ben/status-board
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add input validation to admin pages

Browse Source
This commit is contained in:
Ben Roberts
2011-12-29 18:40:00 +00:00
parent c94c64d546
commit cbb10636ef
4 changed files with 82 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
source/webui/pages/admin/add-incident.php
View File

@@ -4,12 +4,13 @@ $main = StatusBoard_Main::instance();
$request = $main->request();
$auth = $main->auth();
$session = $main->session();
$messages = array();
if ( ! $auth->isAuthenticated() || ! $auth->hasPermission(StatusBoard_Permission::PERM_UpdateIncidents)) {
throw new StatusBoard_Exception_NotAuthorised();
}
$messages = array();
if ($request->exists('do')) {
$service_id = StatusBoard_Main::issetelse($_POST['service'], 'Sihnon_Exception_InvalidParameters');

73
source/webui/pages/admin/incident.php
View File

@@ -35,26 +35,31 @@ if ($request->exists('do')) {
$reference = StatusBoard_Main::issetelse($_POST['reference'], 'Sihnon_Exception_InvalidParameters');
$description = StatusBoard_Main::issetelse($_POST['description'], 'Sihnon_Exception_InvalidParameters');
$estimated_end_time = StatusBoard_Main::issetelse($_POST['estimatedendtime'], 'Sihnon_Exception_InvalidParameters');
$estimated_end_time = strtotime($estimated_end_time);
if ($reference) {
$incident->reference = $reference;
}
if ($description) {
$incident->description = $description;
}
if ($estimated_end_time) {
$incident->estimated_end_time = $estimated_end_time;
}
if ($reference || $description || $estimated_end_time) {
$incident->save();
try {
StatusBoard_Validation_Text::length($reference, 1, 32);
$estimated_end_time = strtotime($estimated_end_time);
if ($estimated_end_time) {
$incident->reference = $reference;
$incident->description = $description;
$incident->estimated_end_time = $estimated_end_time;
$incident->save();
$messages[] = array(
'severity' => 'success',
'content' => 'The incident was updated succesfully.',
);
} else {
$messages[] = array(
'severity' => 'error',
'content' => 'The incident was not modified because the value entered for estimated end time was not understood.',
);
}
} catch (StatusBoard_Exception_InvalidContent $e) {
$messages[] = array(
'severity' => 'success',
'content' => 'The incident was updated succesfully.',
'severity' => 'error',
'content' => 'The incident was not modified due to invalid parameters being passed.',
);
} else {
$messages[] = 'No changes were necessary.';
}
} break;
@@ -63,21 +68,33 @@ if ($request->exists('do')) {
$status = StatusBoard_Main::issetelse($_POST['status'], 'Sihnon_Exception_InvalidParameters');
$description = StatusBoard_Main::issetelse($_POST['description'], 'Sihnon_Exception_InvalidParameters');
$incident->changeStatus($status, $description);
if ($status == StatusBoard_Status::STATUS_Resolved) {
$incident->actual_end_time = time();
$incident->save();
try {
StatusBoard_Validation_Enum::validate($status, 'StatusBoard_Status', 'STATUS_');
$incident->changeStatus($status, $description);
if ($status == StatusBoard_Status::STATUS_Resolved) {
$incident->actual_end_time = time();
$incident->save();
}
$messages[] = array(
'severity' => 'success',
'content' => 'The incident status was changed successfully.',
);
} catch (StatusBoard_Exception_InvalidContent $e) {
$messages[] = array(
'severity' => 'error',
'content' => 'The status was not modified due to invalid parameters being passed.',
);
}
$messages[] = array(
'severity' => 'success',
'content' => 'The incident status was changed successfully.',
);
} break;
default: {
$messages[] = array(
'severity' => 'warning',
'content' => "The activity '{$activity}' is not supported.",
);
}
}

41
source/webui/pages/admin/service.php
View File

@@ -10,7 +10,7 @@ if ( ! $auth->isAuthenticated() || ! $auth->hasPermission(StatusBoard_Permission
}
$activity = null;
$success = true;
$messages = array();
$service_id = $request->get('id', 'Sihnon_Exception_InvalidParameters');
$service = null;
@@ -28,34 +28,43 @@ if ($request->exists('do')) {
$name = StatusBoard_Main::issetelse($_POST['name'], 'Sihnon_Exception_InvalidParameters');
$description = StatusBoard_Main::issetelse($_POST['description'], 'Sihnon_Exception_InvalidParameters');
if ($name) {
try {
StatusBoard_Validation_Text::length($name, 1, 255);
$service->name = $name;
}
if ($description) {
$service->description = $description;
}
if ($name || $description) {
$service->save();
$messages[] = array(
'severity' => 'success',
'content' => 'The service was updated succesfully.',
);
} else {
$messages[] = 'No changes were necessary.';
}
} catch (StatusBoard_Exception_InvalidContent $e) {
$messages[] = array(
'severity' => 'error',
'content' => 'The service was not modified due to invalid parameters being passed.',
);
}
} break;
case 'add-site': {
$name = StatusBoard_Main::issetelse($_POST['name'], 'Sihnon_Exception_InvalidParameters');
$description = StatusBoard_Main::issetelse($_POST['description'], 'Sihnon_Exception_InvalidParameters');
$site = $service->newSite($name, $description);
$messages[] = array(
'severity' => 'success',
'content' => 'The site was created succesfully.',
);
try {
StatusBoard_Validation_Text::length($name, 1, 255);
$site = $service->newSite($name, $description);
$messages[] = array(
'severity' => 'success',
'content' => 'The site was created succesfully.',
);
} catch (StatusBoard_Exception_InvalidContent $e) {
$messages[] = array(
'severity' => 'error',
'content' => 'The site was not added due to invalid parameters being passed.',
);
}
} break;

17
source/webui/pages/admin/site.php
View File

@@ -9,6 +9,8 @@ if ( ! $auth->isAuthenticated() || ! $auth->hasPermission(StatusBoard_Permission
throw new StatusBoard_Exception_NotAuthorised();
}
$messages = array();
$service_id = $request->get('service', 'Sihnon_Exception_InvalidParameters');
$site_id = $request->get('id', 'Sihnon_Exception_InvalidParameters');
@@ -30,20 +32,21 @@ if ($request->exists('do')) {
$name = StatusBoard_Main::issetelse($_POST['name'], 'Sihnon_Exception_InvalidParameters');
$description = StatusBoard_Main::issetelse($_POST['description'], 'Sihnon_Exception_InvalidParameters');
if ($name) {
try {
StatusBoard_Validation_Text::length($name, 1, 255);
$site->name = $name;
}
if ($description) {
$site->description = $description;
}
if ($name || $description) {
$site->save();
$messages[] = array(
'severity' => 'success',
'content' => 'The site was updated succesfully.',
);
} else {
$messages[] = 'No changes were necessary.';
} catch (StatusBoard_Exception_InvalidContent $e) {
$messages[] = array(
'severity' => 'error',
'content' => 'The site was not modified due to invalid parameters being passed.',
);
}
} break;