mirror of
https://github.com/processwire/processwire.git
synced 2025-08-12 17:54:44 +02:00
Add $sanitizer->selectorValueAdvanced() method for sanitizing selector values using the advanced text search operator #=, per processwire/processwire-issues#1395
This commit is contained in:
Ryan Cramer
@@ -288,6 +288,7 @@ class Sanitizer extends Wire {
|
|||||||
'sanitize' => 'm',
|
'sanitize' => 'm',
|
||||||
'selectorField' => 's',
|
'selectorField' => 's',
|
||||||
'selectorValue' => 's',
|
'selectorValue' => 's',
|
||||||
|
'selectorValueAdvanced' => 's',
|
||||||
'snakeCase' => 's',
|
'snakeCase' => 's',
|
||||||
'string' => 's',
|
'string' => 's',
|
||||||
'templateName' => 's',
|
'templateName' => 's',
|
||||||
@@ -2140,6 +2141,35 @@ class Sanitizer extends Wire {
|
|||||||
return $version > 1 ? $this->selectorValueV2($value, $options) : $this->selectorValueV1($value, $options);
|
return $version > 1 ? $this->selectorValueV2($value, $options) : $this->selectorValueV1($value, $options);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sanitize selector value for advanced text search operator (#=)
|
||||||
|
*
|
||||||
|
* The [advanced text search operator](https://processwire.com/docs/selectors/operators/#contains-advanced)
|
||||||
|
* `#=` supports some characters that are typically excluded from selector values, so this method enables
|
||||||
|
* you to prepare a selector value for use with it. This method should not be used for sanitizing any other
|
||||||
|
* kinds of selector values.
|
||||||
|
*
|
||||||
|
* Characters that have meaning to the advanced text search operator include `+-*()"` and thus their
|
||||||
|
* appearance in the `$value` argument is assumed to be a command rather than text to search for. Though
|
||||||
|
* note that non-matching double quotes or parenthesis are removed.
|
||||||
|
*
|
||||||
|
* *Note: If double quotes are used in your selector value, this method will convert them to matching
|
||||||
|
* parenthesis, i.e. `+"phrase"` gets converted to `+(phrase)`.*
|
||||||
|
*
|
||||||
|
* @param string|array $value
|
||||||
|
* @param array $options See options for Sanitizer::selectorValue() method
|
||||||
|
* @return bool|mixed|string
|
||||||
|
* @since 3.0.182
|
||||||
|
* @see Sanitizer::selectorValue()
|
||||||
|
* @see https://processwire.com/docs/selectors/operators/#contains-advanced
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
public function selectorValueAdvanced($value, array $options = array()) {
|
||||||
|
$options['operator'] = '#=';
|
||||||
|
return $this->selectorValueV2($value, $options);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Wrapper for selectorValueV2() when it receives an array
|
* Wrapper for selectorValueV2() when it receives an array
|
||||||
*
|
*
|
||||||
@@ -2214,12 +2244,14 @@ class Sanitizer extends Wire {
|
|||||||
$options = array_merge($defaults, $options);
|
$options = array_merge($defaults, $options);
|
||||||
$useQuotes = $options['useQuotes'];
|
$useQuotes = $options['useQuotes'];
|
||||||
$hadQuotes = false;
|
$hadQuotes = false;
|
||||||
|
$needsQuotes = false;
|
||||||
$maxLength = $options['maxLength'];
|
$maxLength = $options['maxLength'];
|
||||||
$maxBytes = $options['maxBytes'];
|
$maxBytes = $options['maxBytes'];
|
||||||
$emptyValue = $options['emptyValue'];
|
$emptyValue = $options['emptyValue'];
|
||||||
$blacklist = $options['blacklist'];
|
$blacklist = $options['blacklist'];
|
||||||
$quotelist = $options['quotelist'];
|
$quotelist = $options['quotelist'];
|
||||||
$op = $options['operator'];
|
$op = $options['operator'];
|
||||||
|
$trims = '+,'; // non-whitespace chars to trim from beginning and end
|
||||||
|
|
||||||
if($emptyValue === '' && $options['quoteEmpty']) $emptyValue = '""';
|
if($emptyValue === '' && $options['quoteEmpty']) $emptyValue = '""';
|
||||||
|
|
||||||
@@ -2228,10 +2260,29 @@ class Sanitizer extends Wire {
|
|||||||
$blacklist[] = '@'; // @ not supported by fulltext match/against in InnoDB
|
$blacklist[] = '@'; // @ not supported by fulltext match/against in InnoDB
|
||||||
if($op === '#=') {
|
if($op === '#=') {
|
||||||
// advanced search operator allows command characters
|
// advanced search operator allows command characters
|
||||||
foreach(array('*', '+', '(', ')', '"') as $c) {
|
foreach(array('*', '+', '(', ')') as $c) {
|
||||||
$k = array_search($c, $blacklist);
|
$k = array_search($c, $blacklist);
|
||||||
if($k !== false) unset($blacklist[$k]);
|
if($k !== false) unset($blacklist[$k]);
|
||||||
|
$trims = str_replace($c, '', $trims);
|
||||||
}
|
}
|
||||||
|
$value = trim($value);
|
||||||
|
if(strpos($value, '+') === 0 || strpos($value, '-') === 0) $needsQuotes = true;
|
||||||
|
if(strpos($value, '(') !== false || strpos($value, ')') !== false) {
|
||||||
|
// if there aren't matching quantities of open/close parens then remove them
|
||||||
|
if(substr_count($value, '(') !== substr_count($value, ')')) {
|
||||||
|
$value = str_replace(array('(', ')'), ' ', $value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(strpos($value, '"') !== false) {
|
||||||
|
if(substr_count($value, '"') % 2 === 0) {
|
||||||
|
// equal number of quotes, convert to parenthesis
|
||||||
|
$value = preg_replace('/"([^"]+)"/s', '($1)', $value);
|
||||||
|
$needsQuotes = true;
|
||||||
|
}
|
||||||
|
// remove any remaining/unmatched quotes
|
||||||
|
$value = str_replace('"', ' ', $value);
|
||||||
|
}
|
||||||
|
if(!$needsQuotes && strpos($value, '(') !== false) $needsQuotes = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2259,7 +2310,7 @@ class Sanitizer extends Wire {
|
|||||||
$value = trim($value);
|
$value = trim($value);
|
||||||
if(!strlen($value)) return $emptyValue;
|
if(!strlen($value)) return $emptyValue;
|
||||||
|
|
||||||
// remove other types of whtiespace
|
// remove other types of whitespace
|
||||||
$whitespace = $this->getWhitespaceArray(false);
|
$whitespace = $this->getWhitespaceArray(false);
|
||||||
$value = trim(str_replace($whitespace, ($options['allowSpace'] ? ' ' : ''), $value));
|
$value = trim(str_replace($whitespace, ($options['allowSpace'] ? ' ' : ''), $value));
|
||||||
if(!strlen($value)) return $emptyValue;
|
if(!strlen($value)) return $emptyValue;
|
||||||
@@ -2322,7 +2373,8 @@ class Sanitizer extends Wire {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$value = trim($value); // trim any kind of whitespace
|
$value = trim($value); // trim any kind of whitespace
|
||||||
$value = trim($value, '+, '); // chars to remove from begin and end
|
$value = trim($value, $trims); // chars to remove from begin and end
|
||||||
|
$value = trim($value); // in case whitespace introduced by above
|
||||||
|
|
||||||
// RETURN NOW if quotes are disallowed or value is empty
|
// RETURN NOW if quotes are disallowed or value is empty
|
||||||
if(!strlen($value)) return $emptyValue;
|
if(!strlen($value)) return $emptyValue;
|
||||||
@@ -2331,7 +2383,7 @@ class Sanitizer extends Wire {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// if value started quoted, we keep it quoted, otherwise we determine if it needs them
|
// if value started quoted, we keep it quoted, otherwise we determine if it needs them
|
||||||
$needsQuotes = $hadQuotes ? true : false;
|
if(!$needsQuotes) $needsQuotes = $hadQuotes ? true : false;
|
||||||
|
|
||||||
if(!$needsQuotes) {
|
if(!$needsQuotes) {
|
||||||
// see if any always-quote character triggers are present
|
// see if any always-quote character triggers are present
|
||||||
|
|||||||
Reference in New Issue
Block a user