Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

match/app/src/Lib/Traits/ValidationTrait.php

Go to file
Benn Oshrin Errata (NOJIRA)
Latest commit b46bf15 May 30, 2022 History
0 contributors

Users who have contributed to this file

98 lines (81 sloc) 3.38 KB
Raw Blame
<?php
/**
* COmanage Validation Trait, shared between Match and Registry
*
* Portions licensed to the University Corporation for Advanced Internet
* Development, Inc. ("UCAID") under one or more contributor license agreements.
* See the NOTICE file distributed with this work for additional information
* regarding copyright ownership.
*
* UCAID licenses this file to you under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with the
* License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* @link http://www.internet2.edu/comanage COmanage Project
* @package common
* @since COmanage Common v1.0.0
* @license Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
*/
/**
* THIS FILE IS MASTERED IN THE COMMON REPOSITORY.
*/
declare(strict_types = 1);
namespace App\Lib\Traits;
trait ValidationTrait {
/**
* Determine if a string submitted from a form is valid input.
*
* @since COmanage Common v1.0.0
* @param string $value Value to validate
* @param array $context Validation context
* @return mixed True if $value validates, or an error string otherwise
*/
public function validateInput($value, array $context) {
// By default, we'll accept anything except < and >. Arguably, we should accept
// anything at all for input (and filter only on output), but this was agreed to
// as an extra "line of defense" against unsanitized HTML output, since there are
// currently no known cases where user-entered input should permit angle brackets.
// XXX we previously supported 'filter'. 'flags', and 'invalidchars' as arguments, do we still need to?
// What component are we?
$COmponent = __('product.code');
// Perform a basic string search.
$invalid = "<>";
if(strlen($value) != strcspn($value, $invalid)) {
// Mismatch, implying bad input
return __($COmponent.'.er.input.invalid');
}
// We require at least one non-whitespace character (CO-1551)
if(!preg_match('/\S/', $value)) {
return __($COmponent.'.er.input.blank');
}
return true;
}
/**
* Determine if a string submitted from a form is valid SQL identifier.
*
* @since COmanage Common v1.0.0
* @param string $value Value to validate
* @param array $context Validation context
* @return mixed True if $value validates, or an error string otherwise
*/
public function validateSqlIdentifier($value, array $context) {
// What component are we?
$COmponent = __('product.code');
// Valid (portable) SQL identifiers begin with a letter or underscore, and
// subsequent characters can also include digits. We'll be a little stricter
// than we need to be for now by only accepting A-Z, when in fact certain
// additional characters (like á) are also acceptable.
if(!preg_match('/^[a-zA-Z_][a-zA-Z0-9_]*$/', $value)) {
return __($COmponent.'.er.input.invalid');
}
return true;
}
}