[pLog-svn] r5464 - in plog/branches/lifetype-1.2/class: data data/filter test/tests/data test/tests/data/filter
Oscar Renalias
oscar at renalias.net
Fri Jun 1 14:38:10 EDT 2007
Yes, we still use the validators. Validators validate while filters,
well, filter... :) We still need to make sure that data follows the
expected format once it's been cleansed by the filter (i.e. a field
called userEmail needs to be cleaned of HTML code but you still have
to make sure that it is a real email address)
On 1 Jun 2007, at 19:27, Jon Daley wrote:
> Do we still use the validator classes as well? Do the validators
> get called after the filters?
>
> On Wed, 30 May 2007, oscar at devel.lifetype.net wrote:
>
>> Author: oscar
>> Date: 2007-05-30 17:34:15 -0400 (Wed, 30 May 2007)
>> New Revision: 5464
>>
>> Added:
>> plog/branches/lifetype-1.2/class/data/filter/
>> plog/branches/lifetype-1.2/class/data/filter/filterbase.class.php
>> plog/branches/lifetype-1.2/class/data/filter/
>> htmlentitiesfilter.class.php
>> plog/branches/lifetype-1.2/class/data/filter/htmlfilter.class.php
>> plog/branches/lifetype-1.2/class/test/tests/data/filter/
>> plog/branches/lifetype-1.2/class/test/tests/data/filter/
>> filterbase_test.class.php
>> plog/branches/lifetype-1.2/class/test/tests/data/filter/
>> htmlfilter_test.class.php
>> Log:
>> Added support for filter classes, which is a concept similar to
>> validator classes but rather than just checking whether data has a
>> specfic format, filter classes will modify the input data if
>> necessary to make sure that it conforms to the requirements of the
>> specific filter class.
>> The most common usage of these classes will be input filtering of
>> unsafe input parameters.
>> The implementation is based on the FilterBase class that defines
>> the interface that all other filter classes must implement. The
>> interface itself is very simple and all data transformations must
>> be performed in the FilterBase::filter() method. Additionally,
>> filter classes can be chained via the FilterBase::addFilter() method.
>> There is only two filter classes implemented so far, HtmlFilter
>> that will strip all HTML code from the input string and
>> HtmlEntitiesFilter that will convert all characters to their
>> equivalient HTML entity if available.
>>
>>
>> Added: plog/branches/lifetype-1.2/class/data/filter/
>> filterbase.class.php
>> ===================================================================
>> --- plog/branches/lifetype-1.2/class/data/filter/
>> filterbase.class.php (rev 0)
>> +++ plog/branches/lifetype-1.2/class/data/filter/
>> filterbase.class.php 2007-05-30 21:34:15 UTC (rev 5464)
>> @@ -0,0 +1,66 @@
>> +<?php
>> +
>> + /**
>> + * \defgroup Filter
>> + *
>> + * Filters in Lifetype can be used to perform filtering
>> operations on data, although
>> + * they will be used most of the times as input filters to
>> filter the values of
>> + * incoming parameters.
>> + *
>> + * @see Properties::getValue()
>> + */
>> +
>> + /**
>> + * \ingroup Filter
>> + *
>> + * This class is the base class that defines the interface for
>> + * filter classes. You should probably not be instantiating
>> objects of this class
>> + * but instead, extend it and implement the FilterBase::filter()
>> method.
>> + *
>> + * It is also possible to chain multiple validators, in a way
>> that the output of
>> + * the previous one becomes the input of the next one. Please
>> see the
>> + * FilterBase::addFilter() method
>> + */
>> + class FilterBase
>> + {
>> + var $_filters;
>> +
>> + /**
>> + * Constructor of the class
>> + */
>> + function FilterBase()
>> + {
>> + $this->_filters = Array();
>> + }
>> +
>> + /**
>> + * Appends a validator to the current one. Validators appended
>> to this one
>> + * are chained <b>at the end</b> so they always get executed
>> + * <b>after</b> this one is.
>> + *
>> + * @param filterInstance An instance of a class that implements
>> the FilterBase interface
>> + * @return Always true
>> + */
>> + function addFilter( &$filterInstance )
>> + {
>> + $this->_filters[] = $filterInstance;
>> +
>> + return( true );
>> + }
>> +
>> + /**
>> + * This is the main method that takes care of the processing of
>> the input data
>> + *
>> + * @param data Unfiltered data
>> + * @return The filtered data
>> + */
>> + function filter( $data )
>> + {
>> + foreach( $this->_filters as $filterClass ) {
>> + $data = $filterClass->filter( $data );
>> + }
>> +
>> + return( $data );
>> + }
>> + }
>> +?>
>> \ No newline at end of file
>>
>> Added: plog/branches/lifetype-1.2/class/data/filter/
>> htmlentitiesfilter.class.php
>> ===================================================================
>> --- plog/branches/lifetype-1.2/class/data/filter/
>> htmlentitiesfilter.class.php (rev 0)
>> +++ plog/branches/lifetype-1.2/class/data/filter/
>> htmlentitiesfilter.class.php 2007-05-30 21:34:15 UTC (rev 5464)
>> @@ -0,0 +1,25 @@
>> +<?php
>> +
>> + lt_include( PLOG_CLASS_PATH."class/data/filter/
>> filterbase.class.php" );
>> +
>> + /**
>> + * \ingroup Filter
>> + *
>> + * This class extends the FilterBase interface to filter all HTML
>> + * code in the given string
>> + */
>> + class HtmlEntitiesFilter extends FilterBase
>> + {
>> + /**
>> + * Filters out all HTML and Javascript code from the given string
>> + *
>> + * @param data
>> + * @return The input string without HTML code
>> + */
>> + function filter( $data )
>> + {
>> + lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
>> + return( parent::filter( Textfilter::filterHTMLEntities
>> ( $data )));
>> + }
>> + }
>> +?>
>> \ No newline at end of file
>>
>> Added: plog/branches/lifetype-1.2/class/data/filter/
>> htmlfilter.class.php
>> ===================================================================
>> --- plog/branches/lifetype-1.2/class/data/filter/
>> htmlfilter.class.php (rev 0)
>> +++ plog/branches/lifetype-1.2/class/data/filter/
>> htmlfilter.class.php 2007-05-30 21:34:15 UTC (rev 5464)
>> @@ -0,0 +1,25 @@
>> +<?php
>> +
>> + lt_include( PLOG_CLASS_PATH."class/data/filter/
>> filterbase.class.php" );
>> +
>> + /**
>> + * \ingroup Filter
>> + *
>> + * This class extends the FilterBase interface to filter all HTML
>> + * code in the given string
>> + */
>> + class HtmlFilter extends FilterBase
>> + {
>> + /**
>> + * Filters out all HTML and Javascript code from the given string
>> + *
>> + * @param data
>> + * @return The input string without HTML code
>> + */
>> + function filter( $data )
>> + {
>> + lt_include( PLOG_CLASS_PATH."class/data/textfilter.class.php" );
>> + return( parent::filter( Textfilter::filterAllHTML( $data )));
>> + }
>> + }
>> +?>
>> \ No newline at end of file
>>
>> Added: plog/branches/lifetype-1.2/class/test/tests/data/filter/
>> filterbase_test.class.php
>> ===================================================================
>> --- plog/branches/lifetype-1.2/class/test/tests/data/filter/
>> filterbase_test.class.php (rev 0)
>> +++ plog/branches/lifetype-1.2/class/test/tests/data/filter/
>> filterbase_test.class.php 2007-05-30 21:34:15 UTC (rev 5464)
>> @@ -0,0 +1,34 @@
>> +<?php
>> +
>> + lt_include( PLOG_CLASS_PATH."class/test/helpers/
>> lifetypetestcase.class.php" );
>> + lt_include( PLOG_CLASS_PATH."class/data/filter/
>> filterbase.class.php" );
>> + lt_include( PLOG_CLASS_PATH."class/data/filter/
>> htmlfilter.class.php" );
>> +
>> + /**
>> + * \ingroup Test
>> + *
>> + * Test case for the FilterBase class
>> + */
>> + class FilterBase_Test extends LifeTypeTestCase
>> + {
>> + function setUp()
>> + {
>> + // create a username validator
>> + $this->f = new FilterBase();
>> + }
>> +
>> + function testAddFilter()
>> + {
>> + /**
>> + * :TODO:
>> + * This test should be improved!
>> + */
>> +
>> + // add two filters to the chain
>> + $this->f->addFilter( new HtmlFilter());
>> + $this->f->addFilter( new HtmlFilter());
>> + // and make sure that they're really there
>> + $this->assertEquals( 2, count( $this->f->_filters ));
>> + }
>> + }
>> +?>
>> \ No newline at end of file
>>
>> Added: plog/branches/lifetype-1.2/class/test/tests/data/filter/
>> htmlfilter_test.class.php
>> ===================================================================
>> --- plog/branches/lifetype-1.2/class/test/tests/data/filter/
>> htmlfilter_test.class.php (rev 0)
>> +++ plog/branches/lifetype-1.2/class/test/tests/data/filter/
>> htmlfilter_test.class.php 2007-05-30 21:34:15 UTC (rev 5464)
>> @@ -0,0 +1,33 @@
>> +<?php
>> +
>> + lt_include( PLOG_CLASS_PATH."class/test/helpers/
>> lifetypetestcase.class.php" );
>> + lt_include( PLOG_CLASS_PATH."class/data/filter/
>> htmlfilter.class.php" );
>> +
>> + /**
>> + * \ingroup Test
>> + *
>> + * Test case for the HtmlFilter class
>> + */
>> + class HtmlFilter_Test extends LifeTypeTestCase
>> + {
>> + function setUp()
>> + {
>> + // create a username validator
>> + $this->f = new HtmlFilter();
>> + }
>> +
>> + function testFilter()
>> + {
>> + $data = Array(
>> + "input" => "input",
>> + "<b>input</b>" => "input",
>> + "<script>window.alert();</script>" => "window.alert();",
>> + "\"><script>alert(1)</script>" => "\">alert(1)"
>> + );
>> +
>> + foreach( $data as $input => $output ) {
>> + $this->assertEquals( $output, $this->f->filter( $input ));
>> + }
>> + }
>> + }
>> +?>
>> \ No newline at end of file
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>>
>
> --
> Jon Daley
> http://jon.limedaley.com/
>
> An essential aspect of creativity is not being afraid to fail.
> -- Dr. Edwin Land
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list