A lot of code cleanup and code sanitation done.
This commit is contained in:
@@ -6,8 +6,8 @@ use JetBrains\PhpStorm\NoReturn;
|
||||
|
||||
class API
|
||||
{
|
||||
public $conn;
|
||||
public $pdo;
|
||||
public mixed $conn;
|
||||
public mixed $pdo;
|
||||
|
||||
# The user uuid that requested the API
|
||||
protected $user_uuid;
|
||||
@@ -21,7 +21,7 @@ class API
|
||||
protected $content_type;
|
||||
|
||||
# The original posted data to the API, this data is NOT sanitized and validated, never use this data for queries!
|
||||
public $postedData;
|
||||
public mixed $postedData;
|
||||
|
||||
# The validated and sanitized data can be uses for the API actions
|
||||
public $data;
|
||||
@@ -32,7 +32,7 @@ class API
|
||||
# The return url that the frontend request will forward to after the api call is done. if set to false it will only output
|
||||
# the json response with an http code. API calls always respond with json. $return_url can be set to supply the form with an input
|
||||
# with the name _return and value of the url to return to.
|
||||
public $return_url;
|
||||
public mixed $return_url;
|
||||
|
||||
# Used for the query builder base
|
||||
public $baseQuery = false;
|
||||
@@ -46,8 +46,8 @@ class API
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/db_connect.php';
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Functions/globalFunctions.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/db_connect.php";
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/Functions/globalFunctions.php";
|
||||
|
||||
# Setup Database connection
|
||||
$this->conn = $GLOBALS['conn'];
|
||||
@@ -100,7 +100,7 @@ class API
|
||||
|
||||
}
|
||||
|
||||
private function InitUserTypeFrontend()
|
||||
private function InitUserTypeFrontend(): void
|
||||
{
|
||||
$this->user_uuid = $_SESSION['user']['user_uuid'];
|
||||
$this->user_type = 'frontend';
|
||||
@@ -265,8 +265,11 @@ class API
|
||||
{
|
||||
switch ($rules['type']) {
|
||||
case 'string':
|
||||
case 'password':
|
||||
case 'html':
|
||||
if (!is_string($value)) return false;
|
||||
return $this->isValidLength($value, $rules);
|
||||
|
||||
case 'slugify':
|
||||
if (!is_string($value) || !preg_match('/^[a-z0-9]+(-[a-z0-9]+)*$/', $value)) return false;
|
||||
return $this->isValidLength($value, $rules);
|
||||
@@ -290,14 +293,6 @@ class API
|
||||
if (!filter_var($value, FILTER_VALIDATE_EMAIL)) return false;
|
||||
return $this->isValidLength($value, $rules);
|
||||
|
||||
case 'password':
|
||||
if (!is_string($value)) return false;
|
||||
return $this->isValidLength($value, $rules);
|
||||
|
||||
case 'html':
|
||||
if (!is_string($value)) return false;
|
||||
return $this->isValidLength($value, $rules);
|
||||
|
||||
case 'int':
|
||||
if (!is_int($value) && !ctype_digit($value)) return false;
|
||||
$value = (int)$value;
|
||||
|
||||
Reference in New Issue
Block a user