diff options
| author | vincent-peugnet <v.peugnet@free.fr> | 2020-04-27 13:35:29 +0200 |
|---|---|---|
| committer | vincent-peugnet <v.peugnet@free.fr> | 2020-04-28 20:21:34 +0200 |
| commit | cba95c5eb19a33654a6f0995c6f9e0885b7afc20 (patch) | |
| tree | a334a0fa3c074f44fe41a4114ea1853ac7f6c0e3 /app | |
| parent | c832f91ca41490f69f478045c86038f9ef4a5cb5 (diff) | |
| download | wcms-cba95c5eb19a33654a6f0995c6f9e0885b7afc20.tar.gz wcms-cba95c5eb19a33654a6f0995c6f9e0885b7afc20.zip | |
fix password max size
add error in hydrate
Diffstat (limited to 'app')
| -rw-r--r-- | app/class/Bookmark.php | 21 | ||||
| -rw-r--r-- | app/class/Config.php | 2 | ||||
| -rw-r--r-- | app/class/Controllerfont.php | 2 | ||||
| -rw-r--r-- | app/class/Controlleruser.php | 35 | ||||
| -rw-r--r-- | app/class/Item.php | 34 | ||||
| -rw-r--r-- | app/class/Model.php | 9 | ||||
| -rw-r--r-- | app/class/Modelrender.php | 2 | ||||
| -rw-r--r-- | app/class/User.php | 21 | ||||
| -rw-r--r-- | app/fn/fn.php | 24 | ||||
| -rw-r--r-- | app/view/templates/alert.php | 2 |
10 files changed, 94 insertions, 58 deletions
diff --git a/app/class/Bookmark.php b/app/class/Bookmark.php index bc77310..9e038aa 100644 --- a/app/class/Bookmark.php +++ b/app/class/Bookmark.php @@ -21,10 +21,12 @@ class Bookmark extends Item /** @var string $icon associated emoji */ protected $icon = '⭐'; - + /** + * @throws RuntimeException + */ public function __construct(array $datas = []) { - $this->hydrate($datas); + $this->hydrate($datas, true); } public function init(string $id, string $route, string $query, array $params = [], string $icon = '⭐') @@ -69,13 +71,19 @@ class Bookmark extends Item // _____________________________ S E T __________________________________ - public function setid($id) + public function setid($id): bool { if (is_string($id)) { - $this->id = idclean($id); + try { + $this->id = idclean($id, Model::MAX_ID_LENGTH, 1); + } catch (\Throwable $th) { + return false; + } + return true; } + return false; } - + public function setquery($query) { if (is_string($query)) { @@ -87,6 +95,9 @@ class Bookmark extends Item { if ($route === 'home' || $route === 'media') { $this->route = $route; + return true; + } else { + return false; } } diff --git a/app/class/Config.php b/app/class/Config.php index c982827..b629bc5 100644 --- a/app/class/Config.php +++ b/app/class/Config.php @@ -314,7 +314,7 @@ abstract class Config public static function setalertlink($alertlink) { if (is_string($alertlink)) { - self::$alertlink = idclean(strip_tags($alertlink)); + self::$alertlink = idclean($alertlink); } } diff --git a/app/class/Controllerfont.php b/app/class/Controllerfont.php index eb8caa2..3717359 100644 --- a/app/class/Controllerfont.php +++ b/app/class/Controllerfont.php @@ -27,7 +27,7 @@ class Controllerfont extends Controller [ 'fontlist' => $fontlist, 'fonttypes' => $this->fontmanager->getfonttypes(), - 'fontfile' => Model::globalpath() . 'fonts.css' + 'fontfile' => Model::dirtopath(Model::ASSETS_CSS_DIR) . 'fonts.css' ] ); } else { diff --git a/app/class/Controlleruser.php b/app/class/Controlleruser.php index 7f12e77..755b491 100644 --- a/app/class/Controlleruser.php +++ b/app/class/Controlleruser.php @@ -2,6 +2,9 @@ namespace Wcms; +use Exception; +use Throwable; + class Controlleruser extends Controller { @@ -33,10 +36,10 @@ class Controlleruser extends Controller { if ($this->user->iseditor()) { $user = $this->usermanager->get($this->user); - if ($user->hydrate($_POST)) { - Model::sendflashmessage('User preferences have been successfully updated', 'success'); - } else { - Model::sendflashmessage('There was a problem when updating preferences', 'warning'); + try { + $user->hydrate($_POST, true); + } catch (\Throwable $th) { + Model::sendflashmessage('There was a problem when updating preferences : ' . $th->getMessage(), 'error'); } if ($_POST['passwordhash']) { $user->hashpassword(); @@ -54,15 +57,16 @@ class Controlleruser extends Controller if ($this->user->iseditor() && isset($_POST['action']) && isset($_POST['id']) && !empty($_POST['id'])) { if ($_POST['action'] == 'add' && isset($_POST['query'])) { if (isset($_POST['user']) && $_POST['user'] == $this->user->id()) { - $bookmark = new Bookmark(); - $bookmark->init($_POST['id'], $_POST['route'], $_POST['query'], [], $_POST['icon']); - $usermanager = new Modeluser(); - $user = $usermanager->get($_POST['user']); - $user->addbookmark($bookmark); - $usermanager->add($user); - } else { - Config::addbookmark($_POST['id'], $_POST['query']); - Config::savejson(); + try { + $bookmark = new Bookmark($_POST); + $usermanager = new Modeluser(); + $user = $usermanager->get($_POST['user']); + $user->addbookmark($bookmark); + $usermanager->add($user); + } catch (Throwable $th) { + Logger::errorex($th, true); + Model::sendflashmessage('Error while creating bookmark : ' . $th->getMessage(), 'error'); + } } } elseif ($_POST['action'] == 'del') { if (isset($_POST['user']) && $_POST['user'] == $this->user->id()) { @@ -72,11 +76,6 @@ class Controlleruser extends Controller $user->deletebookmark($id); } $usermanager->add($user); - } else { - foreach ($_POST['id'] as $id) { - Config::deletebookmark($id); - } - Config::savejson(); } } } diff --git a/app/class/Item.php b/app/class/Item.php index 76fa78e..44e383a 100644 --- a/app/class/Item.php +++ b/app/class/Item.php @@ -5,24 +5,38 @@ namespace Wcms; use DateTime; use DateTimeImmutable; use DateTimeZone; +use InvalidArgumentException; +use RuntimeException; abstract class Item { - - public function hydrate($datas = []) + /** + * Hydrate Object with corresponding `set__VAR__` + * @param array|object $datas associative array using key as var name or object + * @param bool $sendexception throw exception if error setting variable + * @return bool true if no error, otherwise false + * @throws RuntimeException listing var settings errors + */ + public function hydrate($datas = [], bool $sendexception = false): bool { - $error = 0; - foreach ($datas as $key => $value) { - $method = 'set' . $key; - - if (method_exists($this, $method)) { - if ($this->$method($value) === false) { - $error++; + $seterrors = []; + if (is_array($datas) || is_object($datas)) { + foreach ($datas as $key => $value) { + $method = 'set' . $key; + if (method_exists($this, $method)) { + if ($this->$method($value) === false) { + $seterrors[] = $key; + } } } } - if ($error > 0) { + if (!empty($seterrors)) { + if ($sendexception) { + $errors = implode(', ', $seterrors); + $class = get_class($this); + throw new RuntimeException("objects vars : $errors can't be set in $class object"); + } return false; } else { return true; diff --git a/app/class/Model.php b/app/class/Model.php index 60983bc..3bf3675 100644 --- a/app/class/Model.php +++ b/app/class/Model.php @@ -119,7 +119,7 @@ abstract class Model public const MAX_ID_LENGTH = 64; public const PASSWORD_MIN_LENGTH = 4; - public const PASSWORD_MAX_LENGTH = 32; + public const PASSWORD_MAX_LENGTH = 64; public const MAX_COOKIE_CONSERVATION = 365; public const MAX_QUERY_LENGH = 256; @@ -147,12 +147,7 @@ abstract class Model { return self::dirtopath(Model::RENDER_DIR); } - - public static function globalpath() - { - return self::dirtopath(Model::GLOBAL_DIR); - } - + public static function csspath() { return self::dirtopath(Model::CSS_DIR); diff --git a/app/class/Modelrender.php b/app/class/Modelrender.php index fa4a6a3..4722057 100644 --- a/app/class/Modelrender.php +++ b/app/class/Modelrender.php @@ -232,7 +232,7 @@ class Modelrender extends Modelpage public function gethead() { $id = $this->page->id(); - $globalpath = Model::globalpath(); + $globalpath = Model::dirtopath(Model::ASSETS_CSS_DIR); $renderpath = Model::renderpath(); $description = $this->page->description(); $title = $this->page->title(); diff --git a/app/class/User.php b/app/class/User.php index 56e994d..3462ee7 100644 --- a/app/class/User.php +++ b/app/class/User.php @@ -114,15 +114,17 @@ class User extends Item // _______________________ S E T _______________________ - public function setid($id) + public function setid($id): bool { - $id = idclean($id); - if (strlen($id) < Model::MAX_ID_LENGTH and is_string($id)) { - $this->id = $id; + if (is_string($id)) { + try { + $this->id = idclean($id, Model::MAX_ID_LENGTH, 1); + } catch (\Throwable $th) { + return false; + } return true; - } else { - return false; } + return false; } public function setlevel($level) @@ -130,6 +132,9 @@ class User extends Item $level = intval($level); if ($level >= 0 && $level <= 10) { $this->level = $level; + return true; + } else { + return false; } } @@ -201,8 +206,10 @@ class User extends Item if (is_array($bookmark)) { $bookmark = array_map( function ($datas) { - if (is_array($datas) && !empty($datas)) { + try { return new Bookmark($datas); + } catch (\Throwable $th) { + return false; } }, $bookmark diff --git a/app/fn/fn.php b/app/fn/fn.php index f20c8c6..afadae8 100644 --- a/app/fn/fn.php +++ b/app/fn/fn.php @@ -90,19 +90,29 @@ function arrayclean($input) /** * Clean string from characters outside `[0-9a-z-_]` and troncate it * @param string $input - * @param int $max lenght to trucate id + * @param int $max minmum input length to trucate id + * @param int $min minimum output length to send error message * @return string output formated id + * @throws \RuntimeException If ID length is inverior to minimal length */ -function idclean(string $input, int $max = Wcms\Model::MAX_ID_LENGTH): string +function idclean(string $input, int $max = Wcms\Model::MAX_ID_LENGTH, int $min = 0): string { + $regex = '%[^a-z0-9-_]%'; $input = urldecode($input); - $search = ['é', 'à', 'è', 'ç', 'ù', 'ï', 'î', ' ']; - $replace = ['e', 'a', 'e', 'c', 'u', 'i', 'i', '-']; - $input = str_replace($search, $replace, $input); - $input = preg_replace('%[^a-z0-9-_+]%', '', strtolower(trim($input))); + if (preg_match($regex, $input)) { + $search = ['é', 'à', 'è', 'ç', 'ù', 'ï', 'î', ' ']; + $replace = ['e', 'a', 'e', 'c', 'u', 'i', 'i', '-']; + $input = str_replace($search, $replace, $input); + + $input = preg_replace($regex, '', strtolower(trim($input))); + + $input = substr($input, 0, $max); + } - $input = substr($input, 0, $max); + if (strlen($input) < $min) { + throw new \RuntimeException("Id length cant be inferior to $min"); + } return $input; } diff --git a/app/view/templates/alert.php b/app/view/templates/alert.php index bab6410..4ee71d3 100644 --- a/app/view/templates/alert.php +++ b/app/view/templates/alert.php @@ -7,7 +7,7 @@ $this->start('head'); ?> <head> - <?= Wcms\Config::alertcss() ? '<link href="' . Wcms\Model::globalpath() . 'global.css" rel="stylesheet" />' : '' ?> + <?= Wcms\Config::alertcss() ? '<link href="' . Wcms\Model::dirtopath(Wcms\Model::ASSETS_CSS_DIR) . 'global.css" rel="stylesheet" />' : '' ?> </head> |