[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] api/core_functions.inc.php, 1.1.1.1.2.27
From: |
nomail |
Subject: |
[Phpgroupware-cvs] api/core_functions.inc.php, 1.1.1.1.2.27 |
Date: |
Wed, 30 Jun 2004 20:39:33 +0200 |
Update of /api
Modified Files:
Branch: proposal-branch
core_functions.inc.php
date: 2004/06/30 18:39:33; author: jengo; state: Exp; lines: +32 -7
Log Message:
Added check to ensure fields aren't larger then intended. Developers will need
to use safe_args like:
$args->set('subject',NOTSET,'any',60);
There is also an option in safe_args to halt everything if the field size is
large then maxlen ... by default, it will just chop the field size down
=====================================================================
Index: api/core_functions.inc.php
diff -u api/core_functions.inc.php:1.1.1.1.2.26
api/core_functions.inc.php:1.1.1.1.2.27
--- api/core_functions.inc.php:1.1.1.1.2.26 Mon Jun 28 14:12:57 2004
+++ api/core_functions.inc.php Wed Jun 30 18:39:33 2004
@@ -426,15 +426,18 @@
class safe_args
{
- var $ref = array();
- var $defaults = array();
- var $types = array();
+ var $ref = array();
+ var $defaults = array();
+ var $types = array();
+ var $maxlen = array();
+ var $halt_on_maxlen = false; // Set to true if you
want everything to stop if maxlen is passed
- function set($name,$default=NOTSET,$type='any')
+ function set($name,$default=NOTSET,$type='any',$maxlen=NOTSET)
{
- $this->ref[] = $name;
- $this->types[$name] = $type;
+ $this->ref[] = $name;
+ $this->types[$name] = $type;
$this->defaults[$name] = $default;
+ $this->maxlen[$name] = $maxlen;
}
function idx2name($var)
@@ -514,6 +517,7 @@
$this->error($msg.'
"'.$key.'"',E_USER_ERROR);
continue;
}
+
// not set
if (!isset($received[$key]))
{
@@ -534,6 +538,24 @@
}
continue;
}
+
+ if ($this->maxlen[$key] != NOTSET)
+ {
+ if (strlen($received[$key]) >
$this->maxlen[$key])
+ {
+ if ($this->halt_on_maxlen)
+ {
+
$this->error(lang('Invalid field size for %s',$key),E_USER_WARNING);
+ phpgw_exit();
+ }
+ else
+ {
+ // Just strip the extra
+ $received[$key] =
substr($received[$key],0,$this->maxlen[$key]);
+ }
+ }
+ }
+
// everything else
$val = $received[$key];
if (validate($val,$this->types[$key]))
@@ -541,6 +563,7 @@
$args[$key] = $val;
continue;
}
+
// try to fix if invalid
$val = sanitize($val,$this->types[$key]);
if (validate($val,$this->types[$key]))
@@ -548,6 +571,7 @@
$args[$key] = $val;
continue;
}
+
// Invalid & unfixable
$msg = 'Invalid parameter type for';
if (function_exists('lang'))
@@ -556,6 +580,7 @@
}
$this->error($msg.' "'.$key.'"',E_USER_ERROR);
}
+
return $args;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] api/core_functions.inc.php, 1.1.1.1.2.27,
nomail <=