Latest updates from IceHrmPro

2020-05-20 18:47:29 +02:00
parent 60c92d7935
commit 7453a58aad
18012 changed files with 2089245 additions and 10173 deletions
--- a/core/src/Classes/DomainAwareInputCleaner.php
+++ b/core/src/Classes/DomainAwareInputCleaner.php
@@ -0,0 +1,97 @@
+<?php
+
+
+namespace Classes;
+
+
+class DomainAwareInputCleaner
+{
+    public function cleanTableColumn($input)
+    {
+        if ($this->isEmpty($input) || $this->isValidColumnName($input)) {
+            return $input;
+        }
+
+        return '';
+    }
+
+    public function cleanMapping($mapping)
+    {
+        return $mapping;
+    }
+
+    public function cleanOrderBy($orderBy)
+    {
+        if (empty($orderBy)) {
+            return $orderBy;
+        }
+
+        $suffix = '';
+        if (strstr($orderBy, ' desc')) {
+            $suffix = ' desc';
+            $orderBy = str_replace(' desc', '', $orderBy);
+        }
+
+        if (!$this->cleanTableColumn($orderBy)) {
+            return '';
+        }
+
+        return $orderBy.$suffix;
+    }
+
+    public function cleanColumns($columns)
+    {
+        if (empty($columns)) {
+            return $columns;
+        }
+
+        $columnData = json_decode($columns, true);
+
+        foreach ($columnData as $column) {
+            if (!$this->isValidColumnName($column)) {
+                return '[]';
+            }
+        }
+
+        return $columns;
+    }
+
+    public function cleanFilters($filters)
+    {
+        if (empty($filters)) {
+            return $filters;
+        }
+
+        $filterData = json_decode($filters, true);
+        foreach ($filterData as $name => $value) {
+            if (!$this->isValidColumnName($name) || !$this->isValidFilterValue($value)) {
+                return '';
+            }
+        }
+
+        return $filters;
+    }
+
+    public function cleanSearch($searchTerm) {
+        if (!$this->isValidFilterValue($searchTerm)) {
+            return '';
+        }
+
+        return $searchTerm;
+    }
+
+    private function isEmpty($input)
+    {
+        return empty($input) || trim($input) === '';
+    }
+
+    private function isValidColumnName($input)
+    {
+        return !!preg_match('/^[a-zA-Z_]+$/', $input);
+    }
+
+    private function isValidFilterValue($input)
+    {
+        return !!preg_match('/^[-_: \p{L}]+$/u', $input);
+    }
+}