DomainHandler.php:

- split add() function to - set() (validate values) and - store() (write to database) - set(): - replace $checked with $this->values - store validation summary in $this->values_valid PFAHandler.php: - change _inp_* functions to return true/false if value is (in)valid instead if the sanitized value. They now also set $this->errormsg[] (not the final solution, but works for now) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1210 a1433add-5e2c-0410-b055-b7f2511e0802
2024-09-20 03:36:20 +02:00 · 2011-10-16 23:37:11 +00:00 · 2011-10-16 23:37:11 +00:00 · 78d15b084d
commit 78d15b084d
parent 8ed7747a81
2 changed files with 37 additions and 14 deletions
--- a/model/DomainHandler.php
+++ b/model/DomainHandler.php
@ -11,6 +11,8 @@ class DomainHandler extends PFAHandler {
    protected $id_field = null;
    protected $struct = array();
    protected $new = 0; # 1 on create, otherwise 0
+    protected $values = array();
+    protected $values_valid = false;

    public $errormsg = array();

@ -99,7 +101,7 @@ class DomainHandler extends PFAHandler {
        return $transports[$id-1];
    }

-    public function add($values) {
+    public function set($values) {
        # TODO: make this a generic function for add and edit
        # TODO: move DB writes etc. to separate save() function (to allow on-the-fly validation before saving to DB)

@ -110,11 +112,12 @@ class DomainHandler extends PFAHandler {
        }

        # base validation
-        $checked = array();
+        $this->values = array();
+        $this->values_valid = false;
        foreach($this->struct as $key=>$row) {
            if ($row['editable'] == 0) { # not editable
                if ($this->new == 1) {
-                    $checked[$key] = $row['default'];
+                    $this->values[$key] = $row['default'];
                }
            } else {
                $func="_inp_".$row['type'];
@ -122,10 +125,12 @@ class DomainHandler extends PFAHandler {
                $val=$values[$key];
                if ($row['type'] != "password" || strlen($values[$key]) > 0 || $this->new == 1) { # skip on empty (aka unchanged) password on edit
                    if (method_exists($this, $func) ) {
-                        $checked[$key] = $this->{$func}($values[$key]);
+                        if ($this->{$func}($key, $values[$key])) {
+                            $this->values[$key] = $values[$key];
+                        }
                    } else {
                        # TODO: warning if no validation function exists?
-                        $checked[$key] = $values[$key];
+                        $this->values[$key] = $values[$key];
                    }
                }
            }
@ -133,9 +138,19 @@ class DomainHandler extends PFAHandler {

        # TODO: more validation

-#        $checked[$this->id_field] = $this->username; # should already be set (if $this->new) via values[$this->id_field] and the base check
+        if (count($this->errormsg) == 0) {
+            $this->values_valid = true;
+        }
+        return $this->values_valid;
+    }

-        $db_values = $checked;
+    function store() {
+        if ($this->values_valid == false) {
+            $this->errormsg[] = "one or more values are invalid!";
+            return false;
+        }
+
+        $db_values = $this->values;
        unset ($db_values['default_aliases']); # TODO: automate based on $this->struct

        $result = db_insert($this->db_table, $db_values);
@ -143,7 +158,7 @@ class DomainHandler extends PFAHandler {
            $this->errormsg[] = Lang::read('pAdminCreate_domain_result_error') . "\n(" . $this->username . ")\n";
            return false;
        } else {
-            if ($this->new && $values['default_aliases']) {
+            if ($this->new && $this->values['default_aliases']) {
                foreach (Config::read('default_aliases') as $address=>$goto) {
                    $address = $address . "@" . $this->username;
                    # TODO: use AliasHandler->add instead of writing directly to the alias table
--- a/model/PFAHandler.php
+++ b/model/PFAHandler.php
@ -12,17 +12,25 @@ class PFAHandler {
    /**
      * functions for basic input validation
      */
-    function _inp_num($val) {
-        return (int)($val);
+    function _inp_num($field, $val) {
+        $valid = is_numeric($val);
+        if ($val < -1) $valid = false;
+        if (!$valid) $this->errormsg[] = "$field must be numeric";
+        return $valid;
+        # return (int)($val);
    }

-    function _inp_bool($val) {
-        return $val ? db_get_boolean(true): db_get_boolean(false);
+    function _inp_bool($field, $val) {
+        if ($val == "0" || $val == "1") return true;
+        $this->errormsg[] = "$field must be boolean";
+        return false;
+        # return $val ? db_get_boolean(true): db_get_boolean(false);
    }

-    function _inp_password($val){
+    function _inp_password($field, $val){
        # TODO: fetchmail specific. Not suited for mailbox/admin passwords.
-        return base64_encode($val);
+        return false;
+        # return base64_encode($val);
    }

 }