MDL-76525 mod_data: Add param validation for data fields

2025-01-31 20:53:53 +01:00 · 2022-12-28 19:29:26 +01:00 · 2022-12-28 19:29:26 +01:00 · 888ed072c0
commit 888ed072c0
parent 4b69c11978
6 changed files with 61 additions and 5 deletions
--- a/mod/data/field.php
+++ b/mod/data/field.php
@ -134,6 +134,13 @@ switch ($mode) {
                $type = required_param('type', PARAM_FILE);
                $field = data_get_field_new($type, $data);

+                if (!empty($validationerrors = $field->validate($fieldinput))) {
+                    $displaynoticebad = html_writer::alist($validationerrors);
+                    $mode = 'new';
+                    $newtype = $type;
+                    break;
+                }
+
                $field->define_field($fieldinput);
                $field->insert_field();

@ -161,6 +168,11 @@ switch ($mode) {

            /// Create a field object to collect and store the data safely
                $field = data_get_field_from_id($fid, $data);
+                if (!empty($validationerrors = $field->validate($fieldinput))) {
+                    $displaynoticebad = html_writer::alist($validationerrors);
+                    $mode = 'display';
+                    break;
+                }
                $oldfieldname = $field->field->name;

                $field->field->name = $fieldinput->name;
--- a/mod/data/field/picture/field.class.php
+++ b/mod/data/field/picture/field.class.php
@ -137,6 +137,29 @@ class data_field_picture extends data_field_base {
        return $str;
    }

+    /**
+     * Validate the image field type parameters.
+     *
+     * This will check for valid numeric values in the width and height fields.
+     *
+     * @param stdClass $fieldinput the field input data
+     * @return array array of error messages if width or height parameters are not numeric
+     * @throws coding_exception
+     */
+    public function validate(stdClass $fieldinput): array {
+        $errors = [];
+        // These are the params we have to check if they are numeric, because they represent width and height of the image
+        // in single and list view.
+        $widthandheightparams = ['param1', 'param2', 'param4', 'param5'];
+
+        foreach ($widthandheightparams as $param) {
+            if (!empty($fieldinput->$param) && !is_numeric($fieldinput->$param)) {
+                $errors[$param] = get_string('error_invalid' . $param, 'datafield_picture');
+            }
+        }
+        return $errors;
+    }
+
    // TODO delete this function and instead subclass data_field_file - see MDL-16493

    function get_file($recordid, $content=null) {
@ -317,7 +340,7 @@ class data_field_picture extends data_field_base {
                             'filename'=>'thumb_'.$file->get_filename(), 'userid'=>$file->get_userid());
        try {
            // this may fail for various reasons
-            $fs->convert_image($file_record, $file, $this->field->param4, $this->field->param5, true);
+            $fs->convert_image($file_record, $file, (int) $this->field->param4, (int) $this->field->param5, true);
            return true;
        } catch (Exception $e) {
            debugging($e->getMessage());
--- a/mod/data/field/picture/lang/en/datafield_picture.php
+++ b/mod/data/field/picture/lang/en/datafield_picture.php
@ -26,5 +26,9 @@

 $string['pluginname'] = 'Image';
 $string['fieldtypelabel'] = 'Image';
+$string['error_invalidparam1'] = 'Width in single view needs to be a numeric value.';
+$string['error_invalidparam2'] = 'Height in single view needs to be a numeric value.';
+$string['error_invalidparam4'] = 'Width in list view needs to be a numeric value.';
+$string['error_invalidparam5'] = 'Height in list view needs to be a numeric value.';
 $string['privacy:metadata'] = 'The Image field component doesn\'t store any personal data; it uses tables defined in mod_data.';
 $string['sample'] = 'Image description placeholder';
--- a/mod/data/field/picture/mod.html
+++ b/mod/data/field/picture/mod.html
@ -20,27 +20,27 @@
        <td class="c0"><label for="param1">
            <?php echo get_string('fieldwidthsingleview', 'data');?></label></td>
        <td class="c1">
-            <input class="picturefieldsize" type="text" name="param1" id="param1" value="<?php if (!empty($this->field->param1)) p($this->field->param1); ?>" />
+            <input class="picturefieldsize" type="number" name="param1" id="param1" value="<?php if (!empty($this->field->param1)) p($this->field->param1); ?>" />
        </td>
    </tr>
    <tr>
        <td class="c0"><label for="param2">
            <?php echo get_string('fieldheightsingleview', 'data');?></label></td>
        <td class="c1">
-            <input class="picturefieldsize" type="text" name="param2" id="param2" value="<?php if (!empty($this->field->param2)) p($this->field->param2); ?>" />
+            <input class="picturefieldsize" type="number" name="param2" id="param2" value="<?php if (!empty($this->field->param2)) p($this->field->param2); ?>" />
        </td>
    </tr>
    <tr>
        <td class="c0"><label for="param4">
            <?php echo get_string('fieldwidthlistview', 'data');?></label></td>
-        <td class="c1"><input class="picturefieldsize" type="text" name="param4" id="param4" value="<?php if (!empty($this->field->param4)) p($this->field->param4); ?>" />
+        <td class="c1"><input class="picturefieldsize" type="number" name="param4" id="param4" value="<?php if (!empty($this->field->param4)) p($this->field->param4); ?>" />
        </td>
    </tr>
    <tr>
        <td class="c0"><label for="param5">
            <?php echo get_string('fieldheightlistview', 'data');?></label></td>
        <td class="c1">
-            <input class="picturefieldsize" type="text" name="param5" id="param5" value="<?php if (!empty($this->field->param5)) p($this->field->param5); ?>" />
+            <input class="picturefieldsize" type="number" name="param5" id="param5" value="<?php if (!empty($this->field->param5)) p($this->field->param5); ?>" />
        </td>
    </tr>
    <tr>
--- a/mod/data/lib.php
+++ b/mod/data/lib.php
@ -451,6 +451,19 @@ class data_field_base {     // Base class for Database Field Types (see field/*/
        echo $OUTPUT->box_end();
    }

+    /**
+     * Validates params of fieldinput data. Overwrite to validate fieldtype specific data.
+     *
+     * You are expected to return an array like ['paramname' => 'Error message for paramname param'] if there is an error,
+     * return an empty array if everything is fine.
+     *
+     * @param stdClass $fieldinput The field input data to check
+     * @return array $errors if empty validation was fine, otherwise contains one or more error messages
+     */
+    public function validate(stdClass $fieldinput): array {
+        return [];
+    }
+
    /**
     * Return the data_content of the field, or generate it if it is in preview mode.
     *
--- a/mod/data/upgrade.txt
+++ b/mod/data/upgrade.txt
@ -1,6 +1,10 @@
 This files describes API changes in /mod/data - plugins,
 information provided here is intended especially for developers.

+== 4.1.2 ==
+* The field base class now has a method validate(). Overwrite it in the field type to provide validation of field type's
+  parameters in the field add/modify form.
+
 === 4.1 ===
 * The method data_view is now deprecated. Use $maganer->set_module_viewed instead.
 * The data_print_template function is now deprecated and replaced by mod_data\template class.