Projekte/web-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

regex types in API

Browse Source
This commit is contained in:
Roman 2024-04-22 13:05:35 +02:00
parent a80b34e78f
commit 8036edec5a
4 changed files with 14 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Core/API/DatabaseAPI.class.php
View File

@ -11,6 +11,7 @@ namespace Core\API {
namespace Core\API\Database { namespace Core\API\Database {
use Core\API\DatabaseAPI; use Core\API\DatabaseAPI;
use Core\API\Parameter\RegexType;
use Core\API\Parameter\StringType; use Core\API\Parameter\StringType;
use Core\Driver\SQL\Query\Insert; use Core\Driver\SQL\Query\Insert;
use Core\Objects\Context; use Core\Objects\Context;
@ -40,16 +41,12 @@ namespace Core\API\Database {
class Migrate extends DatabaseAPI { class Migrate extends DatabaseAPI {
public function __construct(Context $context, bool $externalCall = false) { public function __construct(Context $context, bool $externalCall = false) {
parent::__construct($context, $externalCall, [ parent::__construct($context, $externalCall, [
"className" => new StringType("className", 256) "className" => new RegexType("className", "[a-zA-Z][a-zA-Z0-9]{0,256}")
]); ]);
} }
protected function _execute(): bool { protected function _execute(): bool {
$className = $this->getParam("className"); $className = $this->getParam("className");
if (!preg_match("/[a-zA-Z0-9]+/", $className)) {
return $this->createError("Invalid class name");
}
$class = null; $class = null;
foreach (["Site", "Core"] as $baseDir) { foreach (["Site", "Core"] as $baseDir) {
$classPath = "\\$baseDir\\Objects\\DatabaseEntity\\$className"; $classPath = "\\$baseDir\\Objects\\DatabaseEntity\\$className";

24
Core/API/GroupsAPI.class.php
View File

@ -55,6 +55,7 @@ namespace Core\API\Groups {
use Core\API\GroupsAPI; use Core\API\GroupsAPI;
use Core\API\Parameter\Parameter; use Core\API\Parameter\Parameter;
use Core\API\Parameter\RegexType;
use Core\API\Parameter\StringType; use Core\API\Parameter\StringType;
use Core\API\Traits\Pagination; use Core\API\Traits\Pagination;
use Core\Driver\SQL\Column\Column; use Core\Driver\SQL\Column\Column;
@ -181,22 +182,14 @@ namespace Core\API\Groups {
class Create extends GroupsAPI { class Create extends GroupsAPI {
public function __construct(Context $context, $externalCall = false) { public function __construct(Context $context, $externalCall = false) {
parent::__construct($context, $externalCall, [ parent::__construct($context, $externalCall, [
'name' => new StringType('name', 32), 'name' => new RegexType('name', "[a-zA-Z][a-zA-Z0-9_-]{0,31}"),
'color' => new StringType('color', 10), 'color' => new RegexType('color', "#[a-fA-F0-9]{3,6}"),
]); ]);
} }
public function _execute(): bool { public function _execute(): bool {
$name = $this->getParam("name"); $name = $this->getParam("name");
if (preg_match("/^[a-zA-Z][a-zA-Z0-9_-]*$/", $name) !== 1) {
return $this->createError("Invalid name");
}
$color = $this->getParam("color"); $color = $this->getParam("color");
if (preg_match("/^#[a-fA-F0-9]{3,6}$/", $color) !== 1) {
return $this->createError("Invalid color");
}
$exists = $this->groupExists($name); $exists = $this->groupExists($name);
if (!$this->success) { if (!$this->success) {
return false; return false;
@ -226,8 +219,8 @@ namespace Core\API\Groups {
public function __construct(Context $context, $externalCall = false) { public function __construct(Context $context, $externalCall = false) {
parent::__construct($context, $externalCall, [ parent::__construct($context, $externalCall, [
"id" => new Parameter("id", Parameter::TYPE_INT), "id" => new Parameter("id", Parameter::TYPE_INT),
'name' => new StringType('name', 32), "name" => new RegexType("name", "[a-zA-Z][a-zA-Z0-9_-]{0,31}"),
'color' => new StringType('color', 10), "color" => new RegexType("color", "#[a-fA-F0-9]{3,6}"),
]); ]);
} }
@ -235,14 +228,7 @@ namespace Core\API\Groups {
$sql = $this->context->getSQL(); $sql = $this->context->getSQL();
$groupId = $this->getParam("id"); $groupId = $this->getParam("id");
$name = $this->getParam("name"); $name = $this->getParam("name");
if (preg_match("/^[a-zA-Z][a-zA-Z0-9_-]*$/", $name) !== 1) {
return $this->createError("Invalid name");
}
$color = $this->getParam("color"); $color = $this->getParam("color");
if (preg_match("/^#[a-fA-F0-9]{3,6}$/", $color) !== 1) {
return $this->createError("Invalid color");
}
$group = $this->getGroup($groupId); $group = $this->getGroup($groupId);
if ($group === false) { if ($group === false) {

7
Core/API/LanguageAPI.class.php
View File

@ -16,6 +16,7 @@ namespace Core\API\Language {
use Core\API\LanguageAPI; use Core\API\LanguageAPI;
use Core\API\Parameter\ArrayType; use Core\API\Parameter\ArrayType;
use Core\API\Parameter\Parameter; use Core\API\Parameter\Parameter;
use Core\API\Parameter\RegexType;
use Core\API\Parameter\StringType; use Core\API\Parameter\StringType;
use Core\Driver\SQL\Condition\Compare; use Core\Driver\SQL\Condition\Compare;
use Core\Driver\SQL\Condition\CondOr; use Core\Driver\SQL\Condition\CondOr;
@ -113,7 +114,7 @@ namespace Core\API\Language {
class GetEntries extends LanguageAPI { class GetEntries extends LanguageAPI {
public function __construct(Context $context, bool $externalCall = false) { public function __construct(Context $context, bool $externalCall = false) {
parent::__construct($context, $externalCall, [ parent::__construct($context, $externalCall, [
"code" => new StringType("code", 5, true, NULL), "code" => new RegexType("code", Language::LANG_CODE_PATTERN, true, NULL),
"modules" => new ArrayType("modules", Parameter::TYPE_STRING, true, false), "modules" => new ArrayType("modules", Parameter::TYPE_STRING, true, false),
"compression" => new StringType("compression", -1, true, NULL, ["gzip", "zlib"]) "compression" => new StringType("compression", -1, true, NULL, ["gzip", "zlib"])
]); ]);
@ -127,10 +128,6 @@ namespace Core\API\Language {
$code = $this->context->getLanguage()->getCode(); $code = $this->context->getLanguage()->getCode();
} }
if (!preg_match(Language::LANG_CODE_PATTERN, $code)) {
return $this->createError("Invalid lang code format: $code");
}
$entries = []; $entries = [];
$modulePaths = []; $modulePaths = [];
$requestedModules = $this->getParam("modules"); $requestedModules = $this->getParam("modules");

11
Core/API/SettingsAPI.class.php
View File

@ -2,10 +2,10 @@
namespace Core\API { namespace Core\API {
use Core\API\Parameter\IntegerType;
use Core\Objects\Context; use Core\Objects\Context;
use Core\API\Parameter\ArrayType; use Core\API\Parameter\ArrayType;
use Core\API\Parameter\Parameter; use Core\API\Parameter\Parameter;
use Core\API\Parameter\StringType;
abstract class SettingsAPI extends Request { abstract class SettingsAPI extends Request {
@ -18,11 +18,11 @@ namespace Core\API {
// API parameters should be more configurable, e.g. allow regexes, min/max values for numbers, etc. // API parameters should be more configurable, e.g. allow regexes, min/max values for numbers, etc.
$this->predefinedKeys = [ $this->predefinedKeys = [
"allowed_extensions" => new ArrayType("allowed_extensions", Parameter::TYPE_STRING), "allowed_extensions" => new ArrayType("allowed_extensions", Parameter::TYPE_STRING),
"trusted_domains" => new ArrayType("allowed_extensions", Parameter::TYPE_STRING), "trusted_domains" => new ArrayType("trusted_domains", Parameter::TYPE_STRING),
"user_registration_enabled" => new Parameter("user_registration_enabled", Parameter::TYPE_BOOLEAN), "user_registration_enabled" => new Parameter("user_registration_enabled", Parameter::TYPE_BOOLEAN),
"recaptcha_enabled" => new Parameter("recaptcha_enabled", Parameter::TYPE_BOOLEAN), "recaptcha_enabled" => new Parameter("recaptcha_enabled", Parameter::TYPE_BOOLEAN),
"mail_enabled" => new Parameter("mail_enabled", Parameter::TYPE_BOOLEAN), "mail_enabled" => new Parameter("mail_enabled", Parameter::TYPE_BOOLEAN),
"mail_port" => new Parameter("mail_port", Parameter::TYPE_INT) "mail_port" => new IntegerType("mail_port", 1, 65535)
]; ];
} }
} }
@ -32,6 +32,7 @@ namespace Core\API\Settings {
use Core\API\Parameter\ArrayType; use Core\API\Parameter\ArrayType;
use Core\API\Parameter\Parameter; use Core\API\Parameter\Parameter;
use Core\API\Parameter\RegexType;
use Core\API\Parameter\StringType; use Core\API\Parameter\StringType;
use Core\API\SettingsAPI; use Core\API\SettingsAPI;
use Core\Configuration\Settings; use Core\Configuration\Settings;
@ -83,7 +84,7 @@ namespace Core\API\Settings {
return $this->createError("No values given."); return $this->createError("No values given.");
} }
$paramKey = new StringType('key', 32); $paramKey = new RegexType('key', "[a-zA-Z_][a-zA-Z_0-9-]*");
$paramValueDefault = new StringType('value', 1024, true, NULL); $paramValueDefault = new StringType('value', 1024, true, NULL);
$sql = $this->context->getSQL(); $sql = $this->context->getSQL();
@ -100,8 +101,6 @@ namespace Core\API\Settings {
} else if (!is_null($value) && !$paramValue->parseParam($value)) { } else if (!is_null($value) && !$paramValue->parseParam($value)) {
$value = print_r($value, true); $value = print_r($value, true);
return $this->createError("Invalid Type for value in parameter settings for key '$key': '$value' (Required: " . $paramValue->getTypeName() . ")"); return $this->createError("Invalid Type for value in parameter settings for key '$key': '$value' (Required: " . $paramValue->getTypeName() . ")");
} else if(preg_match("/^[a-zA-Z_][a-zA-Z_0-9-]*$/", $paramKey->value) !== 1) {
return $this->createError("The property key should only contain alphanumeric characters, underscores and dashes");
} else { } else {
if (!is_null($paramValue->value)) { if (!is_null($paramValue->value)) {
$query->addRow($paramKey->value, json_encode($paramValue->value)); $query->addRow($paramKey->value, json_encode($paramValue->value));