Skip to content

Commit

Permalink
fix(question): check regex condition before save or update
Browse files Browse the repository at this point in the history
Signed-off-by: Thierry Bugier <tbugier@teclib.com>
  • Loading branch information
btry committed Jul 30, 2021
1 parent 067600a commit 57914ac
Showing 8 changed files with 69 additions and 20 deletions.
16 changes: 0 additions & 16 deletions inc/abstractfield.class.php
Original file line number Diff line number Diff line change
@@ -310,22 +310,6 @@ public function getQuestion() {
return $this->question;
}

/**
* Validate a regular expression
*
* @param string $regex
* @return boolean true if the regex is valid, false otherwise
*/
protected function checkRegex($regex) {
// Avoid php notice when validating the regular expression
set_error_handler(function ($errno, $errstr, $errfile, $errline, $errcontext) {
});
$isValid = !(preg_match($regex, null) === false);
restore_error_handler();

return $isValid;
}

public function getTranslatableStrings(array $options = []) : array {
$strings = [
'itemlink' => [],
16 changes: 16 additions & 0 deletions inc/common.class.php
Original file line number Diff line number Diff line change
@@ -569,4 +569,20 @@ public static function buildFontAwesomeData() {
public static function getCssFilename() : string {
return 'css_compiled/styles.min.css';
}

/**
* Validate a regular expression
*
* @param string $regex
* @return boolean true if the regex is valid, false otherwise
*/
public static function checkRegex($regex) {
// Avoid php notice when validating the regular expression
set_error_handler(function ($errno, $errstr, $errfile, $errline, $errcontext) {
});
$isValid = !(preg_match($regex, null) === false);
restore_error_handler();

return $isValid;
}
}
41 changes: 41 additions & 0 deletions inc/conditionnabletrait.class.php
Original file line number Diff line number Diff line change
@@ -35,6 +35,47 @@

trait PluginFormcreatorConditionnableTrait
{

/**
* Check validity of conditions
*
* @param array $input conditions to check as sent by the browser
* @return boolean
*/
public function checkConditions(array $input): bool {
// All arrays of condition exists
if (!isset($input['plugin_formcreator_questions_id']) || !isset($input['show_condition'])
|| !isset($input['show_value']) || !isset($input['show_logic'])) {
return false;
}

if (!is_array($input['plugin_formcreator_questions_id']) || !is_array($input['show_condition'])
|| !is_array($input['show_value']) || !is_array($input['show_logic'])) {
return false;
}

if (!(count($input['plugin_formcreator_questions_id']) == count($input['show_condition'])
&& count($input['show_value']) == count($input['show_logic'])
&& count($input['plugin_formcreator_questions_id']) == count($input['show_value']))) {
return false;
}

while (count($input['show_condition']) > 0) {
$showCondition = html_entity_decode(array_shift($input['show_condition']));
$value = array_shift($input['show_value']);
if ($showCondition == PluginFormcreatorCondition::SHOW_CONDITION_REGEX) {
$regex = Toolbox::stripslashes_deep($value);
$success = PluginFormcreatorCommon::checkRegex($regex);
if (!$success) {
Session::addMessageAfterRedirect(__('The regular expression is invalid', 'formcreator'), false, ERROR);
return false;
}
}
}

return true;
}

public function updateConditions($input) : bool {
if (!isset($input['show_rule'])) {
return false;
3 changes: 2 additions & 1 deletion inc/field/floatfield.class.php
Original file line number Diff line number Diff line change
@@ -33,6 +33,7 @@
namespace GlpiPlugin\Formcreator\Field;

use PluginFormcreatorAbstractField;
use PluginFormcreatorCommon;
use Html;
use Toolbox;
use Session;
@@ -206,7 +207,7 @@ public function prepareQuestionInputForSave($input) {
// Add leading and trailing regex marker automaticaly
if (isset($input['_parameters'][$fieldType]['regex']['regex']) && !empty($input['_parameters'][$fieldType]['regex']['regex'])) {
$regex = Toolbox::stripslashes_deep($input['_parameters'][$fieldType]['regex']['regex']);
$success = $this->checkRegex($regex);
$success = PluginFormcreatorCommon::checkRegex($regex);
if (!$success) {
Session::addMessageAfterRedirect(__('The regular expression is invalid', 'formcreator'), false, ERROR);
}
3 changes: 2 additions & 1 deletion inc/field/integerfield.class.php
Original file line number Diff line number Diff line change
@@ -34,6 +34,7 @@

use Session;
use Toolbox;
use PluginFormcreatorCommon;

class IntegerField extends FloatField
{
@@ -105,7 +106,7 @@ public function prepareQuestionInputForSave($input) {
// Add leading and trailing regex marker automaticaly
if (isset($input['_parameters'][$fieldType]['regex']['regex']) && !empty($input['_parameters'][$fieldType]['regex']['regex'])) {
$regex = Toolbox::stripslashes_deep($input['_parameters'][$fieldType]['regex']['regex']);
$success = $this->checkRegex($regex);
$success = PluginFormcreatorCommon::checkRegex($regex);
if (!$success) {
Session::addMessageAfterRedirect(__('The regular expression is invalid', 'formcreator'), false, ERROR);
}
3 changes: 2 additions & 1 deletion inc/field/textareafield.class.php
Original file line number Diff line number Diff line change
@@ -33,6 +33,7 @@
namespace GlpiPlugin\Formcreator\Field;

use PluginFormcreatorAbstractField;
use PluginFormcreatorCommon;
use Html;
use Session;
use Toolbox;
@@ -176,7 +177,7 @@ public function prepareQuestionInputForSave($input): array {
$fieldType = $this->getFieldTypeName();
if (isset($input['_parameters'][$fieldType]['regex']['regex']) && !empty($input['_parameters'][$fieldType]['regex']['regex'])) {
$regex = Toolbox::stripslashes_deep($input['_parameters'][$fieldType]['regex']['regex']);
$success = $this->checkRegex($regex);
$success = PluginFormcreatorCommon::checkRegex($regex);
if (!$success) {
Session::addMessageAfterRedirect(__('The regular expression is invalid', 'formcreator'), false, ERROR);
}
3 changes: 2 additions & 1 deletion inc/field/textfield.class.php
Original file line number Diff line number Diff line change
@@ -36,6 +36,7 @@
use PluginFormcreatorAbstractField;
use PluginFormcreatorQuestionRange;
use PluginFormcreatorQuestionRegex;
use PluginFormcreatorCommon;
use Session;
use Toolbox;

@@ -196,7 +197,7 @@ public function prepareQuestionInputForSave($input) {
$fieldType = $this->getFieldTypeName();
if (isset($input['_parameters'][$fieldType]['regex']['regex']) && !empty($input['_parameters'][$fieldType]['regex']['regex'])) {
$regex = Toolbox::stripslashes_deep($input['_parameters'][$fieldType]['regex']['regex']);
$success = $this->checkRegex($regex);
$success = PluginFormcreatorCommon::checkRegex($regex);
if (!$success) {
Session::addMessageAfterRedirect(__('The regular expression is invalid', 'formcreator'), false, ERROR);
}
4 changes: 4 additions & 0 deletions inc/question.class.php
Original file line number Diff line number Diff line change
@@ -391,6 +391,10 @@ private function checkBeforeSave($input) : array {
return [];
}

if (isset($input['_conditions']) && !$this->checkConditions($input['_conditions'])) {
return [];
}

// Might need to merge $this->fields and $input, $input having precedence
// over $this->fields
//$input['default_values'] = $this->field->serializeValue();

0 comments on commit 57914ac

Please sign in to comment.