/** * Sanitize post data, specifically handling any date and date time conversions from local format to the * database format. * @param string $importRulesType * @param array $postMappingData */ public static function sanitizePostByTypeForSavingMappingData($importRulesType, $postMappingData) { assert('is_string($importRulesType)'); assert('is_array($postMappingData)'); foreach ($postMappingData as $columnName => $mappingData) { if (!isset($mappingData['mappingRulesData'])) { $postMappingData[$columnName]['mappingRulesData'] = array(); } } foreach ($postMappingData as $columnName => $mappingData) { foreach ($mappingData['mappingRulesData'] as $mappingRuleFormClassName => $mappingRuleFormData) { $model = MappingRuleFormAndElementTypeUtil::makeForm($importRulesType, $mappingData['attributeIndexOrDerivedType'], $mappingRuleFormClassName); foreach ($mappingRuleFormData as $attributeName => $value) { if ($value !== null) { if (!is_array($value)) { if ($model->isAttribute($attributeName) && $model->isAttributeSafe($attributeName)) { $type = ModelAttributeToMixedTypeUtil::getTypeByModelUsingValidator($model, $model::getAttributeName()); if ($type == 'Date') { $postMappingData[$columnName]['mappingRulesData'][$mappingRuleFormClassName][$attributeName] = DateTimeUtil::resolveValueForDateDBFormatted($value); } if ($type == 'DateTime' && !empty($value)) { $postMappingData[$columnName]['mappingRulesData'][$mappingRuleFormClassName][$attributeName] = DateTimeUtil::convertDateTimeLocaleFormattedDisplayToDbFormattedDateTimeWithSecondsAsZero($value); } } } } } } } return $postMappingData; }
/** * @depends testPurifyHtmlAndModifyInputUsingArrayWalkRecursive */ public function testSanitizeDataByDesignerTypeForSavingModel() { $data = array('firstName' => 'Steve', 'lastName' => 'Thunder<SCRIPT>alert(\'XSS\')</SCRIPT>', 'boolean' => '0', 'date' => '3/25/11', 'dateTime' => '04/05/11 5:00 AM', 'float' => '3.68', 'integer' => '10', 'phone' => '435655', 'string' => 'some string<SCRIPT>alert(\'XSS\')</SCRIPT>', 'textArea' => 'more text here<SCRIPT>alert(\'XSS\')</SCRIPT>', 'url' => 'http://www.zurmo.org', 'dropDown' => array('value' => 'test value<SCRIPT>alert(\'XSS\')</SCRIPT>'), 'radioDropDown' => array('value' => 'my value'), 'multiDropDown' => array('values' => array('multi1', 'multi2')), 'tagCloud' => array('values' => 'tag1,tag2<SCRIPT>alert(\'XSS\')</SCRIPT>')); $model = new TestDataUtilModel(); $sanitizedData = DataUtil::sanitizeDataByDesignerTypeForSavingModel($model, $data); $compareData = array('firstName' => 'Steve', 'lastName' => 'Thunder', 'boolean' => '0', 'date' => DateTimeUtil::resolveValueForDateDBFormatted('3/25/11'), 'dateTime' => DateTimeUtil::convertDateTimeLocaleFormattedDisplayToDbFormattedDateTimeWithSecondsAsZero('04/05/11 5:00 AM'), 'float' => '3.68', 'integer' => '10', 'phone' => '435655', 'string' => 'some string', 'textArea' => 'more text here', 'url' => 'http://www.zurmo.org', 'dropDown' => array('value' => 'test value'), 'radioDropDown' => array('value' => 'my value'), 'multiDropDown' => array('values' => array('multi1', 'multi2')), 'tagCloud' => array('values' => array('tag1', 'tag2'))); $this->assertEquals($compareData, $sanitizedData); }
/** * Supports sanitizing date attributes * @see ModalConfigEditView::setMetadataFromPost() */ public function setMetadataFromPost($postData) { if (isset($postData['beginDate']) && !empty($postData['beginDate'])) { $postData['beginDate'] = DateTimeUtil::resolveValueForDateDBFormatted($postData['beginDate']); } if (isset($postData['endDate']) && !empty($postData['endDate'])) { $postData['endDate'] = DateTimeUtil::resolveValueForDateDBFormatted($postData['endDate']); } $this->model->setAttributes($postData); }
/** * Sanitizes data for date and date time attributes by converting them to the proper * format and timezone for saving. * @return - array sanitized data */ public static function sanitizeDataByDesignerTypeForSavingModel($model, $data) { assert('$model instanceof RedBeanModel || $model instanceof ModelForm'); assert('is_array($data)'); foreach ($data as $attributeName => $value) { if ($value !== null && static::isNotMarkedSkipped($attributeName)) { if (!is_array($value)) { if ($model->isAttribute($attributeName) && $model->isAttributeSafe($attributeName)) { $designerType = ModelAttributeToDesignerTypeUtil::getDesignerType($model, $attributeName); if ($designerType == 'Date' && !empty($value)) { $data[$attributeName] = DateTimeUtil::resolveValueForDateDBFormatted($value); } if ($designerType == 'DateTime' && !empty($value)) { $data[$attributeName] = DateTimeUtil::convertDateTimeLocaleFormattedDisplayToDbFormattedDateTimeWithSecondsAsZero($value); } $data[$attributeName] = static::purifyHtml($data[$attributeName]); } } else { try { $designerType = ModelAttributeToDesignerTypeUtil::getDesignerType($model, $attributeName); } catch (NotImplementedException $e) { //In the event that a designer type does not exist. $designerType = null; } if ($model->isAttributeSafe($attributeName) && $designerType != 'TagCloud') { if ($designerType == 'MixedDateTypesForSearch' && isset($value['firstDate']) && $value['firstDate'] != null) { $data[$attributeName]['firstDate'] = DateTimeUtil::resolveValueForDateDBFormatted($value['firstDate']); } if ($designerType == 'MixedDateTypesForSearch' && isset($value['secondDate']) && $value['secondDate'] != null) { $data[$attributeName]['secondDate'] = DateTimeUtil::resolveValueForDateDBFormatted($value['secondDate']); } } elseif (isset($value['values']) && is_string($value['values']) && $designerType == 'TagCloud') { if ($data[$attributeName]['values'] == '') { $data[$attributeName]['values'] = array(); } else { $data[$attributeName]['values'] = explode(',', $data[$attributeName]['values']); // Not Coding Standard } } if ($designerType == 'CheckBox') { $data[$attributeName] = $value['value']; } else { array_walk_recursive($data[$attributeName], array(get_called_class(), 'purifyHtmlAndModifyInput')); } } } } return $data; }
/** * @param string $moduleClassName * @param string $modelClassName * @param string $reportType * @param array $filterData * @return array */ protected static function sanitizeFilterData($moduleClassName, $modelClassName, $reportType, $filterData) { assert('is_string($moduleClassName)'); assert('is_string($modelClassName)'); assert('is_string($reportType)'); assert('is_array($filterData)'); $filterForSanitizing = new FilterForReportForm($moduleClassName, $moduleClassName::getPrimaryModelName(), $reportType); $filterForSanitizing->setAttributes($filterData); $valueElementType = null; $valueElementType = $filterForSanitizing->getValueElementType(); if ($valueElementType == 'MixedDateTypesForReport') { if (isset($filterData['value']) && $filterData['value'] !== null) { $filterData['value'] = DateTimeUtil::resolveValueForDateDBFormatted($filterData['value']); } if (isset($filterData['secondValue']) && $filterData['secondValue'] !== null) { $filterData['secondValue'] = DateTimeUtil::resolveValueForDateDBFormatted($filterData['secondValue']); } } return $filterData; }
public function testResolveValueForDateDBFormatted() { $displayValue = DateTimeUtil::resolveValueForDateDBFormatted('7/1/07'); $this->assertEquals('2007-07-01', $displayValue); //other locales Yii::app()->setLanguage('de'); $displayValue = DateTimeUtil::resolveValueForDateDBFormatted('01.07.07'); $this->assertEquals('2007-07-01', $displayValue); }
/** * @param $attributeName * @param $value * @return string */ public static function sanitizeHiddenAttributeValue($attributeName, $value) { $designerType = ModelAttributeToDesignerTypeUtil::getDesignerType(new Contact(false), $attributeName); $sanitizedAttributeValue = $value; if ($designerType == 'Date' && !empty($value)) { $sanitizedAttributeValue = DateTimeUtil::resolveValueForDateDBFormatted($value); } if ($designerType == 'DateTime' && !empty($value)) { $sanitizedAttributeValue = DateTimeUtil::convertDateTimeLocaleFormattedDisplayToDbFormattedDateTimeWithSecondsAsZero($value); } return DataUtil::purifyHtml($sanitizedAttributeValue); }