Skip to content

Commit c64d996

Browse files
apps-caragaapps-caraga
authored
Update DbAuthMiddleware.php
Changes $usernamePattern - defaults to /^\p{L}+$/u , visible characters, no punctuation, unicode mode $usernameMaxLength - defaults to 255 changed validation of other inputs from filter_validate() to htmlspecialchars() fixed typos missing and extra $
1 parent 372e36f commit c64d996

File tree

1 file changed

+5
-6
lines changed

1 file changed

+5
-6
lines changed

src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -71,9 +71,9 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
7171
$usernameColumnName = $this->getProperty('usernameColumn', 'username');
7272
$usernameColumn = $table->getColumn($usernameColumnName);
7373
$passwordColumnName = $this->getProperty('passwordColumn', 'password');
74-
$usernamePattern = $this->getProperty('usernamePattern','/^[A-Za-z0-9]+$/'); // specify regex pattern for username, defaults to alphanumeric characters
74+
$usernamePattern = $this->getProperty('usernamePattern', '/^\p{L}+$/u'); // defaults to visible chars,unicode mode and no punctuation
7575
$usernameMinLength = (int)$this->getProperty('usernameMinLength',5);
76-
$usernameMaxLength = (int)$this->getProperty('usernameMaxLength',30);
76+
$usernameMaxLength = (int)$this->getProperty('usernameMaxLength',255);
7777
if($usernameMinLength > $usernameMaxLength){
7878
//obviously, $usernameMinLength should be less than $usernameMaxLength, but we'll still check in case of mis-config then we'll swap the 2 values
7979
$lesser = $usernameMaxLength;
@@ -129,8 +129,7 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
129129
}else if($key === $passwordColumnName){
130130
$data[$passwordColumnName] = password_hash($password, PASSWORD_DEFAULT);
131131
}else{
132-
$data[$key] = filter_var($value, FILTER_VALIDATE_EMAIL) ? $value : filter_var($value,FILTER_SANITIZE_ENCODED);
133-
//sanitize all other inputs, except for valid or properly formatted email address
132+
$data[$key] = htmlspecialchars($value);
134133
}
135134
}
136135
}
@@ -142,11 +141,11 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
142141
* query 2,3 or more times.
143142
* As a TEMPORARY WORKAROUND, we'll just attempt to register the new user and wait for the db to throw a DUPLICATE KEY EXCEPTION.
144143
*/
145-
}catch(\PDOException error){
144+
}catch(\PDOException $error){
146145
if($error->getCode() ==="23000"){
147146
return $this->responder->error(ErrorCode::DUPLICATE_KEY_EXCEPTION,'',$error->getMessage());
148147
}else{
149-
return $this->responder->error(ErrorCode::INPUT_VALIDATION_FAILED,$$error->getMessage());
148+
return $this->responder->error(ErrorCode::INPUT_VALIDATION_FAILED,$error->getMessage());
150149
}
151150
}
152151
$users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);

0 commit comments

Comments
 (0)