Fix search pattern validation

This commit is contained in:
Benjamin Renard 2018-06-09 00:07:44 +02:00
parent 06b37ea2f6
commit 7ccd02e685
5 changed files with 2243 additions and 2216 deletions

View file

@ -34,7 +34,8 @@ configuration des &LSobjects;, dans la variable <varname>LSsearch</varname>
// Paramètre d'affichage
'displayFormat' => [LSformat],
'nbObjectsByPage' => [integer],
'nbPageLinkByPage' => [integer]
'nbPageLinkByPage' => [integer],
'validPatternRegex' => '[regex]'
),
'predefinedFilters' => array(
'filter1' => 'label filter1',
@ -241,6 +242,17 @@ contexte dans lequel cette recherche est effectuée.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>validPatternRegex</term>
<listitem>
<simpara>Expression régulière de validation des mots clés de recherche pour
ce type d'&LSobject;.</simpara>
<simpara>(Par défaut :
<literal>/^[\w \-\_\\\'\"^\[\]\(\)\{\}\=\+\£\%\$\€\.\:\;\,\?\/\@]+$/iu</literal>)
</simpara>
</listitem>
</varlistentry>
</variablelist>
</listitem>

View file

@ -286,7 +286,7 @@ class LSsearch {
$this -> params['pattern'] = NULL;
$this -> params['filter'] = NULL;
}
elseif (self :: isValidPattern($params['pattern'])) {
elseif ($this -> isValidPattern($params['pattern'])) {
$this -> params['pattern'] = $params['pattern'];
if (!is_string($params['filter'])) {
$this -> params['filter']=NULL;
@ -579,7 +579,7 @@ class LSsearch {
if ($pattern==NULL) {
$pattern=$this -> params['pattern'];
}
if (self :: isValidPattern($pattern)) {
if ($this -> isValidPattern($pattern)) {
$attrsConfig=LSconfig::get("LSobjects.".$this -> LSobject.".LSsearch.attrs");
$attrsList=array();
if (!is_array($attrsConfig)) {
@ -653,8 +653,14 @@ class LSsearch {
*
* @retval boolean True if pattern is valid or False
**/
static function isValidPattern($pattern) {
return (is_string($pattern) && $pattern!= "" && $pattern!="*");
public function isValidPattern($pattern) {
if (is_string($pattern) && $pattern!= "") {
$regex = (isset($this -> config['validPatternRegex'])?$this -> config['validPatternRegex']:'/^[\w \-\_\\\'\"^\[\]\(\)\{\}\=\+\£\%\$\€\.\:\;\,\?\/\@]+$/iu');
if (preg_match($regex, $pattern))
return True;
}
LSerror :: addErrorCode('LSsearch_17');
return False;
}
/**
@ -1342,3 +1348,6 @@ _("LSsearch : Invalid predefinedFilter for LSobject type %{type} : %{label} (fil
LSerror :: defineError('LSsearch_16',
_("LSsearch : Error during execution of the custom action %{customAction}.")
);
LSerror :: defineError('LSsearch_17',
_("LSsearch : Invalid search pattern.")
);

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff