Skip to content

Commit

Permalink
Merge pull request #539 from DiamondLightSource/pre-release/Fix/LIMS-…
Browse files Browse the repository at this point in the history 
…645/Make_parse_request_paramters_allow_string_and_other_types

return false on non string
  • Loading branch information
@John-Holt-Tessella
John-Holt-Tessella authored Apr 25, 2023
2 parents af2d012 + 1df1cf9 commit 7c8b07e
Showing 1 changed file with 11 additions and 13 deletions.
24 changes: 11 additions & 13 deletions api/src/Page.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -517,7 +517,7 @@ function _parse_args()
$tmp = array();
foreach ($r->$k as $val)
{
if ($this->_match_pattern_to_value_unsafe('/^' . $v . '$/m', $val))
if ($this->_match_pattern_to_input('/^' . $v . '$/m', $val))
{
array_push($tmp, $v == '.*' ? $purifier->purify($val) : $val);
}
Expand All @@ -527,7 +527,7 @@ function _parse_args()
}
else
{
if ($this->_match_pattern_to_value_unsafe('/^' . $v . '$/m', $r->$k))
if ($this->_match_pattern_to_input('/^' . $v . '$/m', $r->$k))
{
$par[$k] = $v == '.*' ? $purifier->purify($r->$k) : $r->$k;
if ($k == 'prop')
Expand All @@ -554,7 +554,7 @@ function _parse_args()
$tmp = array();
foreach ($request[$k] as $val)
{
if ($this->_match_pattern_to_value_unsafe('/^' . $v . '$/m', $val))
if ($this->_match_pattern_to_input('/^' . $v . '$/m', $val))
{
array_push($tmp, $v == '.*' ? $purifier->purify($val) : $val);
}
Expand All @@ -572,7 +572,7 @@ function _parse_args()
$tmp = array();
foreach ($value as $value2)
{
if ($this->_match_pattern_to_value_unsafe('/^' . $v . '$/m', $value2))
if ($this->_match_pattern_to_input('/^' . $v . '$/m', $value2))
{
array_push($tmp, $v == '.*' ? $purifier->purify($value2) : $value2);
}
Expand All @@ -581,7 +581,7 @@ function _parse_args()
}
else
{
if ($this->_match_pattern_to_value_unsafe('/^' . $v . '$/m', $value))
if ($this->_match_pattern_to_input('/^' . $v . '$/m', $value))
{
$request[$k]->$key = $v == '.*' ? $purifier->purify($value) : $value;
}
Expand All @@ -607,7 +607,7 @@ function _parse_args()
$tmp = array();
foreach ($item as $element)
{
if ($this->_match_pattern_to_value_unsafe('/^' . $v . '$/m', $element))
if ($this->_match_pattern_to_input('/^' . $v . '$/m', $element))
{
array_push($tmp, $v == '.*' ? $purifier->purify($element) : $element);
}
Expand All @@ -616,7 +616,7 @@ function _parse_args()
}
else
{
if ($this->_match_pattern_to_value_unsafe('/^' . $v . '$/m', $item))
if ($this->_match_pattern_to_input('/^' . $v . '$/m', $item))
{
$object->$name = $v == '.*' ? $purifier->purify($item) : $item;
}
Expand All @@ -628,7 +628,7 @@ function _parse_args()
}
else
{
if ($this->_match_pattern_to_value_unsafe('/^' . $v . '$/m', $request[$k]))
if ($this->_match_pattern_to_input('/^' . $v . '$/m', $request[$k]))
{
$parsed[$k] = $v == '.*' ? $purifier->purify($request[$k]) : $request[$k];
}
Expand Down Expand Up @@ -674,16 +674,14 @@ function argOrNull($key)
# Misc Helpers

/**
* Return 1 if pattern matches the input, 0 if not
* It is unsafe because if the value can not be converted to a string it is assume to match, this is to
* replicate older behaviour (particularly on simple sample page)
* Replicates preg_match but captures the case where the input can not be converted to string
*/
function _match_pattern_to_value_unsafe($pattern, $input)
function _match_pattern_to_input($pattern, $input)
{
if (is_null($input) || is_scalar($input) || (is_object($input) && method_exists($input, '__toString'))) {
return preg_match($pattern, strval($input));
}
return 1;
return false;
}

# Pretty-ish printer
Expand Down

0 comments on commit 7c8b07e

Please sign in to comment.