From 888ed072c00b7b750826c27c7b751dd487a7960f Mon Sep 17 00:00:00 2001 From: Philipp Memmel Date: Wed, 28 Dec 2022 19:29:26 +0100 Subject: [PATCH] MDL-76525 mod_data: Add param validation for data fields --- mod/data/field.php | 12 +++++++++ mod/data/field/picture/field.class.php | 25 ++++++++++++++++++- .../picture/lang/en/datafield_picture.php | 4 +++ mod/data/field/picture/mod.html | 8 +++--- mod/data/lib.php | 13 ++++++++++ mod/data/upgrade.txt | 4 +++ 6 files changed, 61 insertions(+), 5 deletions(-) diff --git a/mod/data/field.php b/mod/data/field.php index 9917410aa25..7f8d2a710a4 100644 --- a/mod/data/field.php +++ b/mod/data/field.php @@ -134,6 +134,13 @@ switch ($mode) { $type = required_param('type', PARAM_FILE); $field = data_get_field_new($type, $data); + if (!empty($validationerrors = $field->validate($fieldinput))) { + $displaynoticebad = html_writer::alist($validationerrors); + $mode = 'new'; + $newtype = $type; + break; + } + $field->define_field($fieldinput); $field->insert_field(); @@ -161,6 +168,11 @@ switch ($mode) { /// Create a field object to collect and store the data safely $field = data_get_field_from_id($fid, $data); + if (!empty($validationerrors = $field->validate($fieldinput))) { + $displaynoticebad = html_writer::alist($validationerrors); + $mode = 'display'; + break; + } $oldfieldname = $field->field->name; $field->field->name = $fieldinput->name; diff --git a/mod/data/field/picture/field.class.php b/mod/data/field/picture/field.class.php index afd8749cae3..877f0fb9c01 100644 --- a/mod/data/field/picture/field.class.php +++ b/mod/data/field/picture/field.class.php @@ -137,6 +137,29 @@ class data_field_picture extends data_field_base { return $str; } + /** + * Validate the image field type parameters. + * + * This will check for valid numeric values in the width and height fields. + * + * @param stdClass $fieldinput the field input data + * @return array array of error messages if width or height parameters are not numeric + * @throws coding_exception + */ + public function validate(stdClass $fieldinput): array { + $errors = []; + // These are the params we have to check if they are numeric, because they represent width and height of the image + // in single and list view. + $widthandheightparams = ['param1', 'param2', 'param4', 'param5']; + + foreach ($widthandheightparams as $param) { + if (!empty($fieldinput->$param) && !is_numeric($fieldinput->$param)) { + $errors[$param] = get_string('error_invalid' . $param, 'datafield_picture'); + } + } + return $errors; + } + // TODO delete this function and instead subclass data_field_file - see MDL-16493 function get_file($recordid, $content=null) { @@ -317,7 +340,7 @@ class data_field_picture extends data_field_base { 'filename'=>'thumb_'.$file->get_filename(), 'userid'=>$file->get_userid()); try { // this may fail for various reasons - $fs->convert_image($file_record, $file, $this->field->param4, $this->field->param5, true); + $fs->convert_image($file_record, $file, (int) $this->field->param4, (int) $this->field->param5, true); return true; } catch (Exception $e) { debugging($e->getMessage()); diff --git a/mod/data/field/picture/lang/en/datafield_picture.php b/mod/data/field/picture/lang/en/datafield_picture.php index f5656e116ef..a10aeebf5ad 100644 --- a/mod/data/field/picture/lang/en/datafield_picture.php +++ b/mod/data/field/picture/lang/en/datafield_picture.php @@ -26,5 +26,9 @@ $string['pluginname'] = 'Image'; $string['fieldtypelabel'] = 'Image'; +$string['error_invalidparam1'] = 'Width in single view needs to be a numeric value.'; +$string['error_invalidparam2'] = 'Height in single view needs to be a numeric value.'; +$string['error_invalidparam4'] = 'Width in list view needs to be a numeric value.'; +$string['error_invalidparam5'] = 'Height in list view needs to be a numeric value.'; $string['privacy:metadata'] = 'The Image field component doesn\'t store any personal data; it uses tables defined in mod_data.'; $string['sample'] = 'Image description placeholder'; diff --git a/mod/data/field/picture/mod.html b/mod/data/field/picture/mod.html index c00897676d8..127a4dfb705 100644 --- a/mod/data/field/picture/mod.html +++ b/mod/data/field/picture/mod.html @@ -20,27 +20,27 @@ - + - + - + - + diff --git a/mod/data/lib.php b/mod/data/lib.php index ff9a9809387..355483a30f7 100644 --- a/mod/data/lib.php +++ b/mod/data/lib.php @@ -451,6 +451,19 @@ class data_field_base { // Base class for Database Field Types (see field/*/ echo $OUTPUT->box_end(); } + /** + * Validates params of fieldinput data. Overwrite to validate fieldtype specific data. + * + * You are expected to return an array like ['paramname' => 'Error message for paramname param'] if there is an error, + * return an empty array if everything is fine. + * + * @param stdClass $fieldinput The field input data to check + * @return array $errors if empty validation was fine, otherwise contains one or more error messages + */ + public function validate(stdClass $fieldinput): array { + return []; + } + /** * Return the data_content of the field, or generate it if it is in preview mode. * diff --git a/mod/data/upgrade.txt b/mod/data/upgrade.txt index 5bbe80a5575..5b8f8a97929 100644 --- a/mod/data/upgrade.txt +++ b/mod/data/upgrade.txt @@ -1,6 +1,10 @@ This files describes API changes in /mod/data - plugins, information provided here is intended especially for developers. +== 4.1.2 == +* The field base class now has a method validate(). Overwrite it in the field type to provide validation of field type's + parameters in the field add/modify form. + === 4.1 === * The method data_view is now deprecated. Use $maganer->set_module_viewed instead. * The data_print_template function is now deprecated and replaced by mod_data\template class.