diff --git a/Core/API/DatabaseAPI.class.php b/Core/API/DatabaseAPI.class.php index d38901c..d98ba30 100644 --- a/Core/API/DatabaseAPI.class.php +++ b/Core/API/DatabaseAPI.class.php @@ -11,6 +11,7 @@ namespace Core\API { namespace Core\API\Database { use Core\API\DatabaseAPI; + use Core\API\Parameter\RegexType; use Core\API\Parameter\StringType; use Core\Driver\SQL\Query\Insert; use Core\Objects\Context; @@ -40,16 +41,12 @@ namespace Core\API\Database { class Migrate extends DatabaseAPI { public function __construct(Context $context, bool $externalCall = false) { parent::__construct($context, $externalCall, [ - "className" => new StringType("className", 256) + "className" => new RegexType("className", "[a-zA-Z][a-zA-Z0-9]{0,256}") ]); } protected function _execute(): bool { $className = $this->getParam("className"); - if (!preg_match("/[a-zA-Z0-9]+/", $className)) { - return $this->createError("Invalid class name"); - } - $class = null; foreach (["Site", "Core"] as $baseDir) { $classPath = "\\$baseDir\\Objects\\DatabaseEntity\\$className"; diff --git a/Core/API/GroupsAPI.class.php b/Core/API/GroupsAPI.class.php index 11ffee1..d27dee1 100644 --- a/Core/API/GroupsAPI.class.php +++ b/Core/API/GroupsAPI.class.php @@ -55,6 +55,7 @@ namespace Core\API\Groups { use Core\API\GroupsAPI; use Core\API\Parameter\Parameter; + use Core\API\Parameter\RegexType; use Core\API\Parameter\StringType; use Core\API\Traits\Pagination; use Core\Driver\SQL\Column\Column; @@ -181,22 +182,14 @@ namespace Core\API\Groups { class Create extends GroupsAPI { public function __construct(Context $context, $externalCall = false) { parent::__construct($context, $externalCall, [ - 'name' => new StringType('name', 32), - 'color' => new StringType('color', 10), + 'name' => new RegexType('name', "[a-zA-Z][a-zA-Z0-9_-]{0,31}"), + 'color' => new RegexType('color', "#[a-fA-F0-9]{3,6}"), ]); } public function _execute(): bool { $name = $this->getParam("name"); - if (preg_match("/^[a-zA-Z][a-zA-Z0-9_-]*$/", $name) !== 1) { - return $this->createError("Invalid name"); - } - $color = $this->getParam("color"); - if (preg_match("/^#[a-fA-F0-9]{3,6}$/", $color) !== 1) { - return $this->createError("Invalid color"); - } - $exists = $this->groupExists($name); if (!$this->success) { return false; @@ -226,8 +219,8 @@ namespace Core\API\Groups { public function __construct(Context $context, $externalCall = false) { parent::__construct($context, $externalCall, [ "id" => new Parameter("id", Parameter::TYPE_INT), - 'name' => new StringType('name', 32), - 'color' => new StringType('color', 10), + "name" => new RegexType("name", "[a-zA-Z][a-zA-Z0-9_-]{0,31}"), + "color" => new RegexType("color", "#[a-fA-F0-9]{3,6}"), ]); } @@ -235,14 +228,7 @@ namespace Core\API\Groups { $sql = $this->context->getSQL(); $groupId = $this->getParam("id"); $name = $this->getParam("name"); - if (preg_match("/^[a-zA-Z][a-zA-Z0-9_-]*$/", $name) !== 1) { - return $this->createError("Invalid name"); - } - $color = $this->getParam("color"); - if (preg_match("/^#[a-fA-F0-9]{3,6}$/", $color) !== 1) { - return $this->createError("Invalid color"); - } $group = $this->getGroup($groupId); if ($group === false) { diff --git a/Core/API/LanguageAPI.class.php b/Core/API/LanguageAPI.class.php index 85729a4..75451af 100644 --- a/Core/API/LanguageAPI.class.php +++ b/Core/API/LanguageAPI.class.php @@ -16,6 +16,7 @@ namespace Core\API\Language { use Core\API\LanguageAPI; use Core\API\Parameter\ArrayType; use Core\API\Parameter\Parameter; + use Core\API\Parameter\RegexType; use Core\API\Parameter\StringType; use Core\Driver\SQL\Condition\Compare; use Core\Driver\SQL\Condition\CondOr; @@ -113,7 +114,7 @@ namespace Core\API\Language { class GetEntries extends LanguageAPI { public function __construct(Context $context, bool $externalCall = false) { parent::__construct($context, $externalCall, [ - "code" => new StringType("code", 5, true, NULL), + "code" => new RegexType("code", Language::LANG_CODE_PATTERN, true, NULL), "modules" => new ArrayType("modules", Parameter::TYPE_STRING, true, false), "compression" => new StringType("compression", -1, true, NULL, ["gzip", "zlib"]) ]); @@ -127,10 +128,6 @@ namespace Core\API\Language { $code = $this->context->getLanguage()->getCode(); } - if (!preg_match(Language::LANG_CODE_PATTERN, $code)) { - return $this->createError("Invalid lang code format: $code"); - } - $entries = []; $modulePaths = []; $requestedModules = $this->getParam("modules"); diff --git a/Core/API/SettingsAPI.class.php b/Core/API/SettingsAPI.class.php index 25f502e..cb1cb0f 100644 --- a/Core/API/SettingsAPI.class.php +++ b/Core/API/SettingsAPI.class.php @@ -2,10 +2,10 @@ namespace Core\API { + use Core\API\Parameter\IntegerType; use Core\Objects\Context; use Core\API\Parameter\ArrayType; use Core\API\Parameter\Parameter; - use Core\API\Parameter\StringType; abstract class SettingsAPI extends Request { @@ -18,11 +18,11 @@ namespace Core\API { // API parameters should be more configurable, e.g. allow regexes, min/max values for numbers, etc. $this->predefinedKeys = [ "allowed_extensions" => new ArrayType("allowed_extensions", Parameter::TYPE_STRING), - "trusted_domains" => new ArrayType("allowed_extensions", Parameter::TYPE_STRING), + "trusted_domains" => new ArrayType("trusted_domains", Parameter::TYPE_STRING), "user_registration_enabled" => new Parameter("user_registration_enabled", Parameter::TYPE_BOOLEAN), "recaptcha_enabled" => new Parameter("recaptcha_enabled", Parameter::TYPE_BOOLEAN), "mail_enabled" => new Parameter("mail_enabled", Parameter::TYPE_BOOLEAN), - "mail_port" => new Parameter("mail_port", Parameter::TYPE_INT) + "mail_port" => new IntegerType("mail_port", 1, 65535) ]; } } @@ -32,6 +32,7 @@ namespace Core\API\Settings { use Core\API\Parameter\ArrayType; use Core\API\Parameter\Parameter; + use Core\API\Parameter\RegexType; use Core\API\Parameter\StringType; use Core\API\SettingsAPI; use Core\Configuration\Settings; @@ -83,7 +84,7 @@ namespace Core\API\Settings { return $this->createError("No values given."); } - $paramKey = new StringType('key', 32); + $paramKey = new RegexType('key', "[a-zA-Z_][a-zA-Z_0-9-]*"); $paramValueDefault = new StringType('value', 1024, true, NULL); $sql = $this->context->getSQL(); @@ -100,8 +101,6 @@ namespace Core\API\Settings { } else if (!is_null($value) && !$paramValue->parseParam($value)) { $value = print_r($value, true); return $this->createError("Invalid Type for value in parameter settings for key '$key': '$value' (Required: " . $paramValue->getTypeName() . ")"); - } else if(preg_match("/^[a-zA-Z_][a-zA-Z_0-9-]*$/", $paramKey->value) !== 1) { - return $this->createError("The property key should only contain alphanumeric characters, underscores and dashes"); } else { if (!is_null($paramValue->value)) { $query->addRow($paramKey->value, json_encode($paramValue->value));