class_Secure.inc.php
4.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php
/**
* @file Secure.inc.php
* @category freeSN
* @mailto code [at] netz.coop
* @version 0.4.200901
* @link http://netz.coop
*
* @copyright Copyright by netz.coop e.G. 2015
*
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
class Secure {
/**
* check the Insert SQL Data
*
* * is required
* * length
* * is_numeric
* * intval
*
* @param <type> $param_Value
* @param <type> $param_DescriptData
* @return <type>
*/
private static function checkDataForSql($param_Value, $param_DescriptData) {
// D::show($param_DescriptData, $param_Value);
//$param_Value = trim($param_Value);
if($param_DescriptData['Key']) {
// if(!ctype_alnum($param_Value)) {
// return Error::newError('UserError','NoSaveBE',$param_DescriptData['Field'].'('.$param_Value.') is wrong, it has to be Alpha or Number Char');
// }
if(empty($param_Value)) {
return Error::newError('UserError','WrongData',$param_DescriptData['Field'].'('.$param_Value.') is required');
}
}
if($param_DescriptData['Null']==='NO' && empty($param_Value)) {
return Error::newError('UserError','WrongData',$param_DescriptData['Field'].' is required');
}
if($param_DescriptData['Length'] && strlen($param_Value)>$param_DescriptData['Length']) {
return Error::newError('UserError','WrongData',$param_Value.' is wrong, it is to long (max '.$param_DescriptData['Length'].')');
}
if($param_DescriptData['Type'] =='int') {
if($param_Value && !is_numeric($param_Value) ) {
return Error::newError('UserError','NoSaveBE',$param_DescriptData['Field'].'('.$param_Value.') is wrong, it has to be a integer');
}
}
//D::ulli($param_DescriptData['Field'].' = '.$param_Value.' ### '.strlen($param_Value));
return true;
}
private static function transformDataForSql($param_Value, $param_DescriptData) {
if($param_DescriptData['Type'] =='int') {
$param_Value = intval($param_Value);
}
return $param_Value;
}
public static function checkObjectAndTransformToSql(BasisElement &$param_Object) {
//D::show(Form::varcharToArray(CONFIG::getSQL_Data(get_class($param_Object), 'SelectColumns')),'SelectColumns from '.$param_Object);
foreach(Form::varcharToArray(CONFIG::getSQL_Data(get_class($param_Object), 'SelectColumns')) as $var_Column) {
if($var_Column) {
$var_FormData = BasisElement::getFormDataFromDB($param_Object->getObjVar('DB'), $param_Object, $var_Column);
if(Secure::checkDataForSql($param_Object->getObjVar($var_Column), $var_FormData)) {
$param_Object->setObjVar($var_Column, Secure::transformDataForSql($param_Object->getObjVar($var_Column), $var_FormData));
} else {
return Error::newError('DevError','NoSaveBE',$param_Object.'->'.$var_Column.' is wrong');
}
}
}
foreach(array(/*'ID',*/ 'Author_ProfileID', 'Subject', 'Text', /*'CreateDate', 'TagListID', 'BECategoryChoiceBEID', 'BECategoryListID',*/ 'AuthReadListID', 'AuthWriteListID'/*, 'BasisElementDesignID'*/) as $var_Column) {
$var_FormData = BasisElement::getFormDataFromDB($param_Object->getObjVar('DB'), $param_Object, $var_Column);
if(Secure::checkDataForSql($param_Object->getObjVar($var_Column), $var_FormData)) {
$param_Object->setObjVar($var_Column, Secure::transformDataForSql($param_Object->getObjVar($var_Column), $var_FormData));
} else {
return Error::newError('DevError','NoSaveBE','MultimediaText->'.$var_Column.' is wrong');
}
}
//D::li('alles toll');
return true;
}
}
?>