merged branch drak/paramaterbag_filter (PR #2261)

Commits ------- c4a0f79 Updates according to suggestions. 6aec789 Added tests. 54454ba Added generic filtering to ParameterBag. Discussion ---------- Added generic filtering to ParameterBag. Adds filtering convenience using PHP's filter_var() e.g. $request->get->filter($key, '', false, FITLER_SANITIZE_STRING); See http://php.net/manual/en/filter.filters.php for capabilities. --------------------------------------------------------------------------- by GromNaN at 2011/09/25 15:41:50 -0700 What is the use case ? --------------------------------------------------------------------------- by drak at 2011/09/25 15:52:19 -0700 Input variable validation/sanitization. ParameterBag has a few built in like `getAlnum()` for example. This method offer's PHP's full filtering and sanitization suite. --------------------------------------------------------------------------- by fabpot at 2011/09/27 00:56:41 -0700 Can you add some unit tests for this new feature? --------------------------------------------------------------------------- by drak at 2011/09/27 00:58:56 -0700 Sure thing. --------------------------------------------------------------------------- by drak at 2011/09/27 01:07:03 -0700 Before I make the commit, is the method name ok for you or would you prefer it is called `getFiltered()`? --------------------------------------------------------------------------- by fabpot at 2011/09/27 01:13:46 -0700 `filter` sounds good to me. --------------------------------------------------------------------------- by drak at 2011/09/27 02:37:01 -0700 I've added some tests. --------------------------------------------------------------------------- by stloyd at 2011/09/27 02:42:42 -0700 @drak IMO you must check that user don't use unknown filter and/or flags for filter. --------------------------------------------------------------------------- by drak at 2011/09/27 02:48:38 -0700 @stloyd - I'm not sure that's practical at all, this is a wrapper for a built-in PHP function and I don't understand why we would need validate arguments for a PHP function - it's the coder's job to use the API correctly - none of the inputs to this function are coming from a web request. It would also mean that the API would need to keep track of any upstream changes to constants in the PHP engine (which are just integers after all). It's really just not practical. --------------------------------------------------------------------------- by stealth35 at 2011/09/27 05:16:50 -0700 @drak it's could be cool to use `filter_id` ✌️ if (is_string) { $filter = filter_id($filter); } --------------------------------------------------------------------------- by drak at 2011/09/27 07:05:42 -0700 @stealth35 regarding this if (is_string) { $filter = filter_id($filter); } I believe strongly in the use of IDEs when coding and autocomplete nicely provides when you type `FILTER_`. Additionally, `filter_id()` only works on filters, but not for the flags, so I'm not entirely sure how useful it would be overall compared to using a good IDE (which you need when working with complex frameworks anyhow, imo :) --------------------------------------------------------------------------- by drak at 2011/09/27 07:30:10 -0700 Ok check it now.
2011-09-27 17:21:30 +02:00 · 2011-09-27 17:21:30 +02:00 · 7b204ed23a
commit 7b204ed23a
parent 063e6f9ae6 c4a0f799af
2 changed files with 70 additions and 0 deletions
--- a/src/Symfony/Component/HttpFoundation/ParameterBag.php
+++ b/src/Symfony/Component/HttpFoundation/ParameterBag.php
@ -242,4 +242,34 @@ class ParameterBag
    {
        return (int) $this->get($key, $default, $deep);
    }
+    
+    /**
+     * Filter key.
+     * 
+     * @param string  $key     Key.
+     * @param mixed   $default Default = null.
+     * @param boolean $deep    Default = false.
+     * @param integer $filter  FILTER_* constant.
+     * @param mixed   $options Filter options.
+     * 
+     * @see http://php.net/manual/en/function.filter-var.php
+     *
+     * @return mixed
+     */
+    public function filter($key, $default = null, $deep = false, $filter=FILTER_DEFAULT, $options=array())
+    {
+        $value = $this->get($key, $default, $deep);
+        
+        // Always turn $options into an array - this allows filter_var option shortcuts.
+        if (!is_array($options) && $options) {
+            $options = array('flags' => $options);
+        }
+        
+        // Add a convenience check for arrays.
+        if (is_array($value) && !isset($options['flags'])) {
+            $options['flags'] = FILTER_REQUIRE_ARRAY;
+        }
+        
+        return filter_var($value, $filter, $options);
+    }
 }
--- a/tests/Symfony/Tests/Component/HttpFoundation/ParameterBagTest.php
+++ b/tests/Symfony/Tests/Component/HttpFoundation/ParameterBagTest.php
@ -162,4 +162,44 @@ class ParameterBagTest extends \PHPUnit_Framework_TestCase
        $this->assertEquals(123, $bag->getInt('digits'), '->getInt() gets a value of parameter as integer');
        $this->assertEquals(0, $bag->getInt('unknown'), '->getInt() returns zero if a parameter is not defined');
    }
+    
+    /**
+     * @covers Symfony\Component\HttpFoundation\ParameterBag::filter
+     */
+    public function testFilter()
+    {
+        $bag = new ParameterBag(array(
+            'digits' => '0123ab', 
+            'email' => 'example@example.com', 
+            'url' => 'http://example.com/foo',
+            'dec' => '256',
+            'hex' => '0x100',
+            'array' => array('bang'),
+            ));
+
+        $this->assertEmpty($bag->filter('nokey'), '->filter() should return empty by default if no key is found');
+        
+        $this->assertEquals('0123', $bag->filter('digits', '', false, FILTER_SANITIZE_NUMBER_INT), '->filter() gets a value of parameter as integer filtering out invalid characters');
+        
+        $this->assertEquals('example@example.com', $bag->filter('email', '', false, FILTER_VALIDATE_EMAIL), '->filter() gets a value of parameter as email');
+        
+        $this->assertEquals('http://example.com/foo', $bag->filter('url', '', false, FILTER_VALIDATE_URL, array('flags' => FILTER_FLAG_PATH_REQUIRED)), '->filter() gets a value of parameter as url with a path');
+        
+        // This test is repeated for code-coverage
+        $this->assertEquals('http://example.com/foo', $bag->filter('url', '', false, FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED), '->filter() gets a value of parameter as url with a path');
+        
+        $this->assertFalse($bag->filter('dec', '', false, FILTER_VALIDATE_INT, array(
+            'flags'   => FILTER_FLAG_ALLOW_HEX,
+            'options' => array('min_range' => 1, 'max_range' => 0xff))
+                ), '->filter() gets a value of parameter as integer between boundaries');
+        
+        $this->assertFalse($bag->filter('hex', '', false, FILTER_VALIDATE_INT, array(
+            'flags'   => FILTER_FLAG_ALLOW_HEX,
+            'options' => array('min_range' => 1, 'max_range' => 0xff))
+                ), '->filter() gets a value of parameter as integer between boundaries');
+        
+        $this->assertEquals(array('bang'), $bag->filter('array', '', false), '->filter() gets a value of parameter as an array');
+        
+        
+    }
 }