| 1 | <?php |
| 2 | /* |
| 3 | +--------------------------------------------------------------------+ |
| 4 | | Copyright CiviCRM LLC. All rights reserved. | |
| 5 | | | |
| 6 | | This work is published under the GNU AGPLv3 license with some | |
| 7 | | permitted exceptions and without any warranty. For full license | |
| 8 | | and copyright information, see https://civicrm.org/licensing | |
| 9 | +--------------------------------------------------------------------+ |
| 10 | */ |
| 11 | |
| 12 | /** |
| 13 | * |
| 14 | * @package CRM |
| 15 | * @copyright CiviCRM LLC https://civicrm.org/licensing |
| 16 | */ |
| 17 | |
| 18 | require_once 'HTML/QuickForm/Rule/Email.php'; |
| 19 | |
| 20 | /** |
| 21 | * Class CRM_Utils_Rule |
| 22 | */ |
| 23 | class CRM_Utils_Rule { |
| 24 | |
| 25 | /** |
| 26 | * @param string|null $str |
| 27 | * @param int $maxLength |
| 28 | * |
| 29 | * @return bool |
| 30 | */ |
| 31 | public static function title($str, $maxLength = 127) { |
| 32 | |
| 33 | // check length etc |
| 34 | if (empty($str) || strlen($str) > $maxLength) { |
| 35 | return FALSE; |
| 36 | } |
| 37 | |
| 38 | // Make sure it include valid characters, alpha numeric and underscores |
| 39 | if (!preg_match('/^\w[\w\s\'\&\,\$\#\-\.\"\?\!]+$/i', $str)) { |
| 40 | return FALSE; |
| 41 | } |
| 42 | |
| 43 | return TRUE; |
| 44 | } |
| 45 | |
| 46 | /** |
| 47 | * @param string|null $str |
| 48 | * |
| 49 | * @return bool |
| 50 | */ |
| 51 | public static function longTitle($str) { |
| 52 | return self::title($str, 255); |
| 53 | } |
| 54 | |
| 55 | /** |
| 56 | * @param string|null $str |
| 57 | * |
| 58 | * @return bool |
| 59 | */ |
| 60 | public static function variable($str) { |
| 61 | // check length etc |
| 62 | if (empty($str) || strlen($str) > 31) { |
| 63 | return FALSE; |
| 64 | } |
| 65 | |
| 66 | // make sure it includes valid characters, alpha numeric and underscores |
| 67 | if (!preg_match('/^[\w]+$/i', $str)) { |
| 68 | return FALSE; |
| 69 | } |
| 70 | |
| 71 | return TRUE; |
| 72 | } |
| 73 | |
| 74 | /** |
| 75 | * Validate that a string is a valid MySQL column name or alias. |
| 76 | * |
| 77 | * @param string|null $str |
| 78 | * |
| 79 | * @return bool |
| 80 | */ |
| 81 | public static function mysqlColumnNameOrAlias($str) { |
| 82 | // Check not empty. |
| 83 | if (empty($str)) { |
| 84 | return FALSE; |
| 85 | } |
| 86 | |
| 87 | // Ensure $str conforms to expected format. Not a complete expression of |
| 88 | // what MySQL permits; this should permit the formats CiviCRM generates. |
| 89 | // |
| 90 | // * Table name prefix is optional. |
| 91 | // * Table & column names & aliases: |
| 92 | // * Composed of alphanumeric chars, underscore and hyphens. |
| 93 | // * Maximum length of 64 chars. |
| 94 | // * Optionally surrounded by backticks, in which case spaces also OK. |
| 95 | if (!preg_match('/^((`[-\w ]{1,64}`|[-\w]{1,64})\.)?(`[-\w ]{1,64}`|[-\w]{1,64})$/i', $str)) { |
| 96 | return FALSE; |
| 97 | } |
| 98 | |
| 99 | return TRUE; |
| 100 | } |
| 101 | |
| 102 | /** |
| 103 | * Validate that a string is ASC or DESC. |
| 104 | * |
| 105 | * Empty string should be treated as invalid and ignored => default = ASC. |
| 106 | * |
| 107 | * @param string $str |
| 108 | * @return bool |
| 109 | */ |
| 110 | public static function mysqlOrderByDirection($str) { |
| 111 | if (!preg_match('/^(asc|desc)$/i', $str)) { |
| 112 | return FALSE; |
| 113 | } |
| 114 | |
| 115 | return TRUE; |
| 116 | } |
| 117 | |
| 118 | /** |
| 119 | * Validate that a string is valid order by clause. |
| 120 | * |
| 121 | * @param string $str |
| 122 | * @return bool |
| 123 | */ |
| 124 | public static function mysqlOrderBy($str) { |
| 125 | $matches = []; |
| 126 | // Using the field function in order by is valid. |
| 127 | // Look for a string like field(contribution_status_id,3,4,6). |
| 128 | // or field(civicrm_contribution.contribution_status_id,3,4,6) |
| 129 | if (preg_match('/field\([a-z_.]+,[0-9,]+\)/', $str, $matches)) { |
| 130 | // We have checked these. Remove them as they will fail the next lot. |
| 131 | // Our check currently only permits numbers & no back ticks. If we get a |
| 132 | // need for strings or backticks we can add. |
| 133 | $str = str_replace($matches, '', $str); |
| 134 | } |
| 135 | $str = trim($str); |
| 136 | if (!empty($matches) && empty($str)) { |
| 137 | // nothing left to check after the field check. |
| 138 | return TRUE; |
| 139 | } |
| 140 | // Making a regex for a comma separated list is quite hard and not readable |
| 141 | // at all, so we split and loop over. |
| 142 | $parts = explode(',', $str); |
| 143 | foreach ($parts as $part) { |
| 144 | if (!preg_match('/^((`[\w-]{1,64}`|[\w-]{1,64})\.)*(`[\w-]{1,64}`|[\w-]{1,64})( (asc|desc))?$/i', trim($part))) { |
| 145 | return FALSE; |
| 146 | } |
| 147 | } |
| 148 | |
| 149 | return TRUE; |
| 150 | } |
| 151 | |
| 152 | /** |
| 153 | * @param string $str |
| 154 | * |
| 155 | * @return bool |
| 156 | */ |
| 157 | public static function qfVariable($str) { |
| 158 | // check length etc |
| 159 | //if ( empty( $str ) || strlen( $str ) > 31 ) { |
| 160 | if (strlen(trim($str)) == 0 || strlen($str) > 31) { |
| 161 | return FALSE; |
| 162 | } |
| 163 | |
| 164 | // make sure it includes valid characters, alpha numeric and underscores |
| 165 | // added (. and ,) option (CRM-1336) |
| 166 | if (!preg_match('/^[\w\s\.\,]+$/i', $str)) { |
| 167 | return FALSE; |
| 168 | } |
| 169 | |
| 170 | return TRUE; |
| 171 | } |
| 172 | |
| 173 | /** |
| 174 | * @param string|null $phone |
| 175 | * |
| 176 | * @return bool |
| 177 | */ |
| 178 | public static function phone($phone) { |
| 179 | // check length etc |
| 180 | if (empty($phone) || strlen($phone) > 16) { |
| 181 | return FALSE; |
| 182 | } |
| 183 | |
| 184 | // make sure it includes valid characters, (, \s and numeric |
| 185 | if (preg_match('/^[\d\(\)\-\.\s]+$/', $phone)) { |
| 186 | return TRUE; |
| 187 | } |
| 188 | return FALSE; |
| 189 | } |
| 190 | |
| 191 | /** |
| 192 | * @param string|null $query |
| 193 | * |
| 194 | * @return bool |
| 195 | */ |
| 196 | public static function query($query) { |
| 197 | // check length etc |
| 198 | if (empty($query) || strlen($query) < 3 || strlen($query) > 127) { |
| 199 | return FALSE; |
| 200 | } |
| 201 | |
| 202 | // make sure it includes valid characters, alpha numeric and underscores |
| 203 | if (!preg_match('/^[\w\s\%\'\&\,\$\#]+$/i', $query)) { |
| 204 | return FALSE; |
| 205 | } |
| 206 | |
| 207 | return TRUE; |
| 208 | } |
| 209 | |
| 210 | /** |
| 211 | * @param string|null $url |
| 212 | * |
| 213 | * @return bool |
| 214 | */ |
| 215 | public static function url($url) { |
| 216 | if (!$url) { |
| 217 | // If this is required then that should be checked elsewhere - here we are not assuming it is required. |
| 218 | return TRUE; |
| 219 | } |
| 220 | if (preg_match('/^\//', $url)) { |
| 221 | // allow relative URL's (CRM-15598) |
| 222 | $url = 'http://' . $_SERVER['HTTP_HOST'] . $url; |
| 223 | } |
| 224 | return (bool) filter_var($url, FILTER_VALIDATE_URL); |
| 225 | } |
| 226 | |
| 227 | /** |
| 228 | * @param string|null $url |
| 229 | * |
| 230 | * @return bool |
| 231 | */ |
| 232 | public static function urlish($url) { |
| 233 | if (empty($url)) { |
| 234 | return TRUE; |
| 235 | } |
| 236 | $url = Civi::paths()->getUrl($url, 'absolute'); |
| 237 | return (bool) filter_var($url, FILTER_VALIDATE_URL); |
| 238 | } |
| 239 | |
| 240 | /** |
| 241 | * @param string $string |
| 242 | * |
| 243 | * @return bool |
| 244 | */ |
| 245 | public static function wikiURL($string) { |
| 246 | $items = explode(' ', trim($string), 2); |
| 247 | return self::url($items[0]); |
| 248 | } |
| 249 | |
| 250 | /** |
| 251 | * @param string $domain |
| 252 | * |
| 253 | * @return bool |
| 254 | */ |
| 255 | public static function domain($domain) { |
| 256 | // not perfect, but better than the previous one; see CRM-1502 |
| 257 | if (!preg_match('/^[A-Za-z0-9]([A-Za-z0-9\.\-]*[A-Za-z0-9])?$/', $domain)) { |
| 258 | return FALSE; |
| 259 | } |
| 260 | return TRUE; |
| 261 | } |
| 262 | |
| 263 | /** |
| 264 | * @param string $value |
| 265 | * @param string|null $default |
| 266 | * |
| 267 | * @return string|null |
| 268 | */ |
| 269 | public static function date($value, $default = NULL) { |
| 270 | if (is_string($value) && |
| 271 | preg_match('/^\d\d\d\d-?\d\d-?\d\d$/', $value) |
| 272 | ) { |
| 273 | return $value; |
| 274 | } |
| 275 | return $default; |
| 276 | } |
| 277 | |
| 278 | /** |
| 279 | * @param string $value |
| 280 | * @param string|null $default |
| 281 | * |
| 282 | * @return string|null |
| 283 | */ |
| 284 | public static function dateTime($value, $default = NULL) { |
| 285 | $result = $default; |
| 286 | if (is_string($value) && |
| 287 | preg_match('/^\d\d\d\d-?\d\d-?\d\d(\s\d\d:\d\d(:\d\d)?|\d\d\d\d(\d\d)?)?$/', $value) |
| 288 | ) { |
| 289 | $result = $value; |
| 290 | } |
| 291 | |
| 292 | return $result; |
| 293 | } |
| 294 | |
| 295 | /** |
| 296 | * Check the validity of the date (in qf format) |
| 297 | * note that only a year is valid, or a mon-year is |
| 298 | * also valid in addition to day-mon-year. The date |
| 299 | * specified has to be beyond today. (i.e today or later) |
| 300 | * |
| 301 | * @param array $date |
| 302 | * @param bool $monthRequired |
| 303 | * Check whether month is mandatory. |
| 304 | * |
| 305 | * @return bool |
| 306 | * true if valid date |
| 307 | */ |
| 308 | public static function currentDate($date, $monthRequired = TRUE) { |
| 309 | $config = CRM_Core_Config::singleton(); |
| 310 | |
| 311 | $d = $date['d'] ?? NULL; |
| 312 | $m = $date['M'] ?? NULL; |
| 313 | $y = $date['Y'] ?? NULL; |
| 314 | |
| 315 | if (!$d && !$m && !$y) { |
| 316 | return TRUE; |
| 317 | } |
| 318 | |
| 319 | // CRM-9017 CiviContribute/CiviMember form with expiration date format 'm Y' |
| 320 | if (!$m && !empty($date['m'])) { |
| 321 | $m = $date['m'] ?? NULL; |
| 322 | } |
| 323 | |
| 324 | $day = $mon = 1; |
| 325 | $year = 0; |
| 326 | if ($d) { |
| 327 | $day = $d; |
| 328 | } |
| 329 | if ($m) { |
| 330 | $mon = $m; |
| 331 | } |
| 332 | if ($y) { |
| 333 | $year = $y; |
| 334 | } |
| 335 | |
| 336 | // if we have day we need mon, and if we have mon we need year |
| 337 | if (($d && !$m) || |
| 338 | ($d && !$y) || |
| 339 | ($m && !$y) |
| 340 | ) { |
| 341 | return FALSE; |
| 342 | } |
| 343 | |
| 344 | $result = FALSE; |
| 345 | if (!empty($day) || !empty($mon) || !empty($year)) { |
| 346 | $result = checkdate($mon, $day, $year); |
| 347 | } |
| 348 | |
| 349 | if (!$result) { |
| 350 | return FALSE; |
| 351 | } |
| 352 | |
| 353 | // ensure we have month if required |
| 354 | if ($monthRequired && !$m) { |
| 355 | return FALSE; |
| 356 | } |
| 357 | |
| 358 | // now make sure this date is greater that today |
| 359 | $currentDate = getdate(); |
| 360 | if ($year > $currentDate['year']) { |
| 361 | return TRUE; |
| 362 | } |
| 363 | elseif ($year < $currentDate['year']) { |
| 364 | return FALSE; |
| 365 | } |
| 366 | |
| 367 | if ($m) { |
| 368 | if ($mon > $currentDate['mon']) { |
| 369 | return TRUE; |
| 370 | } |
| 371 | elseif ($mon < $currentDate['mon']) { |
| 372 | return FALSE; |
| 373 | } |
| 374 | } |
| 375 | |
| 376 | if ($d) { |
| 377 | if ($day > $currentDate['mday']) { |
| 378 | return TRUE; |
| 379 | } |
| 380 | elseif ($day < $currentDate['mday']) { |
| 381 | return FALSE; |
| 382 | } |
| 383 | } |
| 384 | |
| 385 | return TRUE; |
| 386 | } |
| 387 | |
| 388 | /** |
| 389 | * Check the validity of a date or datetime (timestamp) |
| 390 | * value which is in YYYYMMDD or YYYYMMDDHHMMSS format |
| 391 | * |
| 392 | * Uses PHP checkdate() - params are ( int $month, int $day, int $year ) |
| 393 | * |
| 394 | * @param string $date |
| 395 | * |
| 396 | * @return bool |
| 397 | * true if valid date |
| 398 | */ |
| 399 | public static function mysqlDate($date) { |
| 400 | // allow date to be null |
| 401 | if ($date == NULL) { |
| 402 | return TRUE; |
| 403 | } |
| 404 | |
| 405 | if (checkdate(substr($date, 4, 2), substr($date, 6, 2), substr($date, 0, 4))) { |
| 406 | return TRUE; |
| 407 | } |
| 408 | |
| 409 | return FALSE; |
| 410 | } |
| 411 | |
| 412 | /** |
| 413 | * @param mixed $value |
| 414 | * |
| 415 | * @return bool |
| 416 | */ |
| 417 | public static function integer($value) { |
| 418 | if (is_int($value)) { |
| 419 | return TRUE; |
| 420 | } |
| 421 | |
| 422 | // CRM-13460 |
| 423 | // ensure number passed is always a string numeral |
| 424 | if (!is_numeric($value)) { |
| 425 | return FALSE; |
| 426 | } |
| 427 | |
| 428 | // note that is_int matches only integer type |
| 429 | // and not strings which are only integers |
| 430 | // hence we do this here |
| 431 | if (preg_match('/^\d+$/', $value)) { |
| 432 | return TRUE; |
| 433 | } |
| 434 | |
| 435 | if ($value < 0) { |
| 436 | $negValue = -1 * $value; |
| 437 | if (is_int($negValue)) { |
| 438 | return TRUE; |
| 439 | } |
| 440 | } |
| 441 | |
| 442 | return FALSE; |
| 443 | } |
| 444 | |
| 445 | /** |
| 446 | * @param mixed $value |
| 447 | * |
| 448 | * @return bool |
| 449 | */ |
| 450 | public static function positiveInteger($value) { |
| 451 | if (is_int($value)) { |
| 452 | return !($value < 0); |
| 453 | } |
| 454 | |
| 455 | // CRM-13460 |
| 456 | // ensure number passed is always a string numeral |
| 457 | if (!is_numeric($value)) { |
| 458 | return FALSE; |
| 459 | } |
| 460 | |
| 461 | return (bool) preg_match('/^\d+$/', $value); |
| 462 | } |
| 463 | |
| 464 | /** |
| 465 | * @param mixed $value |
| 466 | * |
| 467 | * @return bool |
| 468 | */ |
| 469 | public static function commaSeparatedIntegers($value) { |
| 470 | foreach (explode(',', $value) as $val) { |
| 471 | // Remove any Whitespace around the key. |
| 472 | $val = trim($val); |
| 473 | if (!self::positiveInteger($val)) { |
| 474 | return FALSE; |
| 475 | } |
| 476 | } |
| 477 | return TRUE; |
| 478 | } |
| 479 | |
| 480 | /** |
| 481 | * @param mixed $value |
| 482 | * |
| 483 | * @return bool |
| 484 | */ |
| 485 | public static function numeric($value) { |
| 486 | // lets use a php gatekeeper to ensure this is numeric |
| 487 | if (!is_numeric($value)) { |
| 488 | return FALSE; |
| 489 | } |
| 490 | |
| 491 | return (bool) preg_match('/(^-?\d\d*\.\d*$)|(^-?\d\d*$)|(^-?\.\d\d*$)/', $value); |
| 492 | } |
| 493 | |
| 494 | /** |
| 495 | * Test whether $value is alphanumeric. |
| 496 | * |
| 497 | * Underscores and dashes are also allowed! |
| 498 | * |
| 499 | * This is the type of string you could expect to see in URL parameters |
| 500 | * like `?mode=live` vs `?mode=test`. This function exists so that we can be |
| 501 | * strict about what we accept for such values, thus mitigating against |
| 502 | * potential security issues. |
| 503 | * |
| 504 | * @see \CRM_Utils_RuleTest::alphanumericData |
| 505 | * for examples of vales that give TRUE/FALSE here |
| 506 | * |
| 507 | * @param string $value |
| 508 | * |
| 509 | * @return bool |
| 510 | */ |
| 511 | public static function alphanumeric($value) { |
| 512 | return (bool) preg_match('/^[a-zA-Z0-9_-]*$/', $value); |
| 513 | } |
| 514 | |
| 515 | /** |
| 516 | * @param string $value |
| 517 | * @param int $noOfDigit |
| 518 | * |
| 519 | * @return bool |
| 520 | */ |
| 521 | public static function numberOfDigit($value, $noOfDigit) { |
| 522 | return (bool) preg_match('/^\d{' . $noOfDigit . '}$/', $value); |
| 523 | } |
| 524 | |
| 525 | /** |
| 526 | * Strict validation of 6-digit hex color notation per html5 <input type="color"> |
| 527 | * |
| 528 | * @param string $value |
| 529 | * @return bool |
| 530 | */ |
| 531 | public static function color($value) { |
| 532 | return (bool) preg_match('/^#([\da-fA-F]{6})$/', $value); |
| 533 | } |
| 534 | |
| 535 | /** |
| 536 | * Strip thousand separator from a money string. |
| 537 | * |
| 538 | * Note that this should be done at the form layer. Once we are processing |
| 539 | * money at the BAO or processor layer we should be working with something that |
| 540 | * is already in a normalised format. |
| 541 | * |
| 542 | * @param string $value |
| 543 | * |
| 544 | * @return string |
| 545 | */ |
| 546 | public static function cleanMoney($value) { |
| 547 | // first remove all white space |
| 548 | $value = str_replace([' ', "\t", "\n"], '', $value); |
| 549 | |
| 550 | $config = CRM_Core_Config::singleton(); |
| 551 | |
| 552 | //CRM-14868 |
| 553 | $currencySymbols = CRM_Core_PseudoConstant::get( |
| 554 | 'CRM_Contribute_DAO_Contribution', |
| 555 | 'currency', [ |
| 556 | 'keyColumn' => 'name', |
| 557 | 'labelColumn' => 'symbol', |
| 558 | ] |
| 559 | ); |
| 560 | $value = str_replace($currencySymbols, '', $value); |
| 561 | |
| 562 | if ($config->monetaryThousandSeparator) { |
| 563 | $mon_thousands_sep = $config->monetaryThousandSeparator; |
| 564 | } |
| 565 | else { |
| 566 | $mon_thousands_sep = ','; |
| 567 | } |
| 568 | |
| 569 | // ugly fix for CRM-6391: do not drop the thousand separator if |
| 570 | // it looks like it’s separating decimal part (because a given |
| 571 | // value undergoes a second cleanMoney() call, for example) |
| 572 | // CRM-15835 - in case the amount/value contains 0 after decimal |
| 573 | // eg 150.5 the following if condition will pass |
| 574 | if ($mon_thousands_sep != '.' or (substr($value, -3, 1) != '.' && substr($value, -2, 1) != '.')) { |
| 575 | $value = str_replace($mon_thousands_sep, '', $value); |
| 576 | } |
| 577 | |
| 578 | if ($config->monetaryDecimalPoint) { |
| 579 | $mon_decimal_point = $config->monetaryDecimalPoint; |
| 580 | } |
| 581 | else { |
| 582 | $mon_decimal_point = '.'; |
| 583 | } |
| 584 | $value = str_replace($mon_decimal_point, '.', $value); |
| 585 | |
| 586 | return $value; |
| 587 | } |
| 588 | |
| 589 | /** |
| 590 | * @param string $value |
| 591 | * |
| 592 | * @return bool |
| 593 | */ |
| 594 | public static function money($value) { |
| 595 | $value = self::cleanMoney($value); |
| 596 | |
| 597 | if (self::integer($value)) { |
| 598 | return TRUE; |
| 599 | } |
| 600 | |
| 601 | // Allow values such as -0, 1.024555, -.1 |
| 602 | // We need to support multiple decimal places here, not just the number allowed by locale |
| 603 | // otherwise tax calculations break when you want the inclusive amount to be a round number (eg. £10 inc. VAT requires 8.333333333 here). |
| 604 | return (bool) preg_match('/(^-?\d+\.?\d*$)|(^-?\.\d+$)/', $value); |
| 605 | } |
| 606 | |
| 607 | /** |
| 608 | * @param mixed $value |
| 609 | * @param int $maxLength |
| 610 | * |
| 611 | * @return bool |
| 612 | */ |
| 613 | public static function string($value, $maxLength = 0) { |
| 614 | if (is_string($value) && |
| 615 | ($maxLength === 0 || strlen($value) <= $maxLength) |
| 616 | ) { |
| 617 | return TRUE; |
| 618 | } |
| 619 | return FALSE; |
| 620 | } |
| 621 | |
| 622 | /** |
| 623 | * @param bool|string $value |
| 624 | * |
| 625 | * @return bool |
| 626 | */ |
| 627 | public static function boolean($value) { |
| 628 | if ($value === TRUE || $value === FALSE) { |
| 629 | return TRUE; |
| 630 | } |
| 631 | // This is intentionally not using === comparison - but will fail on FALSE. |
| 632 | return preg_match( |
| 633 | '/(^(1|0)$)|(^(Y(es)?|N(o)?)$)|(^(T(rue)?|F(alse)?)$)/i', $value |
| 634 | ) ? TRUE : FALSE; |
| 635 | } |
| 636 | |
| 637 | /** |
| 638 | * @param mixed $value |
| 639 | * |
| 640 | * @return bool |
| 641 | */ |
| 642 | public static function email($value): bool { |
| 643 | if (function_exists('idn_to_ascii')) { |
| 644 | $parts = explode('@', $value); |
| 645 | foreach ($parts as &$part) { |
| 646 | // if the function returns FALSE then let filter_var have at it. |
| 647 | $part = self::idnToAsci($part) ?: $part; |
| 648 | if ($part === 'localhost') { |
| 649 | // if we are in a dev environment add .com to trick it into accepting localhost. |
| 650 | // this is a bit best-effort - ie we don't really care that it's in a bigger if. |
| 651 | $part .= '.com'; |
| 652 | } |
| 653 | } |
| 654 | $value = implode('@', $parts); |
| 655 | } |
| 656 | return (bool) filter_var($value, FILTER_VALIDATE_EMAIL); |
| 657 | } |
| 658 | |
| 659 | /** |
| 660 | * Convert domain string to ascii. |
| 661 | * |
| 662 | * See https://lab.civicrm.org/dev/core/-/issues/2769 |
| 663 | * and also discussion over in guzzle land |
| 664 | * https://github.com/guzzle/guzzle/pull/2454 |
| 665 | * |
| 666 | * @param string $string |
| 667 | * |
| 668 | * @return string|false |
| 669 | */ |
| 670 | private static function idnToAsci(string $string) { |
| 671 | if (!\extension_loaded('intl')) { |
| 672 | return $string; |
| 673 | } |
| 674 | if (defined('INTL_IDNA_VARIANT_UTS46')) { |
| 675 | return idn_to_ascii($string, 0, INTL_IDNA_VARIANT_UTS46); |
| 676 | } |
| 677 | return idn_to_ascii($string); |
| 678 | } |
| 679 | |
| 680 | /** |
| 681 | * @param string $list |
| 682 | * |
| 683 | * @return bool |
| 684 | */ |
| 685 | public static function emailList($list) { |
| 686 | $emails = explode(',', $list); |
| 687 | foreach ($emails as $email) { |
| 688 | $email = trim($email); |
| 689 | if (!self::email($email)) { |
| 690 | return FALSE; |
| 691 | } |
| 692 | } |
| 693 | return TRUE; |
| 694 | } |
| 695 | |
| 696 | /** |
| 697 | * allow between 4-6 digits as postal code since india needs 6 and US needs 5 (or |
| 698 | * if u disregard the first 0, 4 (thanx excel!) |
| 699 | * FIXME: we need to figure out how to localize such rules |
| 700 | * @param string $value |
| 701 | * |
| 702 | * @return bool |
| 703 | */ |
| 704 | public static function postalCode($value) { |
| 705 | if (preg_match('/^\d{4,6}(-\d{4})?$/', $value)) { |
| 706 | return TRUE; |
| 707 | } |
| 708 | return FALSE; |
| 709 | } |
| 710 | |
| 711 | /** |
| 712 | * See how file rules are written in HTML/QuickForm/file.php |
| 713 | * Checks to make sure the uploaded file is ascii |
| 714 | * |
| 715 | * @param string $elementValue |
| 716 | * |
| 717 | * @return bool |
| 718 | * True if file has been uploaded, false otherwise |
| 719 | */ |
| 720 | public static function asciiFile($elementValue) { |
| 721 | if ((isset($elementValue['error']) && $elementValue['error'] == 0) || |
| 722 | (!empty($elementValue['tmp_name']) && $elementValue['tmp_name'] != 'none') |
| 723 | ) { |
| 724 | return CRM_Utils_File::isAscii($elementValue['tmp_name']); |
| 725 | } |
| 726 | return FALSE; |
| 727 | } |
| 728 | |
| 729 | /** |
| 730 | * Checks to make sure the uploaded file is in UTF-8, recodes if it's not |
| 731 | * |
| 732 | * @param array $elementValue |
| 733 | * |
| 734 | * @return bool |
| 735 | * Whether file has been uploaded properly and is now in UTF-8. |
| 736 | */ |
| 737 | public static function utf8File($elementValue) { |
| 738 | $success = FALSE; |
| 739 | |
| 740 | if ((isset($elementValue['error']) && $elementValue['error'] == 0) || |
| 741 | (!empty($elementValue['tmp_name']) && $elementValue['tmp_name'] != 'none') |
| 742 | ) { |
| 743 | |
| 744 | $success = CRM_Utils_File::isAscii($elementValue['tmp_name']); |
| 745 | |
| 746 | // if it's a file, but not UTF-8, let's try and recode it |
| 747 | // and then make sure it's an UTF-8 file in the end |
| 748 | if (!$success) { |
| 749 | $success = CRM_Utils_File::toUtf8($elementValue['tmp_name']); |
| 750 | if ($success) { |
| 751 | $success = CRM_Utils_File::isAscii($elementValue['tmp_name']); |
| 752 | } |
| 753 | } |
| 754 | } |
| 755 | return $success; |
| 756 | } |
| 757 | |
| 758 | /** |
| 759 | * Check if there is a record with the same name in the db. |
| 760 | * |
| 761 | * @param string $value |
| 762 | * The value of the field we are checking. |
| 763 | * @param array $options |
| 764 | * The daoName, fieldName (optional) and DomainID (optional). |
| 765 | * |
| 766 | * @return bool |
| 767 | * true if object exists |
| 768 | */ |
| 769 | public static function objectExists($value, $options) { |
| 770 | $name = 'name'; |
| 771 | if (isset($options[2])) { |
| 772 | $name = $options[2]; |
| 773 | } |
| 774 | |
| 775 | return CRM_Core_DAO::objectExists($value, CRM_Utils_Array::value(0, $options), CRM_Utils_Array::value(1, $options), CRM_Utils_Array::value(2, $options, $name), CRM_Utils_Array::value(3, $options)); |
| 776 | } |
| 777 | |
| 778 | /** |
| 779 | * @param $value |
| 780 | * @param $options |
| 781 | * |
| 782 | * @return bool |
| 783 | */ |
| 784 | public static function optionExists($value, $options) { |
| 785 | return CRM_Core_OptionValue::optionExists($value, $options[0], $options[1], $options[2], CRM_Utils_Array::value(3, $options, 'name'), CRM_Utils_Array::value(4, $options, FALSE)); |
| 786 | } |
| 787 | |
| 788 | /** |
| 789 | * @param string $value |
| 790 | * @param string $type |
| 791 | * |
| 792 | * @return bool |
| 793 | */ |
| 794 | public static function creditCardNumber($value, $type) { |
| 795 | return Validate_Finance_CreditCard::number($value, $type); |
| 796 | } |
| 797 | |
| 798 | /** |
| 799 | * @param string $value |
| 800 | * @param string $type |
| 801 | * |
| 802 | * @return bool |
| 803 | */ |
| 804 | public static function cvv($value, $type) { |
| 805 | return Validate_Finance_CreditCard::cvv($value, $type); |
| 806 | } |
| 807 | |
| 808 | /** |
| 809 | * @param mixed $value |
| 810 | * |
| 811 | * @return bool |
| 812 | */ |
| 813 | public static function currencyCode($value) { |
| 814 | static $currencyCodes = NULL; |
| 815 | if (!$currencyCodes) { |
| 816 | $currencyCodes = CRM_Core_PseudoConstant::currencyCode(); |
| 817 | } |
| 818 | if (in_array($value, $currencyCodes)) { |
| 819 | return TRUE; |
| 820 | } |
| 821 | return FALSE; |
| 822 | } |
| 823 | |
| 824 | /** |
| 825 | * Validate json string for xss |
| 826 | * |
| 827 | * @param string $value |
| 828 | * |
| 829 | * @return bool |
| 830 | * False if invalid, true if valid / safe. |
| 831 | */ |
| 832 | public static function json($value) { |
| 833 | $array = json_decode($value, TRUE); |
| 834 | if (!$array || !is_array($array)) { |
| 835 | return FALSE; |
| 836 | } |
| 837 | return self::arrayValue($array); |
| 838 | } |
| 839 | |
| 840 | /** |
| 841 | * @param string $path |
| 842 | * |
| 843 | * @return bool |
| 844 | */ |
| 845 | public static function fileExists($path) { |
| 846 | return file_exists($path); |
| 847 | } |
| 848 | |
| 849 | /** |
| 850 | * Determine whether the value contains a valid reference to a directory. |
| 851 | * |
| 852 | * Paths stored in the setting system may be absolute -- or may be |
| 853 | * relative to the default data directory. |
| 854 | * |
| 855 | * @param string $path |
| 856 | * @return bool |
| 857 | */ |
| 858 | public static function settingPath($path) { |
| 859 | return is_dir(Civi::paths()->getPath($path)); |
| 860 | } |
| 861 | |
| 862 | /** |
| 863 | * @param mixed $value |
| 864 | * @param mixed $actualElementValue |
| 865 | * |
| 866 | * @return bool |
| 867 | */ |
| 868 | public static function validContact($value, $actualElementValue = NULL) { |
| 869 | if ($actualElementValue) { |
| 870 | $value = $actualElementValue; |
| 871 | } |
| 872 | |
| 873 | return CRM_Utils_Rule::positiveInteger($value); |
| 874 | } |
| 875 | |
| 876 | /** |
| 877 | * Check the validity of the date (in qf format) |
| 878 | * note that only a year is valid, or a mon-year is |
| 879 | * also valid in addition to day-mon-year |
| 880 | * |
| 881 | * @param array $date |
| 882 | * |
| 883 | * @return bool |
| 884 | * true if valid date |
| 885 | */ |
| 886 | public static function qfDate($date) { |
| 887 | $config = CRM_Core_Config::singleton(); |
| 888 | |
| 889 | $d = $date['d'] ?? NULL; |
| 890 | $m = $date['M'] ?? NULL; |
| 891 | $y = $date['Y'] ?? NULL; |
| 892 | if (isset($date['h']) || |
| 893 | isset($date['g']) |
| 894 | ) { |
| 895 | $m = $date['M'] ?? NULL; |
| 896 | } |
| 897 | |
| 898 | if (!$d && !$m && !$y) { |
| 899 | return TRUE; |
| 900 | } |
| 901 | |
| 902 | $day = $mon = 1; |
| 903 | $year = 0; |
| 904 | if ($d) { |
| 905 | $day = $d; |
| 906 | } |
| 907 | if ($m) { |
| 908 | $mon = $m; |
| 909 | } |
| 910 | if ($y) { |
| 911 | $year = $y; |
| 912 | } |
| 913 | |
| 914 | // if we have day we need mon, and if we have mon we need year |
| 915 | if (($d && !$m) || |
| 916 | ($d && !$y) || |
| 917 | ($m && !$y) |
| 918 | ) { |
| 919 | return FALSE; |
| 920 | } |
| 921 | |
| 922 | if (!empty($day) || !empty($mon) || !empty($year)) { |
| 923 | return checkdate($mon, $day, $year); |
| 924 | } |
| 925 | return FALSE; |
| 926 | } |
| 927 | |
| 928 | /** |
| 929 | * @param mixed $key |
| 930 | * |
| 931 | * @return bool |
| 932 | */ |
| 933 | public static function qfKey($key) { |
| 934 | return ($key) ? CRM_Core_Key::valid($key) : FALSE; |
| 935 | } |
| 936 | |
| 937 | /** |
| 938 | * Check if the values in the date range are in correct chronological order. |
| 939 | * |
| 940 | * @param array $fields |
| 941 | * Fields of the form. |
| 942 | * @param $fieldName |
| 943 | * Name of date range field. |
| 944 | * @param $errors |
| 945 | * The error array. |
| 946 | * @param $title |
| 947 | * Title of the date range to be displayed in the error message. |
| 948 | */ |
| 949 | public static function validDateRange($fields, $fieldName, &$errors, $title) { |
| 950 | $lowDate = strtotime($fields[$fieldName . '_low']); |
| 951 | $highDate = strtotime($fields[$fieldName . '_high']); |
| 952 | |
| 953 | if ($lowDate > $highDate) { |
| 954 | $errors[$fieldName . '_range_error'] = ts('%1: Please check that your date range is in correct chronological order.', [1 => $title]); |
| 955 | } |
| 956 | } |
| 957 | |
| 958 | /** |
| 959 | * @param string $key Extension Key to check |
| 960 | * @return bool |
| 961 | */ |
| 962 | public static function checkExtensionKeyIsValid($key = NULL) { |
| 963 | if (!empty($key) && !preg_match('/^[0-9a-zA-Z._-]+$/', $key)) { |
| 964 | return FALSE; |
| 965 | } |
| 966 | return TRUE; |
| 967 | } |
| 968 | |
| 969 | /** |
| 970 | * Validate array recursively checking keys and values. |
| 971 | * |
| 972 | * @param array $array |
| 973 | * @return bool |
| 974 | */ |
| 975 | protected static function arrayValue($array) { |
| 976 | foreach ($array as $key => $item) { |
| 977 | if (is_array($item)) { |
| 978 | if (!self::arrayValue($item)) { |
| 979 | return FALSE; |
| 980 | } |
| 981 | } |
| 982 | } |
| 983 | return TRUE; |
| 984 | } |
| 985 | |
| 986 | } |