+--------------------------------------------------------------------+
| CiviCRM version 4.7 |
+--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2015 |
+ | Copyright CiviCRM LLC (c) 2004-2016 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
/**
*
* @package CRM
- * @copyright CiviCRM LLC (c) 2004-2015
+ * @copyright CiviCRM LLC (c) 2004-2016
*/
require_once 'HTML/QuickForm/Rule/Email.php';
return TRUE;
}
+ /**
+ * Validate an acceptable column name for sorting results.
+ *
+ * @param $str
+ *
+ * @return bool
+ */
+ public static function mysqlColumnName($str) {
+ // Check not empty.
+ if (empty($str)) {
+ return FALSE;
+ }
+
+ // Ensure it only contains valid characters (alphanumeric and underscores).
+ //
+ // MySQL permits column names that don't match this (eg containing spaces),
+ // but CiviCRM won't create those ...
+ if (!preg_match('/^\w{1,64}(\.\w{1,64})?$/i', $str)) {
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+ /**
+ * Validate that a string is ASC or DESC.
+ *
+ * Empty string should be treated as invalid and ignored => default = ASC.
+ *
+ * @param $str
+ * @return bool
+ */
+ public static function mysqlOrderByDirection($str) {
+ if (!preg_match('/^(asc|desc)$/i', $str)) {
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+ /**
+ * Validate that a string is valid order by clause.
+ *
+ * @param $str
+ * @return bool
+ */
+ public static function mysqlOrderBy($str) {
+ // Making a regex for a comma separated list is quite hard and not readable
+ // at all, so we split and loop over.
+ $parts = explode(',', $str);
+ foreach ($parts as $part) {
+ if (!preg_match('/^((\w{1,64})((\.)(\w{1,64}))?( (asc|desc))?)$/i', trim($part))) {
+ return FALSE;
+ }
+ }
+
+ return TRUE;
+ }
+
/**
* @param $str
*
* @param string $value
* The value of the field we are checking.
* @param array $options
- * The daoName and fieldName (optional ).
+ * The daoName, fieldName (optional) and DomainID (optional).
*
* @return bool
* true if object exists
$name = $options[2];
}
- return CRM_Core_DAO::objectExists($value, CRM_Utils_Array::value(0, $options), CRM_Utils_Array::value(1, $options), CRM_Utils_Array::value(2, $options, $name));
+ return CRM_Core_DAO::objectExists($value, CRM_Utils_Array::value(0, $options), CRM_Utils_Array::value(1, $options), CRM_Utils_Array::value(2, $options, $name), CRM_Utils_Array::value(3, $options));
}
/**