Another day, another PHP Codesniffer induced solution to some code that worked fine before, but I just couldn’t leave it alone once Codesniffer scolded me. This time it was:

Detected access of super global var $_POST, probably needs manual inspection

No problem. I’ve used filter_input before, lets do this.

First problem, I’m dealing with an array of $_POST data. Too many options to bother writing endless filter_input clauses for. No worries, filter_input_array takes care of everything.

$args = [
	'event'			=> FILTER_SANITIZE_STRING,
	'price'			=> FILTER_SANITIZE_STRING,
	'minimum_age'	=> FILTER_SANITIZE_STRING,
	'date'			=> FILTER_SANITIZE_STRING,
	'address'		=> FILTER_SANITIZE_STRING,
	'city'			=> FILTER_SANITIZE_STRING,
	'country'		=> FILTER_VALIDATE_INT,
	'venue'			=> FILTER_SANITIZE_STRING,
	'venue_capacity'=> FILTER_VALIDATE_INT,
	'event_links'	=> FILTER_SANITIZE_STRING,
];

// Parse into array.
$post_data = filter_input_array( INPUT_POST, $args );

Only one problem. The ‘event_links’ field contains a multidimensional array a bit like this:

'event_links'		=> [
	[
		'url'	=> 'http://link.com',
		'desc'	=> 'A Link',
	],
	[
		'url'	=> 'http://link2.com',
		'desc'	=> 'Another Link',
	],
];

The code above results in an empty value for ‘event_links’. Nine out of ten isn’t bad though is it? That’s a 90% success rate. Surely the client would be ok with that? Sadly not.

Luckily FILTER_CALLBACK was my knight in shining binary armour. Well, in the end he was. He decided to ride his digital horse around the houses for a while before he got to me. Initial attempts at FILTER_CALLBACK and various recursive functions just resulted in every single value in the event_links array being passed one by one. In the end I hit upon the solution below. We process the easy stuff into an array first, then we use filter_input and a FILTER_CALLBACK to process our event_links into an array which is then appended to the first array.

class Some_Class {
	
	function validate_links( $var ) {
		return filter_var( $var, FILTER_SANITIZE_STRING );
	}

	function clean_post_data() {

		// All fields except event_links.
		$args = [
			'event'			=> FILTER_SANITIZE_STRING,
			'price'			=> FILTER_SANITIZE_STRING,
			'minimum_age'	=> FILTER_SANITIZE_STRING,
			'date'			=> FILTER_SANITIZE_STRING,
			'address'		=> FILTER_SANITIZE_STRING,
			'city'			=> FILTER_SANITIZE_STRING,
			'country'		=> FILTER_VALIDATE_INT,
			'venue'			=> FILTER_SANITIZE_STRING,
			'venue_capacity'=> FILTER_VALIDATE_INT,
		];

		// Parse into array.
		$post_data = filter_input_array( INPUT_POST, $args );

		// Parse any event links.
		$links = filter_input( INPUT_POST, 'event_links', FILTER_CALLBACK, [
			'options'	=> [
				$this,
				'validate_links',
			],
		] );

		// Add to post data  array.
		$post_data['event_links'] = $links;

		// Return.
		return $post_data;
	}
}
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s