/**
* Sanitize post data, specifically handling any date and date time conversions from local format to the
* database format.
* @param string $importRulesType
* @param array $postMappingData
*/
public static function sanitizePostByTypeForSavingMappingData($importRulesType, $postMappingData)
{
assert('is_string($importRulesType)');
assert('is_array($postMappingData)');
foreach ($postMappingData as $columnName => $mappingData) {
if (!isset($mappingData['mappingRulesData'])) {
$postMappingData[$columnName]['mappingRulesData'] = array();
}
}
foreach ($postMappingData as $columnName => $mappingData) {
foreach ($mappingData['mappingRulesData'] as $mappingRuleFormClassName => $mappingRuleFormData) {
$model = MappingRuleFormAndElementTypeUtil::makeForm($importRulesType, $mappingData['attributeIndexOrDerivedType'], $mappingRuleFormClassName);
foreach ($mappingRuleFormData as $attributeName => $value) {
if ($value !== null) {
if (!is_array($value)) {
if ($model->isAttribute($attributeName) && $model->isAttributeSafe($attributeName)) {
$type = ModelAttributeToMixedTypeUtil::getTypeByModelUsingValidator($model, $model::getAttributeName());
if ($type == 'Date') {
$postMappingData[$columnName]['mappingRulesData'][$mappingRuleFormClassName][$attributeName] = DateTimeUtil::resolveValueForDateDBFormatted($value);
}
if ($type == 'DateTime' && !empty($value)) {
$postMappingData[$columnName]['mappingRulesData'][$mappingRuleFormClassName][$attributeName] = DateTimeUtil::convertDateTimeLocaleFormattedDisplayToDbFormattedDateTimeWithSecondsAsZero($value);
}
}
}
}
}
}
}
return $postMappingData;
}
/**
* @depends testPurifyHtmlAndModifyInputUsingArrayWalkRecursive
*/
public function testSanitizeDataByDesignerTypeForSavingModel()
{
$data = array('firstName' => 'Steve', 'lastName' => 'Thunder<SCRIPT>alert(\'XSS\')</SCRIPT>', 'boolean' => '0', 'date' => '3/25/11', 'dateTime' => '04/05/11 5:00 AM', 'float' => '3.68', 'integer' => '10', 'phone' => '435655', 'string' => 'some string<SCRIPT>alert(\'XSS\')</SCRIPT>', 'textArea' => 'more text here<SCRIPT>alert(\'XSS\')</SCRIPT>', 'url' => 'http://www.zurmo.org', 'dropDown' => array('value' => 'test value<SCRIPT>alert(\'XSS\')</SCRIPT>'), 'radioDropDown' => array('value' => 'my value'), 'multiDropDown' => array('values' => array('multi1', 'multi2')), 'tagCloud' => array('values' => 'tag1,tag2<SCRIPT>alert(\'XSS\')</SCRIPT>'));
$model = new TestDataUtilModel();
$sanitizedData = DataUtil::sanitizeDataByDesignerTypeForSavingModel($model, $data);
$compareData = array('firstName' => 'Steve', 'lastName' => 'Thunder', 'boolean' => '0', 'date' => DateTimeUtil::resolveValueForDateDBFormatted('3/25/11'), 'dateTime' => DateTimeUtil::convertDateTimeLocaleFormattedDisplayToDbFormattedDateTimeWithSecondsAsZero('04/05/11 5:00 AM'), 'float' => '3.68', 'integer' => '10', 'phone' => '435655', 'string' => 'some string', 'textArea' => 'more text here', 'url' => 'http://www.zurmo.org', 'dropDown' => array('value' => 'test value'), 'radioDropDown' => array('value' => 'my value'), 'multiDropDown' => array('values' => array('multi1', 'multi2')), 'tagCloud' => array('values' => array('tag1', 'tag2')));
$this->assertEquals($compareData, $sanitizedData);
}
/**
* Supports sanitizing date attributes
* @see ModalConfigEditView::setMetadataFromPost()
*/
public function setMetadataFromPost($postData)
{
if (isset($postData['beginDate']) && !empty($postData['beginDate'])) {
$postData['beginDate'] = DateTimeUtil::resolveValueForDateDBFormatted($postData['beginDate']);
}
if (isset($postData['endDate']) && !empty($postData['endDate'])) {
$postData['endDate'] = DateTimeUtil::resolveValueForDateDBFormatted($postData['endDate']);
}
$this->model->setAttributes($postData);
}
/**
* Sanitizes data for date and date time attributes by converting them to the proper
* format and timezone for saving.
* @return - array sanitized data
*/
public static function sanitizeDataByDesignerTypeForSavingModel($model, $data)
{
assert('$model instanceof RedBeanModel || $model instanceof ModelForm');
assert('is_array($data)');
foreach ($data as $attributeName => $value) {
if ($value !== null && static::isNotMarkedSkipped($attributeName)) {
if (!is_array($value)) {
if ($model->isAttribute($attributeName) && $model->isAttributeSafe($attributeName)) {
$designerType = ModelAttributeToDesignerTypeUtil::getDesignerType($model, $attributeName);
if ($designerType == 'Date' && !empty($value)) {
$data[$attributeName] = DateTimeUtil::resolveValueForDateDBFormatted($value);
}
if ($designerType == 'DateTime' && !empty($value)) {
$data[$attributeName] = DateTimeUtil::convertDateTimeLocaleFormattedDisplayToDbFormattedDateTimeWithSecondsAsZero($value);
}
$data[$attributeName] = static::purifyHtml($data[$attributeName]);
}
} else {
try {
$designerType = ModelAttributeToDesignerTypeUtil::getDesignerType($model, $attributeName);
} catch (NotImplementedException $e) {
//In the event that a designer type does not exist.
$designerType = null;
}
if ($model->isAttributeSafe($attributeName) && $designerType != 'TagCloud') {
if ($designerType == 'MixedDateTypesForSearch' && isset($value['firstDate']) && $value['firstDate'] != null) {
$data[$attributeName]['firstDate'] = DateTimeUtil::resolveValueForDateDBFormatted($value['firstDate']);
}
if ($designerType == 'MixedDateTypesForSearch' && isset($value['secondDate']) && $value['secondDate'] != null) {
$data[$attributeName]['secondDate'] = DateTimeUtil::resolveValueForDateDBFormatted($value['secondDate']);
}
} elseif (isset($value['values']) && is_string($value['values']) && $designerType == 'TagCloud') {
if ($data[$attributeName]['values'] == '') {
$data[$attributeName]['values'] = array();
} else {
$data[$attributeName]['values'] = explode(',', $data[$attributeName]['values']);
// Not Coding Standard
}
}
if ($designerType == 'CheckBox') {
$data[$attributeName] = $value['value'];
} else {
array_walk_recursive($data[$attributeName], array(get_called_class(), 'purifyHtmlAndModifyInput'));
}
}
}
}
return $data;
}
/**
* @param string $moduleClassName
* @param string $modelClassName
* @param string $reportType
* @param array $filterData
* @return array
*/
protected static function sanitizeFilterData($moduleClassName, $modelClassName, $reportType, $filterData)
{
assert('is_string($moduleClassName)');
assert('is_string($modelClassName)');
assert('is_string($reportType)');
assert('is_array($filterData)');
$filterForSanitizing = new FilterForReportForm($moduleClassName, $moduleClassName::getPrimaryModelName(), $reportType);
$filterForSanitizing->setAttributes($filterData);
$valueElementType = null;
$valueElementType = $filterForSanitizing->getValueElementType();
if ($valueElementType == 'MixedDateTypesForReport') {
if (isset($filterData['value']) && $filterData['value'] !== null) {
$filterData['value'] = DateTimeUtil::resolveValueForDateDBFormatted($filterData['value']);
}
if (isset($filterData['secondValue']) && $filterData['secondValue'] !== null) {
$filterData['secondValue'] = DateTimeUtil::resolveValueForDateDBFormatted($filterData['secondValue']);
}
}
return $filterData;
}
public function testResolveValueForDateDBFormatted()
{
$displayValue = DateTimeUtil::resolveValueForDateDBFormatted('7/1/07');
$this->assertEquals('2007-07-01', $displayValue);
//other locales
Yii::app()->setLanguage('de');
$displayValue = DateTimeUtil::resolveValueForDateDBFormatted('01.07.07');
$this->assertEquals('2007-07-01', $displayValue);
}
/**
* @param $attributeName
* @param $value
* @return string
*/
public static function sanitizeHiddenAttributeValue($attributeName, $value)
{
$designerType = ModelAttributeToDesignerTypeUtil::getDesignerType(new Contact(false), $attributeName);
$sanitizedAttributeValue = $value;
if ($designerType == 'Date' && !empty($value)) {
$sanitizedAttributeValue = DateTimeUtil::resolveValueForDateDBFormatted($value);
}
if ($designerType == 'DateTime' && !empty($value)) {
$sanitizedAttributeValue = DateTimeUtil::convertDateTimeLocaleFormattedDisplayToDbFormattedDateTimeWithSecondsAsZero($value);
}
return DataUtil::purifyHtml($sanitizedAttributeValue);
}
