($validator, $prefix); // Generates validator for matched field $implicit_rules[$validator['field']] = $field_rules; $implicit_rules[$validator['field']] .= "{$prefix}-field={$field_name} "; } } $client_rules[$field_name] = $field_rules; } // Merge in any implicit rules foreach ($implicit_rules as $field_name => $field) { $client_rules[$field_name] .= $field; } return $client_rules; }
/** * * Generate and add rules from the schema */ private function generateSchemaRules() { foreach ($this->_schema->getSchema() as $field_name => $field) { if (!isset($field['validators'])) { continue; } $validators = $field['validators']; foreach ($validators as $validator_name => $validator) { if (isset($validator['message'])) { $params = array_merge(["self" => $field_name], $validator); $message_set = $this->_translator->translate($validator['message'], $params); } else { $message_set = null; } // Required validator if ($validator_name == "required") { $this->ruleWithMessage("required", $message_set, $field_name); } // String length validator if ($validator_name == "length") { if (isset($validator['min']) && isset($validator['max'])) { $this->ruleWithMessage("lengthBetween", $message_set, $field_name, $validator['min'], $validator['max']); } else { if (isset($validator['min'])) { $this->ruleWithMessage("lengthMin", $message_set, $field_name, $validator['min']); } if (isset($validator['max'])) { $this->ruleWithMessage("lengthMax", $message_set, $field_name, $validator['max']); } } } // Integer validator if ($validator_name == "integer") { $this->ruleWithMessage("integer", $message_set, $field_name); } // Numeric validator if ($validator_name == "numeric") { $this->ruleWithMessage("numeric", $message_set, $field_name); } // Numeric range validator if ($validator_name == "range") { if (isset($validator['min'])) { $this->ruleWithMessage("min", $message_set, $field_name, $validator['min']); } if (isset($validator['max'])) { $this->ruleWithMessage("max", $message_set, $field_name, $validator['max']); } } // Array validator if ($validator_name == "array") { // For now, just check that it is an array. Really we need a new validation rule here. $this->ruleWithMessage("array", $message_set, $field_name); } // Email validator if ($validator_name == "email") { $this->ruleWithMessage("email", $message_set, $field_name); } // Match another field if ($validator_name == "matches") { $this->ruleWithMessage("equals", $message_set, $field_name, $validator['field']); } // Negation of match another field if ($validator_name == "not_matches") { $this->ruleWithMessage("different", $message_set, $field_name, $validator['field']); } // Check membership in array if ($validator_name == "member_of") { $this->ruleWithMessage("in", $message_set, $field_name, $validator['values'], true); // Strict comparison } // Negation of membership if ($validator_name == "not_member_of") { $this->ruleWithMessage("notIn", $message_set, $field_name, $validator['values'], true); // Strict comparison } } } }