1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2024-12-22 21:22:40 +00:00
Arsse/lib/REST/AbstractHandler.php
J. King d365529493 Multiple fixes to input sanitization
- Database functions now accept any input, but throw typeViolation exceptions where appropriate instead of idMissing or subjectMissing
- Added unit tests for the new Misc\ValueInfo static class
- Added ValueInfo::id() method to centrally validate database IDs, and made use of it consistently
- Made use of PHP's filter_var() function where appropriate when validating or sanitizing input
- Made the NCN protocol handler reject most invalid IDs before handing off to method handlers
- Made NCN's feedUpdate and subscriptionMove methods return 422 on invalid input
- Adjusted several tests to handler type violations
2017-09-27 22:25:45 -04:00

85 lines
2.8 KiB
PHP

<?php
declare(strict_types=1);
namespace JKingWeb\Arsse\REST;
use JKingWeb\Arsse\Misc\Date;
use JKingWeb\Arsse\Misc\ValueInfo;
abstract class AbstractHandler implements Handler {
abstract public function __construct();
abstract public function dispatch(Request $req): Response;
protected function fieldMapNames(array $data, array $map): array {
$out = [];
foreach ($map as $to => $from) {
if (array_key_exists($from, $data)) {
$out[$to] = $data[$from];
}
}
return $out;
}
protected function fieldMapTypes(array $data, array $map, string $dateFormat = "sql"): array {
foreach ($map as $key => $type) {
if (array_key_exists($key, $data)) {
if ($type=="datetime" && $dateFormat != "sql") {
$data[$key] = Date::transform($data[$key], $dateFormat, "sql");
} else {
settype($data[$key], $type);
}
}
}
return $data;
}
protected function NormalizeInput(array $data, array $types, string $dateFormat = null): array {
$out = [];
foreach ($data as $key => $value) {
if (!isset($types[$key])) {
$out[$key] = $value;
continue;
}
if (is_null($value)) {
$out[$key] = null;
continue;
}
switch ($types[$key]) {
case "int":
if (valueInfo::int($value) & ValueInfo::VALID) {
$out[$key] = (int) $value;
}
break;
case "string":
if(is_bool($value)) {
$out[$key] = var_export($value, true);
} elseif (!is_scalar($value)) {
break;
} else {
$out[$key] = (string) $value;
}
break;
case "bool":
$test = filter_var($value, \FILTER_VALIDATE_BOOLEAN, \FILTER_NULL_ON_FAILURE);
if (!is_null($test)) {
$out[$key] = $test;
}
break;
case "float":
$test = filter_var($value, \FILTER_VALIDATE_FLOAT);
if ($test !== false) {
$out[$key] = $test;
}
break;
case "datetime":
$t = Date::normalize($value, $dateFormat);
if ($t) {
$out[$key] = $t;
}
break;
default:
throw new Exception("typeUnknown", $types[$key]);
}
}
return $out;
}
}