kontakt
/
engelsystem
3
0
Fork 0
Code Issues 12 Pull Requests Projects Releases Wiki Activity

fix settings validation

Browse Source
main
msquare 8 years ago
parent f82a3fb1d8
commit 45bbf95972
5 changed files with 210 additions and 126 deletions
Show Stats Download Patch File Download Diff File

63
includes/model/Settings_model.php
Unescape Escape View File

@ -1,40 +1,43 @@
<?php <?php
/** /**
* Update Setting. * Get settings.
*
* @param string $event_name
* @param int $buildup_start_date
* @param int $event_start_date
* @param int $event_end_date
* @param int $teardown_end_date
* @param string $event_welcome_msg
*/ */
function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) { function Settings() {
return sql_query("UPDATE `Settings` SET $settings = sql_select("SELECT * FROM `Settings` LIMIT 1");
`event_name`='" . sql_escape($event_name) . "', if ($settings === false)
`buildup_start_date`='" . sql_escape($buildup_start_date) . "', return false;
`event_start_date`='" . sql_escape($event_start_date) . "', if (count($settings) > 0)
`event_end_date`='" . sql_escape($event_end_date) . "', return $settings[0];
`teardown_end_date`='" . sql_escape($teardown_end_date) . "', return null;
`event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'");
} }
/** /**
* Create Settings. * Update Settings.
* *
* @param string $event_name * @param string $event_name
* @param int $buildup_start_date * @param int $buildup_start_date
* @param int $event_start_date * @param int $event_start_date
* @param int $event_end_date * @param int $event_end_date
* @param int $teardown_end_date * @param int $teardown_end_date
* @param string $event_welcome_msg * @param string $event_welcome_msg
*/ */
function Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) { function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
return sql_query("INSERT INTO `Settings` SET if (Settings() == null) {
`event_name`='" . sql_escape($event_name) . "', return sql_query("INSERT INTO `Settings` SET
`buildup_start_date`='" . sql_escape($buildup_start_date) . "', `event_name`=" . sql_null($event_name) . ",
`event_start_date`='" . sql_escape($event_start_date) . "', `buildup_start_date`=" . sql_null($buildup_start_date) . ",
`event_end_date`='" . sql_escape($event_end_date) . "', `event_start_date`=" . sql_null($event_start_date) . ",
`teardown_end_date`='" . sql_escape($teardown_end_date) . "', `event_end_date`=" . sql_null($event_end_date) . ",
`event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'"); `teardown_end_date`=" . sql_null($teardown_end_date) . ",
`event_welcome_msg`=" . sql_null($event_welcome_msg));
}
return sql_query("UPDATE `Settings` SET
`event_name`=" . sql_null($event_name) . ",
`buildup_start_date`=" . sql_null($buildup_start_date) . ",
`event_start_date`=" . sql_null($event_start_date) . ",
`event_end_date`=" . sql_null($event_end_date) . ",
`teardown_end_date`=" . sql_null($teardown_end_date) . ",
`event_welcome_msg`=" . sql_null($event_welcome_msg));
} }
?> ?>

40
includes/mysqli_provider.php
Unescape Escape View File

@ -5,7 +5,7 @@
*/ */
function sql_close() { function sql_close() {
global $sql_connection; global $sql_connection;
return $sql_connection->close(); return $sql_connection->close();
} }
@ -21,7 +21,7 @@ function sql_null($value = null) {
*/ */
function sql_transaction_start() { function sql_transaction_start() {
global $sql_nested_transaction_level; global $sql_nested_transaction_level;
if ($sql_nested_transaction_level ++ == 0) if ($sql_nested_transaction_level ++ == 0)
return sql_query("BEGIN"); return sql_query("BEGIN");
else else
@ -33,7 +33,7 @@ function sql_transaction_start() {
*/ */
function sql_transaction_commit() { function sql_transaction_commit() {
global $sql_nested_transaction_level; global $sql_nested_transaction_level;
if (-- $sql_nested_transaction_level == 0) if (-- $sql_nested_transaction_level == 0)
return sql_query("COMMIT"); return sql_query("COMMIT");
else else
@ -45,7 +45,7 @@ function sql_transaction_commit() {
*/ */
function sql_transaction_rollback() { function sql_transaction_rollback() {
global $sql_nested_transaction_level; global $sql_nested_transaction_level;
if (-- $sql_nested_transaction_level == 0) if (-- $sql_nested_transaction_level == 0)
return sql_query("ROLLBACK"); return sql_query("ROLLBACK");
else else
@ -55,17 +55,17 @@ function sql_transaction_rollback() {
/** /**
* Logs an sql error. * Logs an sql error.
* *
* @param string $message * @param string $message
* @return false * @return false
*/ */
function sql_error($message) { function sql_error($message) {
sql_close(); sql_close();
$message = trim($message) . "\n"; $message = trim($message) . "\n";
$message .= debug_string_backtrace() . "\n"; $message .= debug_string_backtrace() . "\n";
error_log('mysql_provider error: ' . $message); error_log('mysql_provider error: ' . $message);
return false; return false;
} }
@ -84,21 +84,21 @@ function sql_error($message) {
*/ */
function sql_connect($host, $user, $pass, $db) { function sql_connect($host, $user, $pass, $db) {
global $sql_connection; global $sql_connection;
$sql_connection = new mysqli($host, $user, $pass, $db); $sql_connection = new mysqli($host, $user, $pass, $db);
if ($sql_connection->connect_errno) { if ($sql_connection->connect_errno) {
error("Unable to connect to MySQL: " . $sql_connection->connect_error); error("Unable to connect to MySQL: " . $sql_connection->connect_error);
return sql_error("Unable to connect to MySQL: " . $sql_connection->connect_error); return sql_error("Unable to connect to MySQL: " . $sql_connection->connect_error);
} }
$result = $sql_connection->query("SET CHARACTER SET utf8;"); $result = $sql_connection->query("SET CHARACTER SET utf8;");
if (! $result) if (! $result)
return sql_error("Unable to set utf8 character set (" . $sql_connection->errno . ") " . $sql_connection->error); return sql_error("Unable to set utf8 character set (" . $sql_connection->errno . ") " . $sql_connection->error);
$result = $sql_connection->set_charset('utf8'); $result = $sql_connection->set_charset('utf8');
if (! $result) if (! $result)
return sql_error("Unable to set utf8 names (" . $sql_connection->errno . ") " . $sql_connection->error); return sql_error("Unable to set utf8 names (" . $sql_connection->errno . ") " . $sql_connection->error);
return $sql_connection; return $sql_connection;
} }
@ -119,12 +119,12 @@ function sql_select_db($db_name) {
/** /**
* MySQL SELECT query * MySQL SELECT query
* *
* @param string $query * @param string $query
* @return Result array or false on error * @return Result array or false on error
*/ */
function sql_select($query) { function sql_select($query) {
global $sql_connection; global $sql_connection;
$result = $sql_connection->query($query); $result = $sql_connection->query($query);
if ($result) { if ($result) {
$data = array(); $data = array();
@ -138,12 +138,12 @@ function sql_select($query) {
/** /**
* MySQL execute a query * MySQL execute a query
* *
* @param string $query * @param string $query
* @return mysqli_result boolean resource or false on error * @return mysqli_result boolean resource or false on error
*/ */
function sql_query($query) { function sql_query($query) {
global $sql_connection; global $sql_connection;
$result = $sql_connection->query($query); $result = $sql_connection->query($query);
if ($result) { if ($result) {
return $result; return $result;
@ -164,7 +164,7 @@ function sql_id() {
/** /**
* Escape a string for a sql query. * Escape a string for a sql query.
* *
* @param string $query * @param string $query
* @return string * @return string
*/ */
function sql_escape($query) { function sql_escape($query) {
@ -175,7 +175,7 @@ function sql_escape($query) {
/** /**
* Convert a boolean for mysql-queries. * Convert a boolean for mysql-queries.
* *
* @param boolean $boolean * @param boolean $boolean
* @return string * @return string
*/ */
function sql_bool($boolean) { function sql_bool($boolean) {
@ -185,7 +185,7 @@ function sql_bool($boolean) {
/** /**
* Count query result lines. * Count query result lines.
* *
* @param string $query * @param string $query
* @return int Count of result lines * @return int Count of result lines
*/ */
function sql_num_query($query) { function sql_num_query($query) {

155
includes/pages/admin_settings.php
Unescape Escape View File

@ -1,87 +1,94 @@
<?php <?php
function admin_settings_title() { function admin_settings_title() {
return _("Settings"); return _("Settings");
} }
function admin_settings() { function admin_settings() {
$settings_source = sql_select("SELECT * FROM `Settings`"); $event_name = null;
if (count($settings_source) == 1) { $event_welcome_msg = null;
$event_name = $settings_source[0]['event_name']; $buildup_start_date = null;
$buildup_start_date = $settings_source[0]['buildup_start_date']; $event_start_date = null;
$event_start_date = $settings_source[0]['event_start_date']; $event_end_date = null;
$event_end_date = $settings_source[0]['event_end_date']; $teardown_end_date = null;
$teardown_end_date = $settings_source[0]['teardown_end_date'];
$event_welcome_msg = $settings_source[0]['event_welcome_msg']; $settings_source = Settings();
if ($settings_source === false)
engelsystem_error('Unable to load settings.');
if ($settings_source != null) {
$event_name = $settings_source['event_name'];
$buildup_start_date = $settings_source['buildup_start_date'];
$event_start_date = $settings_source['event_start_date'];
$event_end_date = $settings_source['event_end_date'];
$teardown_end_date = $settings_source['teardown_end_date'];
$event_welcome_msg = $settings_source['event_welcome_msg'];
} }
if (isset($_REQUEST['submit'])) { if (isset($_REQUEST['submit'])) {
$ok = true; $ok = true;
if (isset($_REQUEST['event_name']))
$event_name = strip_request_item('event_name'); if (isset($_REQUEST['event_name']))
if (isset($_REQUEST['buildup_start_date']) && $_REQUEST['buildup_start_date'] != '') { $event_name = strip_request_item('event_name');
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['buildup_start_date']))) { if ($event_name == '')
$buildup_start_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['buildup_start_date']))->getTimestamp(); $event_name = null;
} else {
$ok = false; if (isset($_REQUEST['event_welcome_msg']))
$msg .= error(_("Please enter buildup start date."), true); $event_welcome_msg = strip_request_item_nl('event_welcome_msg');
} if ($event_welcome_msg == '')
} else $event_welcome_msg = null;
$buildup_start_date = null;
if (isset($_REQUEST['event_start_date']) && $_REQUEST['event_start_date'] != '') { $result = check_request_date('buildup_start_date', _("Please enter buildup start date."), true);
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_start_date']))) { $buildup_start_date = $result->getValue();
$event_start_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_start_date']))->getTimestamp(); $ok &= $result->isOk();
} else {
$ok = false; $result = check_request_date('event_start_date', _("Please enter event start date."), true);
$msg .= error(_("Please enter event start date."), true); $event_start_date = $result->getValue();
} $ok &= $result->isOk();
} else
$event_start_date = null; $result = check_request_date('event_end_date', _("Please enter event end date."), true);
if (isset($_REQUEST['event_end_date']) && $_REQUEST['event_end_date'] != '') { $event_end_date = $result->getValue();
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_end_date']))) { $ok &= $result->isOk();
$event_end_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['event_end_date']))->getTimestamp();
} else { $result = check_request_date('teardown_end_date', _("Please enter teardown end date."), true);
$ok = false; $teardown_end_date = $result->getValue();
$msg .= error(_("Please enter event end date."), true); $ok &= $result->isOk();
}
} else if ($ok) {
$event_end_date = null; $result = Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
if (isset($_REQUEST['teardown_end_date']) && $_REQUEST['teardown_end_date'] != '') {
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['teardown_end_date']))) { if ($result === false)
$teardown_end_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['teardown_end_date']))->getTimestamp(); engelsystem_error("Unable to update settings.");
} else {
$ok = false; success(_("Settings saved."));
$msg .= error(_("Please enter teardown end date."), true); redirect(page_link_to('admin_settings'));
} }
} else }
$teardown_end_date = null;
if (isset($_REQUEST['event_welcome_msg']))
$event_welcome_msg = strip_request_item('event_welcome_msg');
}
if ($ok) {
if (count($settings_source) == 1)
Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
else
Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg);
success(_("Settings saved.")); return page_with_title(admin_settings_title(), [
redirect(page_link_to('admin_settings'));
}
return page_with_title(admin_settings_title(), array(
$msg,
msg(), msg(),
div('row', array( form([
div('col-md-12', array( div('row', [
form(array( div('col-md-6', [
form_info('', _("Here you can change event information.")), form_text('event_name', _("Event Name"), $event_name),
form_text('event_name', _("Event Name"), $event_name), form_info('', _("Event Name is shown on the start page.")),
form_date('buildup_start_date', _("Buildup date"), $buildup_start_date, time()), form_textarea('event_welcome_msg', _("Event Welcome Message"), $event_welcome_msg),
form_date('event_start_date', _("Event start date"), $event_start_date, time()), form_info('', _("Welcome message is shown after successful registration. You can use markdown."))
form_date('event_end_date', _("Event end date"), $event_end_date, time()), ]),
form_date('teardown_end_date', _("Teardown end date"), $teardown_end_date, time()), div('col-md-3', [
form_info('', _("Here you can write your display message for registration:")), form_date('buildup_start_date', _("Buildup date"), $buildup_start_date),
form_text('event_welcome_msg', _("Event Welcome Message"), $event_welcome_msg), form_date('event_start_date', _("Event start date"), $event_start_date)
form_submit('submit', _("Save")) ]),
)) div('col-md-3', [
)) form_date('teardown_end_date', _("Teardown end date"), $teardown_end_date),
)) form_date('event_end_date', _("Event end date"), $event_end_date)
)); ])
]),
div('row', [
div('col-md-6', [
form_submit('submit', _("Save"))
])
])
])
]);
} }
?> ?>

74
includes/sys_page.php
Unescape Escape View File

@ -18,6 +18,46 @@ function raw_output($output) {
die(); die();
} }
/**
* Checks if given request item (name) can be parsed to a date.
* If not parsable, given error message is put into msg() and null is returned.
*
* @param string $input
* String to be parsed into a date.
* @param string $error_message
* the error message displayed if $input is not parsable
* @param boolean $null_allowed
* is a null value allowed?
* @return ValidationResult containing the parsed date
*/
function check_request_date($name, $error_message = null, $null_allowed = false) {
if (! isset($_REQUEST[$name]))
return new ValidationResult($null_allowed, null);
return check_date($_REQUEST[$name], $error_message, $null_allowed);
}
/**
* Checks if given string can be parsed to a date.
* If not parsable, given error message is put into msg() and null is returned.
*
* @param string $input
* String to be parsed into a date.
* @param string $error_message
* the error message displayed if $input is not parsable
* @param boolean $null_allowed
* is a null value allowed?
* @return ValidationResult containing the parsed date
*/
function check_date($input, $error_message = null, $null_allowed = false) {
if (DateTime::createFromFormat("Y-m-d", trim($input)))
return new ValidationResult(true, DateTime::createFromFormat("Y-m-d", trim($input)));
if ($null_allowed)
return new ValidationResult(true, null);
error($error_message);
return new ValidationResult(false, null);
}
/** /**
* Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück * Gibt den gefilterten REQUEST Wert ohne Zeilenumbrüche zurück
*/ */
@ -57,4 +97,38 @@ function check_email($email) {
return (bool) filter_var($email, FILTER_VALIDATE_EMAIL); return (bool) filter_var($email, FILTER_VALIDATE_EMAIL);
} }
class ValidationResult {
private $ok;
private $value;
/**
* Constructor.
*
* @param boolean $ok
* Is the value valid?
* @param * $value
* The validated value
*/
public function ValidationResult($ok, $value) {
$this->ok = $ok;
$this->value = $value;
}
/**
* Is the value valid?
*/
public function isOk() {
return $this->ok;
}
/**
* The parsed/validated value.
*/
public function getValue() {
return $this->value;
}
}
?> ?>

4
test/phpunit.xml
Unescape Escape View File

@ -1,11 +1,11 @@
<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.0/phpunit.xsd" xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.5/phpunit.xsd"
bootstrap="../includes/engelsystem_provider.php" colors="true" bootstrap="../includes/engelsystem_provider.php" colors="true"
convertErrorsToExceptions="true" convertNoticesToExceptions="true" convertErrorsToExceptions="true" convertNoticesToExceptions="true"
convertWarningsToExceptions="true" forceCoversAnnotation="false"> convertWarningsToExceptions="true" forceCoversAnnotation="false">
<testsuites> <testsuites>
<testsuite name="Models"> <testsuite name="Models">
<directory>model</directory> <directory>model/*</directory>
</testsuite> </testsuite>
</testsuites> </testsuites>
<php> <php>

Write Preview
Loading…
Cancel
Save