Skip to content

Commit

Permalink
[TASK] Harden filter getters
Browse files Browse the repository at this point in the history
  • Loading branch information
@einpraegsam
einpraegsam committed Feb 23, 2024
1 parent 215cc02 commit aa9c3ac
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 20 deletions.
44 changes: 25 additions & 19 deletions Classes/Domain/Model/Transfer/FilterDto.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ public function __construct(int $timePeriod = self::PERIOD_DEFAULT)

public function getSearchterm(): string
{
return $this->searchterm;
return StringUtility::sanitizeString($this->searchterm);
}

public function isSearchtermSet(): bool
Expand All @@ -112,7 +112,7 @@ public function setSearchterm(string $searchterm): self

public function getPid(): string
{
return $this->pid;
return StringUtility::sanitizeString($this->pid);
}

public function isPidSet(): bool
Expand All @@ -128,7 +128,7 @@ public function setPid(string $pid): self

public function getTimeFrom(): string
{
return $this->timeFrom;
return StringUtility::sanitizeString($this->timeFrom);
}

public function isTimeFromSet(): bool
Expand All @@ -153,7 +153,7 @@ public function setTimeFrom(string $timeFrom): self

public function getTimeTo(): string
{
return $this->timeTo;
return StringUtility::sanitizeString($this->timeTo);
}

public function isTimeToSet(): bool
Expand Down Expand Up @@ -308,7 +308,7 @@ public function removeShortMode(): self

public function getDomain(): string
{
return $this->domain;
return StringUtility::sanitizeString($this->domain);
}

public function isDomainSet(): bool
Expand All @@ -324,7 +324,7 @@ public function setDomain(string $domain): self

public function getSite(): string
{
return StringUtility::cleanString($this->site);
return StringUtility::sanitizeString($this->site);
}

public function isSiteSet(): bool
Expand All @@ -344,55 +344,55 @@ public function setSite(string $site): self

public function getUtmCampaign(): string
{
return $this->utmCampaign;
return StringUtility::sanitizeString($this->utmCampaign);
}

public function isUtmCampaignSet(): bool
{
return $this->getUtmCampaign() !== '';
}

public function setUtmCampaign(string $utmCampaign): FilterDto
public function setUtmCampaign(string $utmCampaign): self
{
$this->utmCampaign = $utmCampaign;
return $this;
}

public function getUtmSource(): string
{
return $this->utmSource;
return StringUtility::sanitizeString($this->utmSource);
}

public function isUtmSourceSet(): bool
{
return $this->getUtmSource() !== '';
}

public function setUtmSource(string $utmSource): FilterDto
public function setUtmSource(string $utmSource): self
{
$this->utmSource = $utmSource;
return $this;
}

public function getUtmMedium(): string
{
return $this->utmMedium;
return StringUtility::sanitizeString($this->utmMedium);
}

public function isUtmMediumSet(): bool
{
return $this->getUtmMedium() !== '';
}

public function setUtmMedium(string $utmMedium): FilterDto
public function setUtmMedium(string $utmMedium): self
{
$this->utmMedium = $utmMedium;
return $this;
}

public function getUtmContent(): string
{
return $this->utmContent;
return StringUtility::sanitizeString($this->utmContent);
}

public function isUtmContentSet(): bool
Expand Down Expand Up @@ -424,7 +424,7 @@ public function setBranchCode(int $branchCode): self

public function getRevenueClass(): string
{
return $this->revenueClass;
return StringUtility::sanitizeString($this->revenueClass);
}

public function isRevenueClassSet(): bool
Expand All @@ -440,7 +440,7 @@ public function setRevenueClass(string $revenueClass): self

public function getSizeClass(): string
{
return $this->sizeClass;
return StringUtility::sanitizeString($this->sizeClass);
}

public function isSizeClassSet(): bool
Expand Down Expand Up @@ -513,7 +513,7 @@ public function isSet(): bool

public function isTimeFromOrTimeToSet(): bool
{
return $this->timeFrom !== '' || $this->timeTo !== '';
return $this->isTimeFromSet() || $this->isTimeToSet();
}

/**
Expand All @@ -523,9 +523,15 @@ public function isTimeFromOrTimeToSet(): bool
*/
protected function isOnlySearchtermGiven(): bool
{
return $this->searchterm !== '' && $this->pid === '' && $this->scoring === 0 && $this->categoryScoring === null
&& $this->timeFrom === '' && $this->timeTo === '' && $this->timePeriod === self::PERIOD_DEFAULT
&& $this->identified === self::IDENTIFIED_ALL && $this->domain === '';
return $this->isSearchtermSet()
&& $this->isPidSet() === false
&& $this->isScoringSet() === false
&& $this->isCategoryScoringSet() === false
&& $this->isTimeFromSet() === false
&& $this->isTimeToSet() === false
&& $this->timePeriod === self::PERIOD_DEFAULT
&& $this->identified === self::IDENTIFIED_ALL
&& $this->isDomainSet() === false;
}

/**
Expand Down
1 change: 0 additions & 1 deletion Classes/Domain/Repository/PagevisitRepository.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@
use In2code\Lux\Utility\FrontendUtility;
use In2code\Luxenterprise\Domain\Repository\ShortenerRepository;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Core\Utility\MathUtility;
use TYPO3\CMS\Extbase\Persistence\Exception\InvalidQueryException;
use TYPO3\CMS\Extbase\Persistence\QueryInterface;
use TYPO3\CMS\Extbase\Persistence\QueryResultInterface;
Expand Down
17 changes: 17 additions & 0 deletions Classes/Utility/StringUtility.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,23 @@ public static function cleanString(string $string, bool $toLower = false, string
return $string;
}

/**
* Clean strings like GET or POST params for SQL usage or usage in HTML. Disallowed characters are removed.
* Disallowed characters to sanitize SQL queries are: /\+*#?$%&!='"`´<>{}[]() and -- (double minus)
*
* Example replacements:
* 'Réne Nüßer' => 'Réne Nüßer',
* 'Not this/\+=*#?$%&!;"\'´`<>{}[]()--nono' => 'Not thisnono',
* 'But [email protected]_is,ok' => 'But [email protected]_is,ok',
*
* @param string $string
* @return string
*/
public static function sanitizeString(string $string): string
{
return preg_replace('/[\/\\+*#?$%&!=\'"`´<>{}\[\]()]|--/', '', $string);
}

public static function getRandomString(int $length = 32, bool $lowerAndUpperCase = true): string
{
$characters = implode('', range(0, 9)) . implode('', range('a', 'z'));
Expand Down

0 comments on commit aa9c3ac

Please sign in to comment.