You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sm...@apache.org on 2016/10/28 14:12:42 UTC
airavata-php-gateway git commit: AIRAVATA-2176 Sanitizing application
input names
Repository: airavata-php-gateway
Updated Branches:
refs/heads/develop 26ed2cfda -> cd084fe04
AIRAVATA-2176 Sanitizing application input names
PHP automatically converts '.' and spaces in POST parameter names to
underscores. This change prevents that by preemptively converting '.'
and spaces to underscores when assembling the form and likewise when
reading the values out of the $_POST variable.
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/cd084fe0
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/cd084fe0
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/cd084fe0
Branch: refs/heads/develop
Commit: cd084fe04bde45f91103a92f8227b608114d39ef
Parents: 26ed2cf
Author: Marcus Christie <ma...@iu.edu>
Authored: Tue Oct 18 15:06:22 2016 -0400
Committer: Marcus Christie <ma...@iu.edu>
Committed: Mon Oct 24 10:16:32 2016 -0400
----------------------------------------------------------------------
app/libraries/AppUtilities.php | 17 +++++++++++++++++
app/libraries/ExperimentUtilities.php | 30 +++++++++++++++---------------
2 files changed, 32 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/cd084fe0/app/libraries/AppUtilities.php
----------------------------------------------------------------------
diff --git a/app/libraries/AppUtilities.php b/app/libraries/AppUtilities.php
index de459e8..263128e 100644
--- a/app/libraries/AppUtilities.php
+++ b/app/libraries/AppUtilities.php
@@ -371,6 +371,7 @@ class AppUtilities
try {
$inputs = Airavata::getApplicationInputs(Session::get('authz-token'), $id);
+ $inputs = AppUtilities::sanitize_application_input_names($inputs);
} catch (InvalidRequestException $ire) {
CommonUtilities::print_error_message('<p>There was a problem getting application inputs.
Please try again later or submit a bug report using the link in the Help menu.</p>' .
@@ -388,6 +389,22 @@ class AppUtilities
return $inputs;
}
+ /**
+ * Add a field called `sanitizedFormName` to each application input, which
+ * is a sanitized ('.' and ' ' converted to underscores) version of the
+ * `name` field. The reason for this is that PHP will automatically convert '.'
+ * and spaces to underscores when the form is POSTed so we need a safe form
+ * name to use both when generating the form and when consuming it.
+ * @param $inputs - the output of `get_application_inputs()`
+ * @return the application inputs with `sanitizedFormName` field added
+ */
+ private static function sanitize_application_input_names($inputs)
+ {
+ foreach ($inputs as $index => $input) {
+ $input->sanitizedFormName = str_replace(array(".", " "), "_", $input->name);
+ }
+ return $inputs;
+ }
/**
* Get a list of the outputs for the application with the given ID
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/cd084fe0/app/libraries/ExperimentUtilities.php
----------------------------------------------------------------------
diff --git a/app/libraries/ExperimentUtilities.php b/app/libraries/ExperimentUtilities.php
index 8c137ea..26f555b 100755
--- a/app/libraries/ExperimentUtilities.php
+++ b/app/libraries/ExperimentUtilities.php
@@ -347,8 +347,8 @@ class ExperimentUtilities
($applicationInput->type == DataType::INTEGER) ||
($applicationInput->type == DataType::FLOAT)
) {
- if (isset($_POST[$applicationInput->name]) && (trim($_POST[$applicationInput->name]) != '')) {
- $experimentInput->value = $_POST[$applicationInput->name];
+ if (isset($_POST[$applicationInput->sanitizedFormName]) && (trim($_POST[$applicationInput->sanitizedFormName]) != '')) {
+ $experimentInput->value = $_POST[$applicationInput->sanitizedFormName];
$experimentInput->type = $applicationInput->type;
} else // use previous value
@@ -366,8 +366,8 @@ class ExperimentUtilities
}
}
} elseif ($applicationInput->type == DataType::URI) {
- if ($_FILES[$applicationInput->name]['name']) {
- $file = $_FILES[$applicationInput->name];
+ if ($_FILES[$applicationInput->sanitizedFormName]['name']) {
+ $file = $_FILES[$applicationInput->sanitizedFormName];
//
// move file to experiment data directory
@@ -731,24 +731,24 @@ class ExperimentUtilities
case DataType::STRING:
echo '<div class="form-group">
<label for="experiment-input">' . $input->name . '</label>
- <input value="' . $input->value . '" type="text" class="form-control" name="' . $input->name .
- '" id="' . $input->name .
+ <input value="' . $input->value . '" type="text" class="form-control" name="' . $input->sanitizedFormName .
+ '" id="' . $input->sanitizedFormName .
'" placeholder="' . $input->userFriendlyDescription . '"' . $required . '>
</div>';
break;
case DataType::INTEGER:
echo '<div class="form-group">
<label for="experiment-input">' . $input->name . '</label>
- <input value="' . $input->value . '" type="number" class="form-control" name="' . $input->name .
- '" id="' . $input->name .
+ <input value="' . $input->value . '" type="number" class="form-control" name="' . $input->sanitizedFormName .
+ '" id="' . $input->sanitizedFormName .
'" placeholder="' . $input->userFriendlyDescription . '"' . $required . '>
</div>';
break;
case DataType::FLOAT:
echo '<div class="form-group">
<label for="experiment-input">' . $input->name . '</label>
- <input value="' . $input->value . '" type="number" step="0.01" class="form-control" name="' . $input->name .
- '" id="' . $input->name .
+ <input value="' . $input->value . '" type="number" step="0.01" class="form-control" name="' . $input->sanitizedFormName .
+ '" id="' . $input->sanitizedFormName .
'" placeholder="' . $input->userFriendlyDescription . '"' . $required . '>
</div>';
break;
@@ -757,18 +757,18 @@ class ExperimentUtilities
echo '<div class="form-group">
<label for="experiment-input">' . $input->name . '</label>
- <input class="form-control" type="text" name="' . $input->name .
- '" id="' . $input->name . '" ' . $required . '>
+ <input class="form-control" type="text" name="' . $input->sanitizedFormName .
+ '" id="' . $input->sanitizedFormName . '" ' . $required . '>
<p class="help-block">' . $input->userFriendlyDescription . '</p>
</div>';
break;
}else{
echo '<div class="form-group">
<label for="experiment-input">' . $input->name . '</label>
- <div data-file-id="' . $input->name . '" class="readBytesButtons btn btn-default btn-xs"
+ <div data-file-id="' . $input->sanitizedFormName . '" class="readBytesButtons btn btn-default btn-xs"
data-toggle="modal" style="float: right">view file</div>
- <input class="file-input" type="file" name="' . $input->name .
- '" id="' . $input->name . '" ' . $required . '>
+ <input class="file-input" type="file" name="' . $input->sanitizedFormName .
+ '" id="' . $input->sanitizedFormName . '" ' . $required . '>
<p class="help-block">' . $input->userFriendlyDescription . '</p>
</div>';
break;