Nettoyage et validation des données version 1

Source/Config/Clean.php

@@ -15,11 +15,30 @@ class Clean
 
     public static function simpleString(string $string): string
     {
-        $string = trim($string);
+    $string = trim($string);
-        $string = strip_tags($string);
+    $string = strip_tags($string);
-        return htmlspecialchars($string);
+    return htmlspecialchars($string);
     }
 
+    /**
+     * Cette fonction prend un tableau de chaînes de caractères en entrée et retourne un tableau de chaînes
+     * nettoyées.
+     * Elle supprime les espaces de début et de fin, ainsi que toutes les balises HTML, et encode les
+     * caractères spéciaux.
+     *
+     * @param array $array Le tableau de chaînes à nettoyer
+     * @return array Le tableau de chaînes nettoyées
+     */
+
+    public static function simpleStringArray(array $array): array
+    {
+        $array = array_map('trim', $array);
+        $array = array_map('strip_tags', $array);
+        $array = array_map('htmlspecialchars', $array);
+        return $array;
+    }
+
+
     /**
      * Cette fonction prend une chaîne de caractères en entrée et retourne une version nettoyée de cette chaîne.
      * Elle supprime les espaces de début et de fin, ainsi que toutes les balises HTML, et encode les
@@ -45,4 +64,6 @@ class Clean
     {
         return filter_var($int, FILTER_SANITIZE_NUMBER_INT);
     }
+
+
 }

Source/Config/Validate.php

@@ -98,10 +98,35 @@ class Validate
         global $responseMaxLength;
         return (strlen($response) <= $responseMaxLength);
     }
+
+    /**
+     * Vérifie si le nom est valide.
+     *
+     * @param string $name Le nom a vérifié.
+     * @return bool Vrai si le nom est valide, faux sinon.
+     */
+
     public static function username(string $username): bool
     {
         global $usernameMaxLength;
         return (strlen($username) >= 3 && preg_match("#[a-zA-Z0-9]+#", $username) && strlen($username) <= $usernameMaxLength);
     }
 
+    /**
+     * Vérifie si la description est valide.
+     *
+     * @param string $description La description a vérifié.
+     * @return bool Vrai si la description est valide, faux sinon.
+     */
+
+     public static function categories(array $categories): bool
+    {
+        global $categoryMaxLength;
+        foreach ($categories as $category) {
+            if (strlen($category) > $categoryMaxLength) {
+                return false;
+            }
+        }
+        return true;
+    }
 }

Source/Config/config.php

@@ -49,4 +49,5 @@ $keyWordMaxLength=50;
 $titleMaxLength=50;
 $typeMaxLength=50;
 $responseMaxLength=200;
+$categoryMaxLenght=150;
 

Source/Controller/ControllerAdmin.php

@@ -3,6 +3,8 @@
 namespace Controller;
 
 use Model\ModelAdmin;
+use Config\Clean;
+use Config\Validate;
 
 /**
  * Permet de controller les réponses à fournir en fonction des actions passer dans l'URL
@@ -19,7 +21,7 @@ class ControllerAdmin
      */
     public function addQuestion(): void
     {
-        $type = $_POST['type'];
+        $type = Clean::simpleString($_POST['type']);
         $idQuestion = (new ModelAdmin())->addQuestion();
         if (strcmp($type, "BusinessClass\TextQuestion") == 0) {
             $this->goToQuestions();
@@ -52,9 +54,9 @@ class ControllerAdmin
     {
         (new ModelAdmin())->addResponse();
         $categories = (new ModelAdmin())->getCategories();
-        $idQuestion = $_POST['idQuestion'];
+        $idQuestion = Clean::int($_POST['idQuestion']);
-        $questionContent = $_POST['question'];
+        $questionContent = Clean::simpleString($_POST['question']);
-        $type = $_POST['type'];
+        $type = Clean::simpleString($_POST['type']);
         global $rep, $views;
         require_once($rep.$views['continue']);
     }
@@ -79,12 +81,12 @@ class ControllerAdmin
      */
     public function continueResponse(): void
     {
-        $choose = $_POST['choose'];
+        $choose = Clean::simpleString($_POST['choose']);
         if ($choose == "Oui") {
-            $idQuestion = $_POST['idQuestion'];
+            $idQuestion = Clean::int($_POST['idQuestion']);
             $categories = (new ModelAdmin())->getCategories();
-            $questionContent = $_POST['question'];
+            $questionContent = Clean::simpleString($_POST['question']);
-            $type = $_POST['type'];
+            $type = Clean::simpleString($_POST['type']);
             global $rep, $views;
             require_once($rep.$views['possibleResponsesForm']);
         } else {

Source/Model/ModelAdmin.php

@@ -7,6 +7,8 @@ use Exception;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\GuzzleException;
 use PDOException;
+use Config\Validate;
+use Config\Clean;
 
 /**
  * Permet de développer les fonctions appelées par le controllerAdmin pour gérer
@@ -39,26 +41,29 @@ class ModelAdmin
      */
     public function addQuestion(): int
     {
-        $questionContent = $_POST['question'];
+        $questionContent = Clean::simpleString($_POST['question']);
-        $type = $_POST['type'];
+        $type = Clean::simpleString($_POST['type']);
         try {
-
+        if (validate::type($type)) {
-
             $question = new $type(0, $questionContent);
             $res = $this->client->request('GET', 'https://codefirst.iut.uca.fr/containers/Temoignages-deploy_api_form/getForm');
             $form = json_decode($res->getBody());
             if (!empty($form)) {
-                $res = $this->client->request('POST', 'https://codefirst.iut.uca.fr/containers/Temoignages-deploy_api_form/addQuestion?
+                $res = $this->client->request(
-                                    content='.$questionContent.'&
+                    'POST',
-                                    classQuestion='.get_class($question).'&
+                    'https://codefirst.iut.uca.fr/containers/Temoignages-deploy_api_form/addQuestion?
-                                    idForm='.$form[0]['id']
+                                            content='.$questionContent.'&
+                                            classQuestion='.get_class($question).'&
+                                            idForm='.$form[0]['id']
                 );
                 return json_decode($res->getBody());
             }
+        } else {
+            throw new Exception('Type de question invalide');
+        }
         }catch (GuzzleException $g){
             throw new Exception($g->getMessage(),$g->getCode(),$g);
         }
-
         return -1;
     }
 
@@ -70,9 +75,12 @@ class ModelAdmin
      */
     public function deleteQuestion():void
     {
-        $idQuestion = $_POST["idQuestion"];
+        $idQuestion = Clean::int($_POST["idQuestion"]);
-        $type = $_POST["type"];
+        $type = Clean::simpleString($_POST["type"]);
         try {
+            if (!validate::type($type)) {
+                throw new Exception('Type de question invalide');
+            }
             $res = $this->client->request('DELETE', 'https://codefirst.iut.uca.fr/containers/Temoignages-deploy_api_form/deleteQuestion?
                                 classQuestion='.$type.'&
                                 id='.$idQuestion
@@ -93,13 +101,16 @@ class ModelAdmin
      */
      public function addResponse(): void
     {
-        $idQuestion = $_POST['idQuestion'];
+        $idQuestion = Clean::int($_POST['idQuestion']);
-        $response = $_POST['response'];
+        $response = Clean::simpleString($_POST['response']);
-        $categories = $_POST['categories'];
+        $categories = Clean::simpleStringArray($_POST['categories']);
         if ($categories == null) {
             $categories = [];
         }
         try {
+            if(!validate::categories($categories)){
+                throw new Exception('Categories invalides');
+            }
             $this->client->request('POST', 'https://codefirst.iut.uca.fr/containers/Temoignages-deploy_api_form/insertResponseInQuestion?
                                     response='.$response.'&
                                     categories='.$categories.'&
@@ -162,8 +173,11 @@ class ModelAdmin
      */
     public function addKeyword(): void
     {
-        $keyword = $_POST['keyword'];
+        $keyword = Clean::simpleString($_POST['keyword']);
         try {
+            if(!validate::keyword($keyword)){
+                throw new Exception('Mot-clef invalide');
+            }
             $this->client->request('POST', 'https://codefirst.iut.uca.fr/containers/Temoignages-deploy_api_form/insertKeyword?
                                     keyword='.$keyword
             );
@@ -276,7 +290,7 @@ class ModelAdmin
     {
         try {
             $res = $this->client->request('DELETE', 'https://codefirst.iut.uca.fr/containers/Temoignages-deploy_api_form/deleteListResponseOfCandidate?
-                                            id='.$_POST["idResponseCandidate"]
+                                            id='.Clean::int($_POST["idResponseCandidate"])
             );
             if ($res->getStatusCode()!=200){
                 throw new Exception('DeleteListResponseOfCandidate failed');

Source/Model/ModelCandidate.php

@@ -32,9 +32,8 @@ class ModelCandidate
     public function submitForm(): void
     {
         $answersAndCategories = $_POST['answers'];
-
         $dataIds = null;
-        if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'submitForm') {
+        if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && Clean::simpleString($_POST['action']) === 'submitForm') {
             $dataIdsJson = $_POST['data_ids'];
             $dataIds = json_decode($dataIdsJson);
         }