/** * Check float and decimal values * * @param $display display or not messages in and addAfterRedirect (true by default) * * @return input the data checked **/ function filterValues($display = true) { // MoYo : comment it because do not understand why filtering is disable // if (in_array('CommonDBRelation', class_parents($this))) { // return true; // } //Type mismatched fields $fails = array(); if (isset($this->input) && is_array($this->input) && count($this->input)) { foreach ($this->input as $key => $value) { $unset = false; $regs = array(); $searchOption = $this->getSearchOptionByField('field', $key); if (isset($searchOption['datatype']) && (is_null($value) || $value == '' || $value == 'NULL')) { switch ($searchOption['datatype']) { case 'date': case 'datetime': // don't use $unset', because this is not a failure $this->input[$key] = 'NULL'; break; } } else { if (isset($searchOption['datatype']) && !is_null($value) && $value != '' && $value != 'NULL') { switch ($searchOption['datatype']) { case 'integer': case 'count': case 'number': case 'decimal': $value = str_replace(',', '.', $value); if ($searchOption['datatype'] == 'decimal') { $this->input[$key] = floatval(Toolbox::cleanDecimal($value)); } else { $this->input[$key] = intval(Toolbox::cleanInteger($value)); } if (!is_numeric($this->input[$key])) { $unset = true; } break; case 'bool': if (!in_array($value, array(0, 1))) { $unset = true; } break; case 'ip': $address = new IPAddress(); if (!$address->setAddressFromString($value)) { $unset = true; } else { if (!$address->is_ipv4()) { $unset = true; } } break; case 'mac': preg_match("/([0-9a-fA-F]{1,2}([:-]|\$)){6}\$/", $value, $regs); if (empty($regs)) { $unset = true; } // Define the MAC address to lower to reduce complexity of SQL queries $this->input[$key] = strtolower($value); break; case 'date': case 'datetime': // Date is already "reformat" according to getDateFormat() $pattern = "/^([0-9]{4})-([0-9]{1,2})-([0-9]{1,2})"; $pattern .= "([_][01][0-9]|2[0-3]:[0-5][0-9]:[0-5]?[0-9])?/"; preg_match($pattern, $value, $regs); if (empty($regs)) { $unset = true; } break; case 'itemtype': //Want to insert an itemtype, but the associated class doesn't exists if (!class_exists($value)) { $unset = true; } case 'email': case 'string': if (strlen($value) > 255) { $this->input[$key] = substr($value, 0, 254); } break; default: //Plugins can implement their own checks if (!$this->checkSpecificValues($searchOption['datatype'], $value)) { $unset = true; } // Copy value if check have update it $this->input[$key] = $value; break; } } } if ($unset) { $fails[] = $searchOption['name']; unset($this->input[$key]); } } } if ($display && count($fails)) { //Display a message to indicate that one or more value where filtered //TRANS: %s is the list of the failed fields $message = sprintf(__('%1$s: %2$s'), __('At least one field has an incorrect value'), implode(',', $fails)); Session::addMessageAfterRedirect($message, INFO, true); } }