prisma-client-php 0.0.20 → 0.0.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -335,7 +335,7 @@ final class PPHPUtility
|
|
|
335
335
|
} elseif ($val === '') {
|
|
336
336
|
$sqlConditions[] = "$qualifiedField != ''";
|
|
337
337
|
} else {
|
|
338
|
-
$validatedValue = Validator::string($val);
|
|
338
|
+
$validatedValue = Validator::string($val, false);
|
|
339
339
|
$likeOperator = $condition === 'contains' ? ($dbType == 'pgsql' ? 'ILIKE' : 'LIKE') : '=';
|
|
340
340
|
if ($condition === 'startsWith') $validatedValue .= '%';
|
|
341
341
|
if ($condition === 'endsWith') $validatedValue = '%' . $validatedValue;
|
|
@@ -355,7 +355,7 @@ final class PPHPUtility
|
|
|
355
355
|
} elseif (strtotime($val) !== false) {
|
|
356
356
|
$validatedValue = date('Y-m-d H:i:s', strtotime($val));
|
|
357
357
|
} else {
|
|
358
|
-
$validatedValue = Validator::string($val);
|
|
358
|
+
$validatedValue = Validator::string($val, false);
|
|
359
359
|
}
|
|
360
360
|
$operator = $condition === 'gt' ? '>' : ($condition === 'gte' ? '>=' : ($condition === 'lt' ? '<' : '<='));
|
|
361
361
|
$sqlConditions[] = "$qualifiedField $operator $bindingKey";
|
|
@@ -366,7 +366,7 @@ final class PPHPUtility
|
|
|
366
366
|
$inPlaceholders = [];
|
|
367
367
|
foreach ($val as $i => $inVal) {
|
|
368
368
|
$inKey = $bindingKey . "_" . $i;
|
|
369
|
-
$validatedValue = Validator::string($inVal);
|
|
369
|
+
$validatedValue = Validator::string($inVal, false);
|
|
370
370
|
$inPlaceholders[] = $inKey;
|
|
371
371
|
$bindings[$inKey] = $validatedValue;
|
|
372
372
|
}
|
|
@@ -386,7 +386,7 @@ final class PPHPUtility
|
|
|
386
386
|
$sqlConditions[] = "$qualifiedField = ''";
|
|
387
387
|
} else {
|
|
388
388
|
$bindingKey = ":" . $prefix . $key . $level;
|
|
389
|
-
$validatedValue = Validator::string($value);
|
|
389
|
+
$validatedValue = Validator::string($value, false);
|
|
390
390
|
$sqlConditions[] = "$qualifiedField = $bindingKey";
|
|
391
391
|
$bindings[$bindingKey] = $validatedValue;
|
|
392
392
|
}
|
|
@@ -22,19 +22,25 @@ final class Validator
|
|
|
22
22
|
/**
|
|
23
23
|
* Validate and sanitize a string.
|
|
24
24
|
*
|
|
25
|
-
* This function converts the input to a string, trims any leading or trailing
|
|
26
|
-
* whitespace, and converts special characters to HTML entities to
|
|
27
|
-
* XSS attacks. If the input is null, an empty string is returned.
|
|
25
|
+
* This function converts the input to a string, trims any leading or trailing
|
|
26
|
+
* whitespace, and optionally converts special characters to HTML entities to
|
|
27
|
+
* prevent XSS attacks. If the input is null, an empty string is returned.
|
|
28
28
|
*
|
|
29
29
|
* @param mixed $value The value to validate and sanitize. This can be of any type.
|
|
30
|
-
* @
|
|
30
|
+
* @param bool $escapeHtml Whether to escape special characters as HTML entities.
|
|
31
|
+
* Defaults to true. Set to false when handling database
|
|
32
|
+
* queries or other non-HTML contexts.
|
|
33
|
+
* @return string The sanitized string. If the input is not a string or null,
|
|
34
|
+
* it is converted to its string representation before sanitization.
|
|
35
|
+
* If the input is null, an empty string is returned.
|
|
31
36
|
*/
|
|
32
|
-
public static function string($value): string
|
|
37
|
+
public static function string($value, bool $escapeHtml = true): string
|
|
33
38
|
{
|
|
34
39
|
// Convert the value to a string if it's not null
|
|
35
40
|
$stringValue = $value !== null ? (string)$value : '';
|
|
36
|
-
|
|
37
|
-
|
|
41
|
+
|
|
42
|
+
// If escaping is enabled, apply htmlspecialchars; otherwise, just trim
|
|
43
|
+
return $escapeHtml ? htmlspecialchars(trim($stringValue), ENT_QUOTES, 'UTF-8') : trim($stringValue);
|
|
38
44
|
}
|
|
39
45
|
|
|
40
46
|
/**
|
package/package.json
CHANGED