Fixes for CSRF protection and FormHandler (including calling CSRF validation in FormHandler by default), Switch_/Case_ statements for FormHandler, custom FormHandler error messages for standard validators
/* Intentionally not using the templater here; any inner exceptions
* cause serious debugging issues. Avoiding potential issues by just
* hardcoding the response here, with no code that could raise an
* exception. */
$exception_class = get_class($e);
$exception_message = $e->getMessage();
$exception_file = $e->getFile();
$exception_line = $e->getLine();
$exception_trace = $e->getTraceAsString();
error_log("Uncaught {$exception_class} in {$exception_file}:{$exception_line} ({$exception_message}). Traceback: {$exception_trace}");
switch(strtolower(ini_get('display_errors')))
{
case "1":
case "on":
case "true":
$error_body = "
<p>
An uncaught <spanclass='detail'>{$exception_class}</span> was thrown, in <spanclass='detail'>{$exception_file}</span> on line <spanclass='detail'>{$exception_line}</span>.
</p>
<p>
<spanclass='message'>{$exception_message}</span>
</p>
<pre>{$exception_trace}</pre>
<p><strong>Important:</strong> These errors should never be displayed on a production server! Make sure that <em>display_errors</em> is turned off in your PHP configuration, if you want to hide these tracebacks.</p>
";
break;
default:
$error_body = "
<p>
Something went wrong while creating this page, but we're not yet quite sure what it was.
</p>
<p>
If the issue persists, please contact the administrator for this application or website.
@ -164,6 +164,20 @@ class CPHPFormValidatorPromiseBaseClass
return $this->next;
}
public function Switch_($varname, $error_message)
{
$this->next = new CPHPFormValidatorOperatorSwitch($this, $varname, $error_message, array_slice(func_get_args(), 2));
$this->next->handler = $this->handler;
return $this->next;
}
public function Case_($value)
{
$this->next = new CPHPFormValidatorOperatorCase($this, $value, array_slice(func_get_args(), 1));
$this->next->handler = $this->handler;
return $this->next;
}
/* Special instructions */
public function AbortIfErrors()
@ -214,6 +228,15 @@ class CPHPFormValidatorPromiseBaseClass
return $this->next;
}
public function ValidateNumeric($key, $critical = false)
{
$this->next = new CPHPFormValidatorPromise($this, $this->handler, $key, array(), "numeric", "The value is not numeric.", $critical, function($key, $value, $args, $handler){
return is_numeric($value) !== false;
});
$this->next->handler = $this->handler;
return $this->next;
}
public function ValidateUrl($key, $critical = false)
{
$this->next = new CPHPFormValidatorPromise($this, $this->handler, $key, array(), "url", "The value is not a valid URL.", $critical, function($key, $value, $args, $handler){
@ -277,6 +300,22 @@ class CPHPFormValidatorPromiseBaseClass
return $this->next;
}
public function ValidateValue($key, $error_message, $values, $critical = false)