New element : Validation\Select to enhance security
Opened this issue · 0 comments
GoogleCodeExporter commented
I propose this pieces of code to enhance the security on Select elements.
============
// PFBC\Element\Select (adding 3 lines)
class Select extends \PFBC\OptionElement {
protected $_attributes = array();
public function render() {
if(isset($this->_attributes["value"])) {
if(!is_array($this->_attributes["value"]))
$this->_attributes["value"] = array($this->_attributes["value"]);
}
else
$this->_attributes["value"] = array();
if(!empty($this->_attributes["multiple"]) && substr($this->_attributes["name"], -2) != "[]")
$this->_attributes["name"] .= "[]";
echo '<select', $this->getAttributes(array("value", "selected")), '>';
$selected = false;
$list_of_authorized_values = array();
foreach($this->options as $value => $text) {
$value = $this->getOptionValue($value);
$list_of_authorized_values[] = $value;
echo '<option value="', $this->filter($value), '"';
if(!$selected && in_array($value, $this->_attributes["value"])) {
echo ' selected="selected"';
$selected = true;
}
echo '>', $text, '</option>';
}
echo '</select>';
$this->validation[] = new \PFBC\Validation\Select($list_of_authorized_values);
}
}
===========
// PFBC\Validation\Select (new Validation class)
namespace PFBC\Validation;
class Select extends \PFBC\Validation {
protected $message = "Error: %element%, the returned value does not match any proposed values."; // or a better sentence...
protected $list_of_authorized_values = array();
public function __construct ($list) {
$this->list_of_authorized_values = $list;
}
public function isValid($value) {
if(in_array($value, $this->list_of_authorized_values))
return true;
return false;
}
}
Original issue reported on code.google.com by nrenv...@finindev.com
on 5 Feb 2013 at 4:51