<?php
/**
* COmanage Validation Trait, shared between Match and Registry
*
* Portions licensed to the University Corporation for Advanced Internet
* Development, Inc. ("UCAID") under one or more contributor license agreements.
* See the NOTICE file distributed with this work for additional information
* regarding copyright ownership.
*
* UCAID licenses this file to you under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with the
* License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* @link http://www.internet2.edu/comanage COmanage Project
* @package common
* @since COmanage Common v1.0.0
* @license Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
*/
/**
* THIS FILE IS MASTERED IN THE COMMON REPOSITORY.
*/
declare(strict_types = 1);
namespace App\Lib\Traits;
trait ValidationTrait {
/**
* Determine if a string submitted from a form is valid input.
*
* @since COmanage Common v1.0.0
* @param string $value Value to validate
* @param array $context Validation context
* @return mixed True if $value validates, or an error string otherwise
*/
public function validateInput($value, array $context) {
// By default, we'll accept anything except < and >. Arguably, we should accept
// anything at all for input (and filter only on output), but this was agreed to
// as an extra "line of defense" against unsanitized HTML output, since there are
// currently no known cases where user-entered input should permit angle brackets.
// XXX we previously supported 'filter'. 'flags', and 'invalidchars' as arguments, do we still need to?
// What component are we?
$COmponent = __('product.code');
// Perform a basic string search.
$invalid = "<>";
if(strlen($value) != strcspn($value, $invalid)) {
// Mismatch, implying bad input
return __($COmponent.'.er.input.invalid');
}
// We require at least one non-whitespace character (CO-1551)
if(!preg_match('/\S/', $value)) {
return __($COmponent.'.er.input.blank');
}
return true;
}
/**
* Determine if a string submitted from a form is valid SQL identifier.
*
* @since COmanage Common v1.0.0
* @param string $value Value to validate
* @param array $context Validation context
* @return mixed True if $value validates, or an error string otherwise
*/
public function validateSqlIdentifier($value, array $context) {
// What component are we?
$COmponent = __('product.code');
// Valid (portable) SQL identifiers begin with a letter or underscore, and
// subsequent characters can also include digits. We'll be a little stricter
// than we need to be for now by only accepting A-Z, when in fact certain
// additional characters (like รก) are also acceptable.
if(!preg_match('/^[a-zA-Z_][a-zA-Z0-9_]*$/', $value)) {
return __($COmponent.'.er.input.invalid');
}
return true;
}
}