Projet

Général

Profil

Révision e68abb6a

Ajouté par Jocelyn Delande il y a presque 11 ans

first steps of add_reference.php webservice : input validation/sanitization and RefPoint class

Voir les différences:

ajax/add_reference.php
1
<?php
2
require_once('../class/FormValidator.class.php');
3
require_once('../class/RefPoint.class.php');
4
require_once('../class/site_point.class.php');
5

  
6
$fields_spec = array('x'         => array('required', 'numeric', 'positive'),
7
                     'y'         => array('required', 'numeric', 'positive'),
8
                     'panorama'  => array('required'),
9
                     'ref_point' => array('required'));
10

  
11

  
12
$validator = new FormValidator($fields_spec);
13
if ($validator->validate($_REQUEST)) {
14
  $vals = $validator->sane_values();
15

  
16
  // temp test code
17
  echo '<h1>pano !</h1>';
18
  $pano = site_point::get($vals['panorama']);
19
  var_dump($pano->get_params());
20

  
21
  echo '<h1>ref point !</h1>';
22
  $ref_point_name = urldecode($vals['ref_point']);
23
  var_dump(RefPoint::get($ref_point_name));
24

  
25
 } else {
26
   echo var_dump($validator->errors());
27
 }
28

  
29
// Test url : clear ;curl 'http://localhost/~jocelyn/panorama/ajax/add_reference.php?x=42&y=42&panorama=pano_couttolenc_bords_jointifs&ref_point=%C3%89glise%20saint-jacques'
30
?>
class/FormValidator.class.php
1
<?php
2

  
3
class FieldValidationError extends Exception {}
4

  
5
class FormValidator {
6
	/* A tool to validate the parameters of a request (GET/POST) against a set
7
	 * of rules.
8
	 *
9
	 **/
10
	private $errors;
11
	private $sanitized;
12
	public static $validator;
13
  public static $field_validators;
14
  private $format;
15

  
16
	public function __construct($format) {
17
		$this->errors = array();
18
		$this->sanitized = array();
19
    $this->format = $format;
20
	}
21

  
22
	public function validate($request) {
23
		/** Validate the given request
24
		 *  value dict against the validator rules.
25
		 *
26
		 * @param $request a dict like $_REQUEST, $_GET or $_POST
27
		 * @returns true if valid, false else.
28
		 */
29
		$this->errors = array();
30
		$sanitized = array();
31
		foreach($this->format as $fieldname => $validators) {
32
			$err = false;
33
			$sanitized_f = false;
34
			foreach($validators as $validator) {
35
				if ($validator == 'required') {
36
					if (! isset($request[$fieldname])) {
37
						$err = 'n\'est pas renseigné';
38
						break;
39
					} else {
40
						$sanitized_f = $request[$fieldname];
41
					}
42
				} else {
43
					$val = $request[$fieldname];
44
					try {
45
						$sanitized_f = $this->validate_field($validator, $val);
46
					} catch (FieldValidationError $e) {
47
						$err = $e->getMessage();
48
						break;
49
					}
50
				}
51
			}
52
			if ($err) {
53
				$this->errors[$fieldname] = $err;
54
			} else {
55
				$sanitized[$fieldname] = $sanitized_f;
56
			}
57
		}
58
		$this->sanitized = $sanitized;
59

  
60
		return ($err == false);
61
	}
62

  
63
	public function validate_field($validator, $content) {
64
		/** Returns sanitized value if ok, throws a FieldValidationError otherwise
65
		 */
66
		if (isset(self::$field_validators[$validator])) {
67
			$f = self::$field_validators[$validator];
68
			return $f($content);
69
		} else {
70
			throw new FieldValidationError("'$validator' validator does not exist");
71
		}
72
	}
73

  
74
	public function errors() {
75
		/** An associative array form-key => error
76
		 */
77
		return $this->errors;
78
	}
79

  
80
	public function sane_values() {
81
		return $this->sanitized;
82
	}
83

  
84
	public static function register($name, $function) {
85
		self::$field_validators[$name] = $function;
86
	}
87
}
88
FormValidator::$field_validators = array();
89

  
90

  
91
FormValidator::register(
92
  'numeric',
93
  function ($v) {
94
	  $sanitized = floatval($v);
95
    if ($sanitized === false) {
96
	  	throw new FieldValidationError('n\'est pas une valeur numérique');
97
	  } else {
98
		  return $sanitized;
99
	  }
100
  }
101
);
102

  
103
FormValidator::register(
104
  'positive',
105
  function ($v) {
106
	  if ($v < 0) {
107
		  throw new FieldValidationError('est négatif');
108
	  } else {
109
		  return floatval($v);
110
	  }
111
  }
112
);
113

  
114
?>
class/RefPoint.class.php
1
<?php
2
require_once(dirname(__FILE__).'/../constants.inc.php');
3

  
4
//
5
class RefPoint {
6
  static $all_ref_points_cache;
7

  
8
  public static function load_if_needed() {
9
    if (!isset(self::$all_ref_points_cache)) {
10
      $ref_points_filename = '../ref_points.local.php';
11
	  if (file_exists($ref_points_filename)) {
12
	    require($ref_points_filename);
13
        self::$all_ref_points_cache = $ref_points;
14
	    return $ref_points;
15
	  } else {
16
	    return array();
17
      }
18
    }
19
   return self::$all_ref_points_cache;
20
  }
21

  
22
  public static function get($name) {
23
    self::load_if_needed();
24
    return self::$all_ref_points_cache[$name];
25
  }
26

  
27
}
28
?>

Formats disponibles : Unified diff