FEAT #15 test where clause

085ac349 · Damien · e76a4fe1 · 085ac349 · 085ac349
Verified Commit 085ac349 authored 7 years ago by Damien
--- a/src/app/basket/controllers/BasketController.php
+++ b/src/app/basket/controllers/BasketController.php
@@ -22,6 +22,7 @@ use Core\Models\ValidatorModel;
 use Respect\Validation\Validator;
 use Slim\Http\Request;
 use Slim\Http\Response;
+use SrcCore\controllers\PreparedClauseController;
 class BasketController
 {
@@ -69,6 +70,10 @@ class BasketController
            return $response->withStatus(400)->withJson(['errors' => 'Basket already exists']);
        }
+        if (!PreparedClauseController::isClauseValid(['clause' => $data['clause'], 'userId' => $GLOBALS['userId']])) {
+            return $response->withStatus(400)->withJson(['errors' => 'Clause is not valid']);
+        }
        $data['isVisible'] = empty($data['isSearchBasket']) ? 'Y' : 'N';
        $data['isFolderBasket'] = empty($data['isFolderBasket']) ? 'N' : 'Y';
        $data['flagNotif'] = empty($data['flagNotif']) ? 'N' : 'Y';
@@ -98,6 +103,10 @@ class BasketController
            return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
        }
+        if (!PreparedClauseController::isClauseValid(['clause' => $data['clause'], 'userId' => $GLOBALS['userId']])) {
+            return $response->withStatus(400)->withJson(['errors' => 'Clause is not valid']);
+        }
        $data['isVisible'] = empty($data['isSearchBasket']) ? 'Y' : 'N';
        $data['isFolderBasket'] = empty($data['isFolderBasket']) ? 'N' : 'Y';
        $data['flagNotif'] = empty($data['flagNotif']) ? 'N' : 'Y';

--- a/src/core/controllers/PreparedClauseController.php
+++ b/src/core/controllers/PreparedClauseController.php
@@ -18,6 +18,7 @@ namespace SrcCore\controllers;
 use Core\Models\UserModel;
 use Core\Models\ValidatorModel;
 use Entities\Models\EntityModel;
+use Resource\models\ResModel;
 class PreparedClauseController
 {
@@ -207,4 +208,25 @@ class PreparedClauseController
        return $clause;
    }
+    public static function isClauseValid(array $aArgs)
+    {
+        ValidatorModel::notEmpty($aArgs, ['clause', 'userId']);
+        ValidatorModel::stringType($aArgs, ['clause', 'userId']);
+        $clause = PreparedClauseController::getPreparedClause(['clause' => $aArgs['clause'], 'userId' => $aArgs['userId']]);
+        $preg = preg_match('#\b(?:abort|alter|copy|create|delete|disgard|drop|execute|grant|insert|load|lock|move|reset|truncate|update)\b#i', $clause);
+        if ($preg === 1) {
+            return false;
+        }
+        try {
+            ResModel::getOnView(['select' => [1], 'where' => [$clause]]);
+        } catch (\Exception $e) {
+            return false;
+        }
+        return true;
+    }
 }