From 5e67e4fe3908ac2cfffced7f462e4f373d1cdbf1 Mon Sep 17 00:00:00 2001 From: paulr Date: Sun, 6 Nov 2011 04:19:44 +1100 Subject: [PATCH] started some input validation code and unit tests for it --- gwvplib/gwvpdatabase.php | 65 ++++++++++++++++++++++++++++++++++++++++++- gwvplib/gwvpinputcheck.php | 12 ++++++++ gwvplib/gwvplib.php | 1 + gwvplib/gwvpuseradmin.php | 6 ++- unittests/inputvalidate.php | 35 +++++++++++++++++++++++ www/config-dist.php | 3 ++ 6 files changed, 119 insertions(+), 3 deletions(-) create mode 100644 gwvplib/gwvpinputcheck.php create mode 100644 unittests/inputvalidate.php diff --git a/gwvplib/gwvpdatabase.php b/gwvplib/gwvpdatabase.php index 065b406..7338e68 100644 --- a/gwvplib/gwvpdatabase.php +++ b/gwvplib/gwvpdatabase.php @@ -87,6 +87,69 @@ function gwvp_forceDisconnect() $DB_CONNECTION = false; } + +function gwvp_getConfigVal($confname) +{ + /* + * $configsql = ' + CREATE TABLE "config" ( + "config_name" TEXT, + "config_value" TEXT + )'; + + */ + + $conn = gwvp_ConnectDB(); + + $sql = "select * from config where config_name='$confname'"; + + $res = $conn->query($sql); + + $return = null; + foreach($res as $val) { + $return = $val; + } + +} + +function gwvp_eraseConfigVal($confname) +{ + /* + * $configsql = ' + CREATE TABLE "config" ( + "config_name" TEXT, + "config_value" TEXT + )'; + + */ + + $conn = gwvp_ConnectDB(); + + $sql = "delete from config where config_name='$confname'"; + + return $conn->query($sql); +} + +function gwvp_setConfigVal($confname, $confval) +{ + /* + * $configsql = ' + CREATE TABLE "config" ( + "config_name" TEXT, + "config_value" TEXT + )'; + + */ + gwvp_eraseConfigVal($confname); + + $conn = gwvp_ConnectDB(); + + $sql = "insert into config values('$confname', '$confval')"; + + return $conn->query($sql); +} + + function gwvp_isDBSetup() { // for sqlite, we just check if the db exists, for everyone else, we check for a conneciton and go yay or nay @@ -557,7 +620,7 @@ function gwvp_IsUserAdmin($email=null, $username = null) $rn++; } - foreach($gid as $gid_t) { + if($gid !== false) foreach($gid as $gid_t) { /* * CREATE TABLE groups ( "groups_id" INTEGER, diff --git a/gwvplib/gwvpinputcheck.php b/gwvplib/gwvpinputcheck.php new file mode 100644 index 0000000..59de285 --- /dev/null +++ b/gwvplib/gwvpinputcheck.php @@ -0,0 +1,12 @@ + \ No newline at end of file diff --git a/gwvplib/gwvplib.php b/gwvplib/gwvplib.php index 693486c..24b2d77 100644 --- a/gwvplib/gwvplib.php +++ b/gwvplib/gwvplib.php @@ -10,6 +10,7 @@ require_once("gwvpsetup.php"); require_once("gwvpdatabase.php"); require_once("gwvpconfig.php"); require_once("gwvpgitcontrol.php"); +require_once("gwvpinputcheck.php"); // this is loaded second last require_once("gwvppluginloader.php"); diff --git a/gwvplib/gwvpuseradmin.php b/gwvplib/gwvpuseradmin.php index 171778f..1d7e86d 100644 --- a/gwvplib/gwvpuseradmin.php +++ b/gwvplib/gwvpuseradmin.php @@ -403,6 +403,8 @@ function gwvp_UserAdminPageBody() $ingroups = gwvp_getGroupsForUser($email); $ownedgroups = gwvp_getGroupsOwnedByUser($email); + //echo "vardump: "; + //var_dump($ownedgroups); $ugroups = ""; if($ownedgroups == false) $ogroups = "-"; else { @@ -413,9 +415,9 @@ function gwvp_UserAdminPageBody() trim($ugroups); - foreach($ingroups as $grname) { + if($ingroups !== false) foreach($ingroups as $grname) { $isownedgroup = false; - foreach($ownedgroups as $gr_u) { + if($ownedgroups !== false) foreach($ownedgroups as $gr_u) { if($grname == $gr_u) $isownedgroup = true; } if(!$isownedgroup) $ugroups .= "$grname
"; diff --git a/unittests/inputvalidate.php b/unittests/inputvalidate.php new file mode 100644 index 0000000..a97dbb4 --- /dev/null +++ b/unittests/inputvalidate.php @@ -0,0 +1,35 @@ + \ No newline at end of file diff --git a/www/config-dist.php b/www/config-dist.php index 7a57d2a..1ff1c14 100644 --- a/www/config-dist.php +++ b/www/config-dist.php @@ -1,5 +1,8 @@