/**
* Method to check the fixed param keyword for validity and further more escape the free text elems (even if this is not semantic)
* @param array $whereParam
* @param ParameterObject $d
* @param bool $escapeFreeText if the function shall also escape the free text of the where clause
* @return boolean
*/
public static function isWhereClauseValid($whereParam, $d, $escapeFreeText = true)
{
if (Config::useSecureMode() && $whereParam) {
//error_log(print_r($whereParam,true));
$validFields = Config::getValidTables()[$d->getAttribute(PO::ATTR_TABLE)];
$validOperators = array('LIKE', '=', '<=', '>=', '!=');
$validConcaters = array('OR', 'AND');
foreach ($whereParam as $param_group) {
if (in_array($param_group[0], $validFields)) {
if (in_array($param_group[1], $validOperators)) {
if (in_array($param_group[3], $validConcaters) || $param_group[3] === null) {
continue;
}
}
}
return false;
}
if ($escapeFreeText) {
// secure free text elems
$whereParam = array_map(function ($i) {
$i[2] = sprintf('"%s"', addslashes($i[2]));
return $i;
}, $whereParam);
$d->setAttribute(PO::ATTR_CONDITION, $whereParam);
}
return true;
} else {
return true;
}
}
