Browse Source

add common validation/filter library for text input fields

main
ghost 1 year ago
parent
commit
62679eb67f
  1. 1
      src/config/bootstrap.php
  2. 48
      src/library/filter.php
  3. 84
      src/public/edit.php

1
src/config/bootstrap.php

@ -41,6 +41,7 @@ require_once __DIR__ . '/../library/scrapeer.php';
require_once __DIR__ . '/../library/time.php'; require_once __DIR__ . '/../library/time.php';
require_once __DIR__ . '/../library/curl.php'; require_once __DIR__ . '/../library/curl.php';
require_once __DIR__ . '/../library/valid.php'; require_once __DIR__ . '/../library/valid.php';
require_once __DIR__ . '/../library/filter.php';
// Vendors autoload // Vendors autoload
require_once __DIR__ . '/../../vendor/autoload.php'; require_once __DIR__ . '/../../vendor/autoload.php';

48
src/library/filter.php

@ -0,0 +1,48 @@
<?php
class Filter
{
public static function magnetTitle(mixed $value) : string
{
$value = trim(
strip_tags(
html_entity_decode($value)
)
);
return (string) $value;
}
public static function magnetPreview(mixed $value) : string
{
$value = trim(
strip_tags(
html_entity_decode($value)
)
);
return (string) $value;
}
public static function magnetDescription(mixed $value) : string
{
$value = trim(
strip_tags(
html_entity_decode($value)
)
);
return (string) $value;
}
public static function magnetDn(mixed $value) : string
{
$value = trim(
strip_tags(
html_entity_decode($value)
)
);
return (string) $value;
}
}

84
src/public/edit.php

@ -227,53 +227,85 @@ else {
$db->updateMagnetApproved($magnet->magnetId, (bool) $user->approved, time()); $db->updateMagnetApproved($magnet->magnetId, (bool) $user->approved, time());
} }
// Meta // Social
if (MAGNET_TITLE_MIN_LENGTH <= mb_strlen($_POST['title']) && MAGNET_TITLE_MAX_LENGTH >= mb_strlen($_POST['title'])) $db->updateMagnetComments($magnet->magnetId, isset($_POST['comments']) ? true : false, time());
$db->updateMagnetSensitive($magnet->magnetId, isset($_POST['sensitive']) ? true : false, time());
if (isset($_POST['public'])) // could be enabled once only because of distributed database model #1
{ {
$db->updateMagnetTitle($magnet->magnetId, trim(strip_tags(html_entity_decode($_POST['title']))), time()); $db->updateMagnetPublic($magnet->magnetId, true, time());
}
// Title
$response->form->title->valid->success = true; $response->form->title->valid->success = true;
$response->form->title->valid->message = false; $response->form->title->valid->message = [];
if (!Valid::magnetTitle($_POST['title'], $response->form->title->valid->message))
{
$response->form->title->valid->success = false;
} }
else else
{ {
$response->form->title->valid->success = false; $db->updateMagnetTitle(
$response->form->title->valid->message = sprintf(_('* required, %s-%s chars'), MAGNET_TITLE_MIN_LENGTH, MAGNET_TITLE_MAX_LENGTH); $magnet->magnetId,
Filter::magnetTitle($_POST['title']),
time()
);
} }
if (mb_strlen($_POST['preview']) < MAGNET_PREVIEW_MIN_LENGTH || mb_strlen($_POST['preview']) > MAGNET_PREVIEW_MAX_LENGTH) // Preview
$response->form->preview->valid->success = true;
$response->form->preview->valid->message = [];
if (!Valid::magnetPreview($_POST['preview'], $response->form->preview->valid->message))
{ {
$response->form->preview->valid->success = false; $response->form->preview->valid->success = false;
$response->form->preview->valid->message = sprintf(_('* required, %s-%s chars, %s provided'), MAGNET_PREVIEW_MIN_LENGTH, MAGNET_PREVIEW_MAX_LENGTH, mb_strlen($_POST['preview']));
} }
else else
{ {
$db->updateMagnetPreview($magnet->magnetId, trim(strip_tags(html_entity_decode($_POST['preview']))), time()); $db->updateMagnetPreview(
$magnet->magnetId,
Filter::magnetPreview($_POST['preview']),
time()
);
} }
if (mb_strlen($_POST['description']) < MAGNET_DESCRIPTION_MIN_LENGTH || mb_strlen($_POST['description']) > MAGNET_DESCRIPTION_MAX_LENGTH) // Description
$response->form->description->valid->success = true;
$response->form->description->valid->message = [];
if (!Valid::magnetDescription($_POST['description'], $response->form->description->valid->message))
{ {
$response->form->description->valid->success = false; $response->form->description->valid->success = false;
$response->form->description->valid->message = sprintf(_('* required, %s-%s chars, %s provided'), MAGNET_DESCRIPTION_MIN_LENGTH, MAGNET_DESCRIPTION_MAX_LENGTH, mb_strlen($_POST['description']));
} }
else else
{ {
$db->updateMagnetDescription($magnet->magnetId, trim(strip_tags(html_entity_decode($_POST['description']))), time()); $db->updateMagnetDescription(
$magnet->magnetId,
Filter::magnetDescription($_POST['description']),
time()
);
} }
// Social // Display Name
$db->updateMagnetComments($magnet->magnetId, isset($_POST['comments']) ? true : false, time()); $response->form->dn->valid->success = true;
$db->updateMagnetSensitive($magnet->magnetId, isset($_POST['sensitive']) ? true : false, time()); $response->form->dn->valid->message = [];
if (isset($_POST['public'])) // could be enabled once only because of distributed database model #1 if (!Valid::magnetDn($_POST['dn'], $response->form->dn->valid->message))
{ {
$db->updateMagnetPublic($magnet->magnetId, true, time()); $response->form->dn->valid->success = false;
} }
// Display Name else
if (isset($_POST['dn']))
{ {
$db->updateMagnetDn($magnet->magnetId, trim(strip_tags(html_entity_decode($_POST['dn']))), time()); $db->updateMagnetDn(
$magnet->magnetId,
Filter::magnetDn($_POST['dn']),
time()
);
} }
// Exact Topic // Exact Topic
@ -469,6 +501,7 @@ else {
$response->form->title->valid->success && $response->form->title->valid->success &&
$response->form->preview->valid->success && $response->form->preview->valid->success &&
$response->form->description->valid->success && $response->form->description->valid->success &&
$response->form->dn->valid->success &&
$response->form->tr->valid->success && $response->form->tr->valid->success &&
$response->form->as->valid->success && $response->form->as->valid->success &&
$response->form->xs->valid->success) $response->form->xs->valid->success)
@ -643,7 +676,7 @@ else {
</svg> </svg>
</sub> </sub>
<?php if ($response->form->title->valid->message) { ?> <?php if ($response->form->title->valid->message) { ?>
<div class="margin-b-8"><?php echo $response->form->title->valid->message ?></div> <div class="margin-b-8"><?php echo implode('<br />', $response->form->title->valid->message) ?></div>
<?php } ?> <?php } ?>
<input class="width-100 margin-t-8 <?php echo ($response->form->title->valid->success ? false : 'background-color-red') ?>" type="text" name="title" value="<?php echo $response->form->title->value ?>" placeholder="<?php echo _('Main title') ?>" maxlength="255" /> <input class="width-100 margin-t-8 <?php echo ($response->form->title->valid->success ? false : 'background-color-red') ?>" type="text" name="title" value="<?php echo $response->form->title->value ?>" placeholder="<?php echo _('Main title') ?>" maxlength="255" />
</label> </label>
@ -655,7 +688,7 @@ else {
</svg> </svg>
</sub> </sub>
<?php if ($response->form->preview->valid->message) { ?> <?php if ($response->form->preview->valid->message) { ?>
<div class="margin-b-8"><?php echo $response->form->preview->valid->message ?></div> <div class="margin-b-8"><?php echo implode('<br />', $response->form->preview->valid->message) ?></div>
<?php } ?> <?php } ?>
<textarea class="width-100 margin-t-8 <?php echo ($response->form->preview->valid->success ? false : 'background-color-red') ?>" name="preview" placeholder="<?php echo _('Shows in listing and meta tags') ?>"><?php echo $response->form->preview->value ?></textarea> <textarea class="width-100 margin-t-8 <?php echo ($response->form->preview->valid->success ? false : 'background-color-red') ?>" name="preview" placeholder="<?php echo _('Shows in listing and meta tags') ?>"><?php echo $response->form->preview->value ?></textarea>
</label> </label>
@ -667,7 +700,7 @@ else {
</svg> </svg>
</sub> </sub>
<?php if ($response->form->description->valid->message) { ?> <?php if ($response->form->description->valid->message) { ?>
<div class="margin-b-8"><?php echo $response->form->description->valid->message ?></div> <div class="margin-b-8"><?php echo implode('<br />', $response->form->description->valid->message) ?></div>
<?php } ?> <?php } ?>
<textarea class="width-100 margin-t-8 <?php echo ($response->form->description->valid->success ? false : 'background-color-red') ?>" name="description" placeholder="<?php echo _('Shows on magnet page') ?>"><?php echo $response->form->description->value ?></textarea> <textarea class="width-100 margin-t-8 <?php echo ($response->form->description->valid->success ? false : 'background-color-red') ?>" name="description" placeholder="<?php echo _('Shows on magnet page') ?>"><?php echo $response->form->description->value ?></textarea>
</label> </label>
@ -720,7 +753,10 @@ else {
<path d="M8 16A8 8 0 1 0 8 0a8 8 0 0 0 0 16zm.93-9.412-1 4.705c-.07.34.029.533.304.533.194 0 .487-.07.686-.246l-.088.416c-.287.346-.92.598-1.465.598-.703 0-1.002-.422-.808-1.319l.738-3.468c.064-.293.006-.399-.287-.47l-.451-.081.082-.381 2.29-.287zM8 5.5a1 1 0 1 1 0-2 1 1 0 0 1 0 2z"/> <path d="M8 16A8 8 0 1 0 8 0a8 8 0 0 0 0 16zm.93-9.412-1 4.705c-.07.34.029.533.304.533.194 0 .487-.07.686-.246l-.088.416c-.287.346-.92.598-1.465.598-.703 0-1.002-.422-.808-1.319l.738-3.468c.064-.293.006-.399-.287-.47l-.451-.081.082-.381 2.29-.287zM8 5.5a1 1 0 1 1 0-2 1 1 0 0 1 0 2z"/>
</svg> </svg>
</sub> </sub>
<input class="width-100 margin-t-8" type="text" name="dn" id="dn" value="<?php echo $response->form->dn->value ?>" placeholder="<?php echo _('A filename to display to the user, for convenience') ?>" maxlength="255" /> <?php if ($response->form->dn->valid->message) { ?>
<div class="margin-b-8"><?php echo implode('<br />', $response->form->dn->valid->message) ?></div>
<?php } ?>
<input class="width-100 margin-t-8 <?php echo ($response->form->dn->valid->success ? false : 'background-color-red') ?>" type="text" name="dn" id="dn" value="<?php echo $response->form->dn->value ?>" placeholder="<?php echo _('A filename to display to the user, for convenience') ?>" maxlength="255" />
</label> </label>
<label class="display-block margin-y-8 padding-t-4" for="kt"> <label class="display-block margin-y-8 padding-t-4" for="kt">
<?php echo _('Keyword Topic (kt)') ?> <?php echo _('Keyword Topic (kt)') ?>

Loading…
Cancel
Save