Fix search pattern validation

This commit is contained in:
Benjamin Renard 2018-06-09 00:07:44 +02:00
parent 06b37ea2f6
commit 7ccd02e685
5 changed files with 2243 additions and 2216 deletions

View file

@ -34,7 +34,8 @@ configuration des &LSobjects;, dans la variable <varname>LSsearch</varname>
// Paramètre d'affichage // Paramètre d'affichage
'displayFormat' => [LSformat], 'displayFormat' => [LSformat],
'nbObjectsByPage' => [integer], 'nbObjectsByPage' => [integer],
'nbPageLinkByPage' => [integer] 'nbPageLinkByPage' => [integer],
'validPatternRegex' => '[regex]'
), ),
'predefinedFilters' => array( 'predefinedFilters' => array(
'filter1' => 'label filter1', 'filter1' => 'label filter1',
@ -241,6 +242,17 @@ contexte dans lequel cette recherche est effectuée.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>validPatternRegex</term>
<listitem>
<simpara>Expression régulière de validation des mots clés de recherche pour
ce type d'&LSobject;.</simpara>
<simpara>(Par défaut :
<literal>/^[\w \-\_\\\'\"^\[\]\(\)\{\}\=\+\£\%\$\€\.\:\;\,\?\/\@]+$/iu</literal>)
</simpara>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</listitem> </listitem>

View file

@ -286,7 +286,7 @@ class LSsearch {
$this -> params['pattern'] = NULL; $this -> params['pattern'] = NULL;
$this -> params['filter'] = NULL; $this -> params['filter'] = NULL;
} }
elseif (self :: isValidPattern($params['pattern'])) { elseif ($this -> isValidPattern($params['pattern'])) {
$this -> params['pattern'] = $params['pattern']; $this -> params['pattern'] = $params['pattern'];
if (!is_string($params['filter'])) { if (!is_string($params['filter'])) {
$this -> params['filter']=NULL; $this -> params['filter']=NULL;
@ -579,7 +579,7 @@ class LSsearch {
if ($pattern==NULL) { if ($pattern==NULL) {
$pattern=$this -> params['pattern']; $pattern=$this -> params['pattern'];
} }
if (self :: isValidPattern($pattern)) { if ($this -> isValidPattern($pattern)) {
$attrsConfig=LSconfig::get("LSobjects.".$this -> LSobject.".LSsearch.attrs"); $attrsConfig=LSconfig::get("LSobjects.".$this -> LSobject.".LSsearch.attrs");
$attrsList=array(); $attrsList=array();
if (!is_array($attrsConfig)) { if (!is_array($attrsConfig)) {
@ -653,8 +653,14 @@ class LSsearch {
* *
* @retval boolean True if pattern is valid or False * @retval boolean True if pattern is valid or False
**/ **/
static function isValidPattern($pattern) { public function isValidPattern($pattern) {
return (is_string($pattern) && $pattern!= "" && $pattern!="*"); if (is_string($pattern) && $pattern!= "") {
$regex = (isset($this -> config['validPatternRegex'])?$this -> config['validPatternRegex']:'/^[\w \-\_\\\'\"^\[\]\(\)\{\}\=\+\£\%\$\€\.\:\;\,\?\/\@]+$/iu');
if (preg_match($regex, $pattern))
return True;
}
LSerror :: addErrorCode('LSsearch_17');
return False;
} }
/** /**
@ -1342,3 +1348,6 @@ _("LSsearch : Invalid predefinedFilter for LSobject type %{type} : %{label} (fil
LSerror :: defineError('LSsearch_16', LSerror :: defineError('LSsearch_16',
_("LSsearch : Error during execution of the custom action %{customAction}.") _("LSsearch : Error during execution of the custom action %{customAction}.")
); );
LSerror :: defineError('LSsearch_17',
_("LSsearch : Invalid search pattern.")
);

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff