From 04ab522ee336c065dee7476ff2c124fb85d9263b Mon Sep 17 00:00:00 2001 From: snipe Date: Sat, 4 Nov 2017 17:06:14 -0700 Subject: [PATCH] Fixes #4236 - validate the regex custom validation (#4380) * More helpful text on how the custom validator works * Clarified language of custom format, fixed regex example * Fixed regex example in placeholder * Added comments to custom fields * Added regex validation string * Added valid_regex validator in format requirements * Removed useles comments * Fixes #4236 - validate the regex custom validation --- app/Http/Controllers/CategoriesController.php | 2 -- .../Controllers/CustomFieldsController.php | 26 +++++--------- app/Http/Requests/CustomFieldRequest.php | 31 ++++++++++++++++ app/Models/CustomField.php | 17 ++++++--- app/Providers/AppServiceProvider.php | 35 +++++++++++++++++++ .../lang/en/admin/custom_fields/general.php | 5 +-- resources/lang/en/validation.php | 1 + .../views/custom_fields/fields/edit.blade.php | 14 ++++++-- 8 files changed, 103 insertions(+), 28 deletions(-) create mode 100644 app/Http/Requests/CustomFieldRequest.php diff --git a/app/Http/Controllers/CategoriesController.php b/app/Http/Controllers/CategoriesController.php index f1ccb10668..1dbe7488fa 100755 --- a/app/Http/Controllers/CategoriesController.php +++ b/app/Http/Controllers/CategoriesController.php @@ -71,9 +71,7 @@ class CategoriesController extends Controller */ public function store(ImageUploadRequest $request) { - // create a new model instance $category = new Category(); - // Update the category data $category->name = $request->input('name'); $category->category_type = $request->input('category_type'); $category->eula_text = $request->input('eula_text'); diff --git a/app/Http/Controllers/CustomFieldsController.php b/app/Http/Controllers/CustomFieldsController.php index bb2f4fa0cd..790b06d39c 100644 --- a/app/Http/Controllers/CustomFieldsController.php +++ b/app/Http/Controllers/CustomFieldsController.php @@ -1,6 +1,7 @@ $request->get("name"), @@ -81,27 +82,19 @@ class CustomFieldsController extends Controller ]); - if (!in_array(Input::get('format'), array_keys(CustomField::$PredefinedFormats))) { $field->format = e($request->get("custom_format")); } else { $field->format = e($request->get("format")); } - - $validator = Validator::make(Input::all(), $field->rules); - - if ($validator->passes()) { - $results = $field->save(); - if ($results) { - return redirect()->route("fields.index")->with("success", trans('admin/custom_fields/message.field.create.success')); - } else { - dd($field); - return redirect()->back()->withInput()->with('error', trans('admin/custom_fields/message.field.create.error')); - } + if ($field->save()) { + return redirect()->route("fields.index")->with("success", trans('admin/custom_fields/message.field.create.success')); } else { - return redirect()->back()->withInput()->withErrors($validator); + // dd($field); + return redirect()->back()->withInput()->with('error', trans('admin/custom_fields/message.field.create.error')); } + } @@ -169,7 +162,7 @@ class CustomFieldsController extends Controller * @since [v4.0] * @return Redirect */ - public function update(Request $request, $id) + public function update(CustomFieldRequest $request, $id) { $field = CustomField::find($id); @@ -186,13 +179,12 @@ class CustomFieldsController extends Controller $field->format = e($request->get("format")); } - $validator = Validator::make(Input::all(), $field->rules); if ($field->save()) { return redirect()->route("fields.index")->with("success", trans('admin/custom_fields/message.field.update.success')); } - return redirect()->back()->withInput()->withErrors($validator); + return redirect()->back()->withInput()->with('error', trans('admin/custom_fields/message.field.update.error')); } diff --git a/app/Http/Requests/CustomFieldRequest.php b/app/Http/Requests/CustomFieldRequest.php new file mode 100644 index 0000000000..f1f09e40db --- /dev/null +++ b/app/Http/Requests/CustomFieldRequest.php @@ -0,0 +1,31 @@ + "required|unique:custom_fields", + "custom_format" => "valid_regex", + ]; + } +} diff --git a/app/Models/CustomField.php b/app/Models/CustomField.php index c0ddba3cc9..696b0454b5 100644 --- a/app/Models/CustomField.php +++ b/app/Models/CustomField.php @@ -25,10 +25,13 @@ class CustomField extends Model ]; public $rules = [ - "name" => "required|unique:custom_fields" + "name" => "required|unique:custom_fields" ]; - public static $table_name="assets"; + // This is confusing, since it's actually the custom fields table that + // we're usually modifying, but since we alter the assets table, we have to + // say that here + public static $table_name = "assets"; public static function name_to_db_name($name) { @@ -39,7 +42,6 @@ class CustomField extends Model { self::created(function ($custom_field) { - // column exists - nothing to do here if (Schema::hasColumn(CustomField::$table_name, $custom_field->convertUnicodeDbSlug())) { return false; @@ -62,14 +64,17 @@ class CustomField extends Model return true; } + // This is just a dumb thing we have to include because Laraval/Doctrine doesn't + // play well with enums or a table that EVER had enums. :( $platform = Schema::getConnection()->getDoctrineSchemaManager()->getDatabasePlatform(); $platform->registerDoctrineTypeMapping('enum', 'string'); - + + // Rename the field if the name has changed Schema::table(CustomField::$table_name, function ($table) use ($custom_field) { $table->renameColumn($custom_field->convertUnicodeDbSlug($custom_field->getOriginal("name")), $custom_field->convertUnicodeDbSlug()); }); - + // Save the updated column name to the custom fields table $custom_field->db_column = $custom_field->convertUnicodeDbSlug(); $custom_field->save(); @@ -78,6 +83,8 @@ class CustomField extends Model return true; }); + + // Drop the assets column if we've deleted it from custom fields self::deleting(function ($custom_field) { return Schema::table(CustomField::$table_name, function ($table) use ($custom_field) { $table->dropColumn($custom_field->convertUnicodeDbSlug()); diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php index a3184e72bc..d3527ee7ea 100644 --- a/app/Providers/AppServiceProvider.php +++ b/app/Providers/AppServiceProvider.php @@ -75,6 +75,41 @@ class AppServiceProvider extends ServiceProvider }); + + // Yo dawg. I heard you like validators. + // This validates the custom validator regex in custom fields. + // We're just checking that the regex won't throw an exception, not + // that it's actually correct for what the user intended. + + Validator::extend('valid_regex', function ($attribute, $value, $parameters, $validator) { + + // Make sure it's not just an ANY format + if ($value!='') { + + // Check that the string starts with regex: + if (strpos($value, 'regex:') === FALSE) { + return false; + } + + $test_string = 'My hovercraft is full of eels'; + + // We have to stip out the regex: part here to check with preg_match + $test_pattern = str_replace('regex:','', $value); + + try { + preg_match($test_pattern, $test_string, $matches); + return true; + } catch (\Exception $e) { + return false; + } + + } + return true; + + }); + + + // Share common setting variables with all views. view()->composer('*', function ($view) { $view->with('snipeSettings', \App\Models\Setting::getSettings()); diff --git a/resources/lang/en/admin/custom_fields/general.php b/resources/lang/en/admin/custom_fields/general.php index f2e6df90cb..564a9617d9 100644 --- a/resources/lang/en/admin/custom_fields/general.php +++ b/resources/lang/en/admin/custom_fields/general.php @@ -5,7 +5,7 @@ return array( 'field' => 'Field', 'about_fieldsets_title' => 'About Fieldsets', 'about_fieldsets_text' => 'Fieldsets allow you to create groups of custom fields that are frequently re-used used for specific asset model types.', - 'custom_format' => 'Custom format...', + 'custom_format' => 'Custom regex format...', 'encrypt_field' => 'Encrypt the value of this field in the database', 'encrypt_field_help' => 'WARNING: Encrypting a field makes it unsearchable.', 'encrypted' => 'Encrypted', @@ -19,7 +19,8 @@ return array( 'field_element' => 'Form Element', 'field_element_short' => 'Element', 'field_format' => 'Format', - 'field_custom_format' => 'Custom Format', + 'field_custom_format' => 'Custom Regex Format', + 'field_custom_format_help' => 'This field allows you to use a regex expression for validation. It should start with "regex:" - for example, to validate that a custom field value contains a valid IMEI (15 numeric digits), you would use regex:/^[0-9]{15}$/.', 'required' => 'Required', 'req' => 'Req.', 'used_by_models' => 'Used By Models', diff --git a/resources/lang/en/validation.php b/resources/lang/en/validation.php index ee4ecbda4c..23116776e3 100644 --- a/resources/lang/en/validation.php +++ b/resources/lang/en/validation.php @@ -67,6 +67,7 @@ return array( 'not_in' => 'The selected :attribute is invalid.', 'numeric' => 'The :attribute must be a number.', 'present' => 'The :attribute field must be present.', + 'valid_regex' => 'That is not a valid regex. ', 'regex' => 'The :attribute format is invalid.', 'required' => 'The :attribute field is required.', 'required_if' => 'The :attribute field is required when :other is :value.', diff --git a/resources/views/custom_fields/fields/edit.blade.php b/resources/views/custom_fields/fields/edit.blade.php index 2709aaf9a6..918545de7f 100644 --- a/resources/views/custom_fields/fields/edit.blade.php +++ b/resources/views/custom_fields/fields/edit.blade.php @@ -82,7 +82,9 @@ {{ trans('admin/custom_fields/general.field_custom_format') }}
- {{ Form::text('custom_format', Input::old('custom_format', $field->custom_format), array('class' => 'form-control', 'id' => 'custom_format')) }} + {{ Form::text('custom_format', Input::old('custom_format', $field->format), array('class' => 'form-control', 'id' => 'custom_format', 'placeholder'=>'regex:/^[0-9]{15}$/')) }} +

{!! trans('admin/custom_fields/general.field_custom_format_help') !!}

+ {!! $errors->first('custom_format', ' :message') !!}
@@ -102,7 +104,7 @@ @if (!$field->id) -
+