Add input validation to admin pages

2011-12-29 18:40:00 +00:00
parent c94c64d546
commit cbb10636ef
4 changed files with 82 additions and 52 deletions
--- a/source/webui/pages/admin/add-incident.php
+++ b/source/webui/pages/admin/add-incident.php
@@ -4,12 +4,13 @@ $main = StatusBoard_Main::instance();
 $request = $main->request();
 $auth = $main->auth();
 $session = $main->session();
 $messages = array();
 if ( ! $auth->isAuthenticated() || ! $auth->hasPermission(StatusBoard_Permission::PERM_UpdateIncidents)) {
    throw new StatusBoard_Exception_NotAuthorised();
 }
 $messages = array();
 if ($request->exists('do')) {
    $service_id = StatusBoard_Main::issetelse($_POST['service'], 'Sihnon_Exception_InvalidParameters');
--- a/source/webui/pages/admin/incident.php
+++ b/source/webui/pages/admin/incident.php
@@ -36,25 +36,30 @@ if ($request->exists('do')) {
            $description = StatusBoard_Main::issetelse($_POST['description'], 'Sihnon_Exception_InvalidParameters');
            $estimated_end_time = StatusBoard_Main::issetelse($_POST['estimatedendtime'], 'Sihnon_Exception_InvalidParameters');
-            $estimated_end_time = strtotime($estimated_end_time);
+            try {
                StatusBoard_Validation_Text::length($reference, 1, 32);
-            if ($reference) {
+                $estimated_end_time = strtotime($estimated_end_time);
                $incident->reference = $reference;
            }
            if ($description) {
                $incident->description = $description;
            }
                if ($estimated_end_time) {
                    $incident->reference = $reference;
                    $incident->description = $description;
                    $incident->estimated_end_time = $estimated_end_time;
            }
            if ($reference || $description || $estimated_end_time) {
                    $incident->save();
                    $messages[] = array(
                        'severity' => 'success',
                        'content'  => 'The incident was updated succesfully.',
                    );
                } else {
-                $messages[] = 'No changes were necessary.';
+                    $messages[] = array(
                        'severity' => 'error',
                        'content'  => 'The incident was not modified because the value entered for estimated end time was not understood.',
                    );
                }                    
            } catch (StatusBoard_Exception_InvalidContent $e) {
                $messages[] = array(
                    'severity' => 'error',
                    'content'  => 'The incident was not modified due to invalid parameters being passed.',
                );
            }
        } break;
@@ -63,6 +68,9 @@ if ($request->exists('do')) {
            $status = StatusBoard_Main::issetelse($_POST['status'], 'Sihnon_Exception_InvalidParameters');
            $description = StatusBoard_Main::issetelse($_POST['description'], 'Sihnon_Exception_InvalidParameters');
            try {
                StatusBoard_Validation_Enum::validate($status, 'StatusBoard_Status', 'STATUS_');
                $incident->changeStatus($status, $description);
                if ($status == StatusBoard_Status::STATUS_Resolved) {
@@ -74,10 +82,19 @@ if ($request->exists('do')) {
                    'severity' => 'success',
                    'content'  => 'The incident status was changed successfully.',
                );
            } catch (StatusBoard_Exception_InvalidContent $e) {
                $messages[] = array(
                    'severity' => 'error',
                    'content'  => 'The status was not modified due to invalid parameters being passed.',
                );
            }
        } break;
        default: {
-
+            $messages[] = array(
                'severity' => 'warning',
                'content'  => "The activity '{$activity}' is not supported.",
            );
        }
    }
--- a/source/webui/pages/admin/service.php
+++ b/source/webui/pages/admin/service.php
@@ -10,7 +10,7 @@ if ( ! $auth->isAuthenticated() || ! $auth->hasPermission(StatusBoard_Permission
 }
 $activity = null;
-$success = true;
+$messages = array();
 $service_id = $request->get('id', 'Sihnon_Exception_InvalidParameters');
 $service = null;
@@ -28,34 +28,43 @@ if ($request->exists('do')) {
            $name = StatusBoard_Main::issetelse($_POST['name'], 'Sihnon_Exception_InvalidParameters');
            $description = StatusBoard_Main::issetelse($_POST['description'], 'Sihnon_Exception_InvalidParameters');
-            if ($name) {
+            try {
                StatusBoard_Validation_Text::length($name, 1, 255);
                $service->name = $name;
            }
            if ($description) {
                $service->description = $description;
            }
            if ($name || $description) {
                $service->save();
                $messages[] = array(
                    'severity' => 'success',
                    'content'  => 'The service was updated succesfully.',
                );
-            } else {
+            } catch (StatusBoard_Exception_InvalidContent $e) {
-                $messages[] = 'No changes were necessary.';
+                $messages[] = array(
                    'severity' => 'error',
                    'content'  => 'The service was not modified due to invalid parameters being passed.',
                );
            }            
        } break;        
        case 'add-site': {
            $name = StatusBoard_Main::issetelse($_POST['name'], 'Sihnon_Exception_InvalidParameters');
            $description = StatusBoard_Main::issetelse($_POST['description'], 'Sihnon_Exception_InvalidParameters');
            try {
                StatusBoard_Validation_Text::length($name, 1, 255);
                $site = $service->newSite($name, $description);
                $messages[] = array(
                    'severity' => 'success',
                    'content'  => 'The site was created succesfully.',
                );
            } catch (StatusBoard_Exception_InvalidContent $e) {
                $messages[] = array(
                    'severity' => 'error',
                    'content'  => 'The site was not added due to invalid parameters being passed.',
                );
            }
        } break;
--- a/source/webui/pages/admin/site.php
+++ b/source/webui/pages/admin/site.php
@@ -9,6 +9,8 @@ if ( ! $auth->isAuthenticated() || ! $auth->hasPermission(StatusBoard_Permission
    throw new StatusBoard_Exception_NotAuthorised();
 }
 $messages = array();
 $service_id = $request->get('service', 'Sihnon_Exception_InvalidParameters');
 $site_id = $request->get('id', 'Sihnon_Exception_InvalidParameters'); 
@@ -30,20 +32,21 @@ if ($request->exists('do')) {
            $name = StatusBoard_Main::issetelse($_POST['name'], 'Sihnon_Exception_InvalidParameters');
            $description = StatusBoard_Main::issetelse($_POST['description'], 'Sihnon_Exception_InvalidParameters');
-            if ($name) {
+            try {
                StatusBoard_Validation_Text::length($name, 1, 255);
                $site->name = $name;
            }
            if ($description) {
                $site->description = $description;
            }
            if ($name || $description) {
                $site->save();
                $messages[] = array(
                    'severity' => 'success',
                    'content'  => 'The site was updated succesfully.',
                );
-            } else {
+            } catch (StatusBoard_Exception_InvalidContent $e) {
-                $messages[] = 'No changes were necessary.';
+                $messages[] = array(
                    'severity' => 'error',
                    'content'  => 'The site was not modified due to invalid parameters being passed.',
                );
            }
        } break;