[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 09/09: task #2297: Suppression $_REQUEST doss
|
From: |
dwm |
|
Subject: |
[Noalyss-commit] [noalyss] 09/09: task #2297: Suppression $_REQUEST dossier.class.php |
|
Date: |
Sun, 17 Sep 2023 15:06:14 -0400 (EDT) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 4bf2ca815181df863a8cfffc733b51beec0369e5
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Sat Sep 16 12:42:57 2023 +0200
task #2297: Suppression $_REQUEST dossier.class.php
---
include/class/dossier.class.php | 56 ++++++++++++----------
.../class/{dossier.Test.php => dossierTest.php} | 33 +++++++++++++
2 files changed, 63 insertions(+), 26 deletions(-)
diff --git a/include/class/dossier.class.php b/include/class/dossier.class.php
index f7442efce..e4aafdcf1 100644
--- a/include/class/dossier.class.php
+++ b/include/class/dossier.class.php
@@ -50,11 +50,10 @@ class Dossier
$this->dos_id=$p_id;
}
- /*!\brief return the $_REQUEST['gDossier'] after a check */
+ /*!\brief return the 'gDossier' value after a check */
static function id()
{
- self::check();
$http=new HttpInput();
return $http->request('gDossier','number');
@@ -127,11 +126,12 @@ class Dossier
return $nb_folder;
}
- /*!
- * \brief Return all the users
- * as an array
+ /**
+ * \brief Return all the users as an array but NOALYSS_ADMINISTRATOR, that
user cannot be changed by the
+ * interface for administrating user
+ * \param SQL $sql sql string to add to the query :
+ * \note that string MUST be the result of Database::escape_string
*/
-
function get_user_folder($sql="")
{
@@ -162,20 +162,21 @@ class Dossier
return $res;
}
- /*!\brief check if gDossier is set */
+ /*!\brief check if gDossier is set
+ * ?? dead code ???
+ */
static function check()
{
- if (!isset($_REQUEST['gDossier']))
- {
- echo_error('Dossier inconnu ');
- exit('Dossier invalide ');
+ try {
+ $http=new HttpInput();
+ $id=$http->request("gDossier","number");
+ if ($id > 999999 || $id < 0) throw new \Exception(_("Dossier max
dépassé"));
+ } catch (\Exception $e) {
+
+ die('Dossier invalide ');
}
- $id=$_REQUEST['gDossier'];
- if (is_numeric($id)==0||
- strlen($id)>6||
- $id>999999)
- exit('gDossier Invalide : '.$id);
+
}
/*!
@@ -184,27 +185,30 @@ class Dossier
static function get()
{
- self::check();
- return "gDossier=".$_REQUEST['gDossier'];
+ $http=new \HttpInput();
+ return "gDossier=".$http->request("gDossier","number");
}
- /*!\brief return a string to set gDossier into a FORM */
+ /*!
+ * \brief return a string to set gDossier into a FORM
+ */
static function hidden()
{
- self::check();
- return '<input type="hidden" id="gDossier" name="gDossier"
value="'.$_REQUEST['gDossier'].'">';
+ $http=new \HttpInput();
+
+ return '<input type="hidden" id="gDossier" name="gDossier"
value="'.$http->request("gDossier","number").'">';
}
/*!\brief retrieve the name of the current dossier */
static function name($id=0)
{
- self::check();
+ $http=new \HttpInput();
$cn=new Database();
- $id=($id==0)?$_REQUEST['gDossier']:$id;
- $name=$cn->get_value("select dos_name from ac_dossier where
dos_id=$1", array($_REQUEST['gDossier']));
+ $id=($id==0)?$http->request("gDossier","number"):$id;
+ $name=$cn->get_value("select dos_name from ac_dossier where
dos_id=$1", array($id));
return $name;
}
@@ -419,9 +423,9 @@ class Dossier
*/
static function set_current($p_dossier) {
+ self::check($p_dossier);
put_global([ [ "key"=>"gDossier","value"=>$p_dossier]]);
- self::check();
-
+
}
}
diff --git a/unit-test/include/class/dossier.Test.php
b/unit-test/include/class/dossierTest.php
similarity index 63%
rename from unit-test/include/class/dossier.Test.php
rename to unit-test/include/class/dossierTest.php
index 3e06982b9..25f2416c9 100644
--- a/unit-test/include/class/dossier.Test.php
+++ b/unit-test/include/class/dossierTest.php
@@ -59,4 +59,37 @@ class DossierTest extends TestCase
$obj->load();
$this->assertEquals(DOSSIER,$obj->get_parameter("id"),"Not the right
folder");
}
+ /**
+ * @testdox check
+ */
+ public function testCheck()
+ {
+ $_REQUEST['gDossier']='14';
+ \Dossier::check();
+ $this->assertTrue(true, 'check has failed');
+ }
+ /**
+ * @testdox hidden function
+ */
+ function testHidden()
+ {
+ $_REQUEST['gDossier']='14';
+ $this->assertEquals('<input type="hidden" id="gDossier"
name="gDossier" value="14">', \Dossier::hidden());
+ }
+ /**
+ * @testdox get function
+ */
+ function testGet()
+ {
+ $_REQUEST['gDossier']='14';
+ $this->assertEquals('gDossier=14', \Dossier::get());
+ }
+ /**
+ * @testdox set current dossier
+ */
+ function testSetCurrentDossier()
+ {
+ \Dossier::set_current(15);
+ $this->assertEquals(15, \Dossier::id());
+ }
}
- [Noalyss-commit] [noalyss] branch master updated (b77ac34d8 -> 4bf2ca815), dwm, 2023/09/17
- [Noalyss-commit] [noalyss] 07/09: Comptability PHP8.1, dwm, 2023/09/17
- [Noalyss-commit] [noalyss] 01/09: PHP8.1 deprecated, dwm, 2023/09/17
- [Noalyss-commit] [noalyss] 05/09: Default currency, dwm, 2023/09/17
- [Noalyss-commit] [noalyss] 06/09: correct global g_parameter, dwm, 2023/09/17
- [Noalyss-commit] [noalyss] 02/09: compatibility PHP8.1, dwm, 2023/09/17
- [Noalyss-commit] [noalyss] 08/09: Remove dead code, dwm, 2023/09/17
- [Noalyss-commit] [noalyss] 03/09: Bug cannot update description in FOLLOW->event, dwm, 2023/09/17
- [Noalyss-commit] [noalyss] 04/09: Merge branch 'patch-230902', dwm, 2023/09/17
- [Noalyss-commit] [noalyss] 09/09: task #2297: Suppression $_REQUEST dossier.class.php,
dwm <=