viscous/espocrm
1
0
Fork 0
mirror of https://github.com/espocrm/espocrm.git synced 2026-06-28 06:56:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

sanitizers

Browse Source
This commit is contained in:
Yuri Kuznetsov
2024-01-26 13:02:49 +02:00
parent 91745580d8
commit 288b017355
19 changed files with 329 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
application/Espo/Classes/FieldSanitizers/ArrayFromNull.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2024 Yurii Kuznietsov, Taras Machyshyn, Oleksii Avramenko
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Classes\FieldSanitizers;
use Espo\Core\FieldSanitize\Sanitizer;
use Espo\Core\FieldSanitize\Sanitizer\Data;
/**
* @noinspection PhpUnused
*/
class ArrayFromNull implements Sanitizer
{
public function sanitize(Data $data, string $field): void
{
if (!$data->has($field)) {
return;
}
$value = $data->get($field);
if ($value !== null) {
return;
}
$data->set($field, []);
}
}

62
application/Espo/Classes/FieldSanitizers/ArrayStringTrim.php Normal file
View File

@@ -0,0 +1,62 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2024 Yurii Kuznietsov, Taras Machyshyn, Oleksii Avramenko
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Classes\FieldSanitizers;
use Espo\Core\FieldSanitize\Sanitizer;
use Espo\Core\FieldSanitize\Sanitizer\Data;
/**
* @noinspection PhpUnused
*/
class ArrayStringTrim implements Sanitizer
{
public function sanitize(Data $data, string $field): void
{
if (!$data->has($field)) {
return;
}
$value = $data->get($field);
if (!is_array($value)) {
return;
}
foreach ($value as $i => $item) {
if (!is_string($item)) {
continue;
}
$value[$i] = trim($item);
}
$data->set($field, $value);
}
}

58
application/Espo/Classes/FieldSanitizers/EmptyStringToNull.php Normal file
View File

@@ -0,0 +1,58 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2024 Yurii Kuznietsov, Taras Machyshyn, Oleksii Avramenko
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Classes\FieldSanitizers;
use Espo\Core\FieldSanitize\Sanitizer;
use Espo\Core\FieldSanitize\Sanitizer\Data;
/**
* @noinspection PhpUnused
*/
class EmptyStringToNull implements Sanitizer
{
public function sanitize(Data $data, string $field): void
{
if (!$data->has($field)) {
return;
}
$value = $data->get($field);
if (!is_string($value)) {
return;
}
if ($value === '') {
$value = null;
}
$data->set($field, $value);
}
}

60
application/Espo/Classes/FieldSanitizers/StringTrim.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
/************************************************************************
* This file is part of EspoCRM.
*
* EspoCRM Open Source CRM application.
* Copyright (C) 2014-2024 Yurii Kuznietsov, Taras Machyshyn, Oleksii Avramenko
* Website: https://www.espocrm.com
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "EspoCRM" word.
************************************************************************/
namespace Espo\Classes\FieldSanitizers;
use Espo\Core\FieldSanitize\Sanitizer;
use Espo\Core\FieldSanitize\Sanitizer\Data;
/**
* @noinspection PhpUnused
*/
class StringTrim implements Sanitizer
{
public function sanitize(Data $data, string $field): void
{
if (!$data->has($field)) {
return;
}
$value = $data->get($field);
if (!is_string($value)) {
return;
}
$value = trim($value);
if ($value === '') {
$value = null;
}
$data->set($field, $value);
}
}

32
application/Espo/Core/FieldSanitize/SanitizeManager.php
View File

@@ -84,6 +84,19 @@ class SanitizeManager
* @return Sanitizer[]
*/
private function getSanitizerList(string $entityType, string $field): array
{
$classNameList = $this->getClassNameList($entityType, $field);
return array_map(
fn ($className) => $this->injectableFactory->createWith($className, ['entityType' => $entityType]),
$classNameList
);
}
/**
* @return class-string<Sanitizer>[]
*/
private function getClassNameList(string $entityType, string $field): array
{
$fieldType = $this->fieldUtil->getFieldType($entityType, $field);
@@ -91,6 +104,8 @@ class SanitizeManager
return [];
}
$classNameList = [];
/** @var ?class-string<Sanitizer> $className */
$className = $this->metadata->get("fields.$fieldType.sanitizerClassName");
@@ -98,17 +113,14 @@ class SanitizeManager
$classNameList[] = $className;
}
/** @var class-string<Sanitizer>[] $classNameList */
$classNameList = $this->metadata->get("entityDefs.$entityType.fields.$field.sanitizerClassNameList") ?? [];
/** @var class-string<Sanitizer>[] $typeClassNameList */
$typeClassNameList = $this->metadata->get("fields.$fieldType.sanitizerClassNameList") ?? [];
$classNameList = array_merge(
$className ? [$className] : [],
$classNameList
);
$classNameList = array_merge($classNameList, $typeClassNameList);
return array_map(
fn ($className) => $this->injectableFactory->createWith($className, ['entityType' => $entityType]),
$classNameList
);
/** @var class-string<Sanitizer>[] $fieldClassNameList */
$fieldClassNameList = $this->metadata->get("entityDefs.$entityType.fields.$field.sanitizerClassNameList") ?? [];
return array_merge($classNameList, $fieldClassNameList);
}
}

4
application/Espo/Resources/metadata/fields/array.json
View File

@@ -103,5 +103,9 @@
"add",
"remove"
],
"sanitizerClassNameList": [
"Espo\\Classes\\FieldSanitizers\\ArrayFromNull",
"Espo\\Classes\\FieldSanitizers\\ArrayStringTrim"
],
"default": []
}

3
application/Espo/Resources/metadata/fields/barcode.json
View File

@@ -55,5 +55,8 @@
"len": 255
},
"validatorClassName": "Espo\\Classes\\FieldValidators\\VarcharType",
"sanitizerClassNameList": [
"Espo\\Classes\\FieldSanitizers\\StringTrim"
],
"default": null
}

4
application/Espo/Resources/metadata/fields/checklist.json
View File

@@ -79,5 +79,9 @@
"translatedOptions": true,
"dynamicLogicOptions": true,
"personalData": true,
"sanitizerClassNameList": [
"Espo\\Classes\\FieldSanitizers\\ArrayFromNull",
"Espo\\Classes\\FieldSanitizers\\ArrayStringTrim"
],
"default": []
}

3
application/Espo/Resources/metadata/fields/colorpicker.json
View File

@@ -27,5 +27,8 @@
"type": "varchar",
"maxLength": 7
},
"sanitizerClassNameList": [
"Espo\\Classes\\FieldSanitizers\\StringTrim"
],
"notCreatable": true
}

3
application/Espo/Resources/metadata/fields/email.json
View File

@@ -58,5 +58,8 @@
"personalData": true,
"valueFactoryClassName": "Espo\\Core\\Field\\EmailAddress\\EmailAddressGroupFactory",
"attributeExtractorClassName": "Espo\\Core\\Field\\EmailAddress\\EmailAddressGroupAttributeExtractor",
"sanitizerClassNameList": [
"Espo\\Classes\\FieldSanitizers\\StringTrim"
],
"default": null
}

4
application/Espo/Resources/metadata/fields/multiEnum.json
View File

@@ -111,5 +111,9 @@
"add",
"remove"
],
"sanitizerClassNameList": [
"Espo\\Classes\\FieldSanitizers\\ArrayFromNull",
"Espo\\Classes\\FieldSanitizers\\ArrayStringTrim"
],
"default": []
}

3
application/Espo/Resources/metadata/fields/phone.json
View File

@@ -78,5 +78,8 @@
"valueFactoryClassName": "Espo\\Core\\Field\\PhoneNumber\\PhoneNumberGroupFactory",
"attributeExtractorClassName": "Espo\\Core\\Field\\PhoneNumber\\PhoneNumberGroupAttributeExtractor",
"sanitizerClassName": "Espo\\Classes\\FieldSanitizers\\Phone",
"sanitizerClassNameList": [
"Espo\\Classes\\FieldSanitizers\\StringTrim"
],
"default": null
}

3
application/Espo/Resources/metadata/fields/text.json
View File

@@ -64,5 +64,8 @@
"textFilter": true,
"textFilterForeign": true,
"fullTextSearch": true,
"sanitizerClassNameList": [
"Espo\\Classes\\FieldSanitizers\\EmptyStringToNull"
],
"default": null
}

3
application/Espo/Resources/metadata/fields/url.json
View File

@@ -49,6 +49,9 @@
"fieldDefs": {
"type": "varchar"
},
"sanitizerClassNameList": [
"Espo\\Classes\\FieldSanitizers\\StringTrim"
],
"personalData": true,
"default": null
}

4
application/Espo/Resources/metadata/fields/urlMultiple.json
View File

@@ -55,5 +55,9 @@
"add",
"remove"
],
"sanitizerClassNameList": [
"Espo\\Classes\\FieldSanitizers\\ArrayFromNull",
"Espo\\Classes\\FieldSanitizers\\ArrayStringTrim"
],
"default": []
}

3
application/Espo/Resources/metadata/fields/varchar.json
View File

@@ -66,6 +66,9 @@
"mandatoryValidationList": [
"maxLength"
],
"sanitizerClassNameList": [
"Espo\\Classes\\FieldSanitizers\\StringTrim"
],
"filter": true,
"personalData": true,
"textFilter": true,

3
application/Espo/Resources/metadata/fields/wysiwyg.json
View File

@@ -57,5 +57,8 @@
"fullTextSearch": true,
"duplicatorClassName": "Espo\\Classes\\FieldDuplicators\\Wysiwyg",
"validatorClassName": "Espo\\Classes\\FieldValidators\\TextType",
"sanitizerClassNameList": [
"Espo\\Classes\\FieldSanitizers\\EmptyStringToNull"
],
"default": null
}

5
schema/metadata/fields.json
View File

@@ -171,6 +171,11 @@
"sanitizerClassName": {
"type": "string",
"description": "A sanitizer. Should implement Espo\\Core\\FieldSanitize\\Sanitizer."
},
"sanitizerClassNameList": {
"type": "array",
"items": {"type": "string"},
"description": "Sanitizers. Classes should implement Espo\\Core\\FieldSanitize\\Sanitizer. As of v8.2."
}
}
}

29
tests/integration/Espo/Record/SanitizeTest.php
View File

@@ -32,12 +32,23 @@ namespace tests\integration\Espo\Record;
use Espo\Core\Record\CreateParams;
use Espo\Core\Record\ServiceContainer;
use Espo\Modules\Crm\Entities\Account;
use Espo\Tools\FieldManager\FieldManager;
use tests\integration\Core\BaseTestCase;
class SanitizeTest extends BaseTestCase
{
public function testSanitize(): void
{
/** @noinspection PhpUnhandledExceptionInspection */
$this->getInjectableFactory()
->create(FieldManager::class)
->create(Account::ENTITY_TYPE, 'array', ['type' => 'array']);
/** @noinspection PhpUnhandledExceptionInspection */
$this->getDataManager()->rebuild();
$this->reCreateApplication();
$service = $this->getContainer()
->getByClass(ServiceContainer::class)
->getByClass(Account::class);
@@ -45,14 +56,25 @@ class SanitizeTest extends BaseTestCase
/** @noinspection PhpUnhandledExceptionInspection */
/** @var Account $account */
$account = $service->create((object) [
'name' => 'Test 1',
'name' => ' Test 1 ',
'sicCode' => ' ',
'phoneNumber' => '+380 9044 433 11',
'description' => '',
'array' => [
' test ',
'hello',
],
], CreateParams::create());
$numbers = $account->getPhoneNumberGroup()->getNumberList();
$this->assertCount(1, $numbers);
$this->assertEquals('+380904443311', $numbers[0]);
$this->assertEquals('Test 1', $account->getName());
$this->assertEquals(null, $account->get('sicCode'));
$this->assertEquals(null, $account->get('description'));
$this->assertEquals(['test', 'hello'], $account->get('array'));
/** @noinspection PhpUnhandledExceptionInspection */
/** @var Account $account */
$account = $service->create((object) [
@@ -65,8 +87,13 @@ class SanitizeTest extends BaseTestCase
'phoneNumber' => '+38 09 044 433 33',
],
],
'description' => 'Test',
'array' => null,
], CreateParams::create());
$this->assertEquals('Test', $account->get('description'));
$this->assertEquals([], $account->get('array'));
$numbers = $account->getPhoneNumberGroup()->getNumberList();
$this->assertCount(2, $numbers);