fix(floatfield,integerfield,textfield): fix escaping in regex

Signed-off-by: Thierry Bugier <tbugier@teclib.com>

inc/field.class.php

@@ -269,4 +269,19 @@ protected function getParametersHtmlForDesign() {
    public function getQuestionId() {
       return $this->question->getID();
    }
+
+   /**
+    * Validate a regular expression
+    *
+    * @param string $regex
+    * @return boolean true if the regex is valid, false otherwise
+    */
+   protected function checkRegex($regex) {
+      // Avoid php notice when validating the regular expression
+      set_error_handler(function($errno, $errstr, $errfile, $errline, $errcontext) {});
+      $isValid = !(preg_match($regex, null) === false);
+      restore_error_handler();
+
+      return $isValid;
+   }
 }

inc/fields/floatfield.class.php

@@ -134,6 +134,10 @@ public function isValid() {
    }
 
    private function isValidValue($value) {
+      if (strlen($value) == 0) {
+         return true;
+      } 
+
       if (!empty($value) && !is_numeric($value)) {
          Session::addMessageAfterRedirect(__('This is not a number:', 'formcreator') . ' ' . $this->question->fields['name'], false, ERROR);
          return false;
@@ -181,14 +185,10 @@ public function prepareQuestionInputForSave($input) {
       $fieldType = $this->getFieldTypeName();
       // Add leading and trailing regex marker automaticaly
       if (isset($input['_parameters'][$fieldType]['regex']['regex']) && !empty($input['_parameters'][$fieldType]['regex']['regex'])) {
-         // Avoid php notice when validating the regular expression
-         set_error_handler(function($errno, $errstr, $errfile, $errline, $errcontext) {});
-         $isValid = !(preg_match($input['_parameters'][$fieldType]['regex']['regex'], null) === false);
-         restore_error_handler();
-
-         if (!$isValid) {
+         $regex = Toolbox::stripslashes_deep($input['_parameters'][$fieldType]['regex']['regex']);
+         $success = $this->checkRegex($regex);
+         if (!$success) {
             Session::addMessageAfterRedirect(__('The regular expression is invalid', 'formcreator'), false, ERROR);
-            $success = false;
          }
       }
       if (!$success) {

inc/fields/integerfield.class.php

@@ -135,6 +135,10 @@ public function isValid() {
    }
 
    public function isValidValue($value) {
+      if (strlen($value) == 0) {
+         return true;
+      }
+
       if (!empty($value) && !ctype_digit($value)) {
          Session::addMessageAfterRedirect(__('This is not an integer:', 'formcreator') . ' ' . $this->question->fields['name'], false, ERROR);
          return false;
@@ -182,14 +186,10 @@ public function prepareQuestionInputForSave($input) {
       $fieldType = $this->getFieldTypeName();
       // Add leading and trailing regex marker automaticaly
       if (isset($input['_parameters'][$fieldType]['regex']['regex']) && !empty($input['_parameters'][$fieldType]['regex']['regex'])) {
-         // Avoid php notice when validating the regular expression
-         set_error_handler(function($errno, $errstr, $errfile, $errline, $errcontext) {});
-         $isValid = !(preg_match($input['_parameters'][$fieldType]['regex']['regex'], null) === false);
-         restore_error_handler();
-
-         if (!$isValid) {
+         $regex = Toolbox::stripslashes_deep($input['_parameters'][$fieldType]['regex']['regex']);
+         $success = $this->checkRegex($regex);
+         if (!$success) {
             Session::addMessageAfterRedirect(__('The regular expression is invalid', 'formcreator'), false, ERROR);
-            $success = false;
          }
       }
       if (!$success) {

inc/fields/textfield.class.php

@@ -138,6 +138,10 @@ public function isValid() {
    }
 
    private function isValidValue($value) {
+      if (strlen($value) == 0) {
+         return true;
+      }
+
       $parameters = $this->getParameters();
 
       // Check the field matches the format regex
@@ -174,14 +178,10 @@ public function prepareQuestionInputForSave($input) {
       $fieldType = $this->getFieldTypeName();
       // Add leading and trailing regex marker automaticaly
       if (isset($input['_parameters'][$fieldType]['regex']['regex']) && !empty($input['_parameters'][$fieldType]['regex']['regex'])) {
-         // Avoid php notice when validating the regular expression
-         set_error_handler(function($errno, $errstr, $errfile, $errline, $errcontext) {});
-         $isValid = !(preg_match($input['_parameters'][$fieldType]['regex']['regex'], null) === false);
-         restore_error_handler();
-
-         if (!$isValid) {
+         $regex = Toolbox::stripslashes_deep($input['_parameters'][$fieldType]['regex']['regex']);
+         $success = $this->checkRegex($regex);
+         if (!$success) {
             Session::addMessageAfterRedirect(__('The regular expression is invalid', 'formcreator'), false, ERROR);
-            $success = false;
          }
       }
       if (!$success) {

tests/suite-unit/PluginFormcreatorFloatField.php

@@ -150,6 +150,30 @@ public function provider() {
             'expectedValue'   => '3.141592',
             'expectedIsValid' => true
          ],
+         [
+            'fields'          => [
+               'fieldtype'       => 'float',
+               'name'            => 'question',
+               'required'        => '0',
+               'default_values'  => "",
+               'order'           => '1',
+               'show_rule'       => 'always',
+               'show_empty'      => '0',
+               'values'          => '',
+               '_parameters'     => [
+                  'float' => [
+                     'range' => [
+                        'range_min'       => '',
+                        'range_max'       => '',
+                     ],
+                     'regex' => ['regex' => '/[0-9]{2}\\\\.[0-9]{3}\\\\.[0-9]{3}\\\\/[0-9]{4}-[0-9]{2}/'],
+                  ]
+               ]
+            ],
+            'data'            => null,
+            'expectedValue'   => '',
+            'expectedIsValid' => true
+         ],
       ];
 
       return $dataset;

tests/suite-unit/PluginFormcreatorIntegerField.php

@@ -173,6 +173,30 @@ public function providerIsValid() {
             'expectedValue'   => '4',
             'expectedIsValid' => true
          ],
+         [
+            'fields'          => [
+               'fieldtype'       => 'integer',
+               'name'            => 'question',
+               'required'        => '0',
+               'default_values'  => '',
+               'order'           => '1',
+               'show_rule'       => 'always',
+               'show_empty'      => '0',
+               'values'          => '',
+               '_parameters'     => [
+                  'integer' => [
+                     'range' => [
+                        'range_min' => '',
+                        'range_max' => '',
+                     ],
+                     'regex' => ['regex' => '/[0-9]{2}\\\\.[0-9]{3}\\\\.[0-9]{3}\\\\/[0-9]{4}-[0-9]{2}/'],
+                  ]
+               ],
+            ],
+            'data'            => null,
+            'expectedValue'   => '4',
+            'expectedIsValid' => true
+         ],
       ];
 
       return $dataset;
@@ -185,9 +209,7 @@ public function testIsValid($fields, $expectedValue, $expectedValidity) {
       $section = $this->getSection();
       $fields[$section::getForeignKeyField()] = $section->getID();
 
-      $question = new \PluginFormcreatorQuestion();
-      $question->add($fields);
-      $question->updateParameters($fields);
+      $question = $this->getQuestion($fields);
 
       $instance = new \PluginFormcreatorIntegerField($question);
       $instance->deserializeValue($fields['default_values']);

tests/suite-unit/PluginFormcreatorTextField.php

@@ -160,23 +160,50 @@ public function provider() {
             'expectedValue'   => '1',
             'expectedIsValid' => false
          ],
+         'regex with escaped chars' => [
+            'fields'          => [
+               'fieldtype'       => 'text',
+               'name'            => 'question',
+               'required'        => '0',
+               'show_empty'      => '0',
+               'default_values'  => '',
+               'values'          => "",
+               'order'           => '1',
+               'show_rule'       => 'good',
+               '_parameters'     => [
+                  'text' => [
+                     'range' => [
+                        'range_min' => '',
+                        'range_max' => '',
+                     ],
+                     'regex' => [
+                        'regex' => '/[0-9]{2}\\\\.[0-9]{3}\\\\.[0-9]{3}\\\\/[0-9]{4}-[0-9]{2}/'
+                     ]
+                  ]
+               ],
+            ],
+            'data'            => null,
+            'expectedValue'   => '',
+            'expectedIsValid' => true
+         ],
       ];
       return $dataset;
    }
 
    /**
     * @dataProvider provider
     */
-   public function testFieldIsValid($fields, $expectedValue, $expectedValidity) {
+   public function testIsValid($fields, $expectedValue, $expectedValidity) {
       $section = $this->getSection();
       $fields[$section::getForeignKeyField()] = $section->getID();
 
       $question = $this->getQuestion($fields);
 
-      $fieldInstance = new \PluginFormcreatorTextField($question);
+      $instance = new \PluginFormcreatorTextField($question);
+      $instance->deserializeValue($fields['default_values']);
 
-      $isValid = $fieldInstance->isValid($fields['default_values']);
-      $this->boolean($isValid)->isEqualTo($expectedValidity, json_encode($_SESSION['MESSAGE_AFTER_REDIRECT'], JSON_PRETTY_PRINT));
+      $isValid = $instance->isValid();
+      $this->boolean((boolean) $isValid)->isEqualTo($expectedValidity, json_encode($_SESSION['MESSAGE_AFTER_REDIRECT'], JSON_PRETTY_PRINT));
    }
 
    public function testGetEmptyParameters() {