Added parameter validation, bumped to 0.3.2v0.3.2

author: Ted Trask <ttrask01@yahoo.com> 2009-08-28 14:59:58 +0000
committer: Ted Trask <ttrask01@yahoo.com> 2009-08-28 14:59:58 +0000
commit: 138ae855953c6ba7dadd62a092d53feb46777579 (patch)
tree: 35186954708fa0a56f130a78108b8b2f9f751857 /weblog-model.lua
parent: 48a8fe99954ac0dc8ea9bd666fad1af3a97eb910 (diff)
download: acf-weblog-138ae855953c6ba7dadd62a092d53feb46777579.tar.bz2
acf-weblog-138ae855953c6ba7dadd62a092d53feb46777579.tar.xz
1 files changed, 133 insertions, 31 deletions
diff --git a/weblog-model.lua b/weblog-model.lua
index 9e32e53..5cced4b 100644
--- a/weblog-model.lua
+++ b/weblog-model.lua
@@ -487,6 +487,20 @@ local listusagestats = function()
 	return entries
 end
 
+local testdatabaseentry = function(datatype, value)
+	local success = true
+	local errtxt
+	local sql = "CREATE TEMP TABLE testing ( test "..escape(datatype).." DEFAULT '"..escape(value).."' ) ON COMMIT DROP"
+	local res, err = pcall(function()
+		assert (con:execute(sql))
+	end)
+	if not res then
+		success = false
+		errtxt = string.gsub(err or "", "\n.*", "")
+	end
+	return success, errtxt
+end
+
 local printtableentries = function(tablename)
 	-- retrieve a cursor
 	local count = 0
@@ -898,7 +912,7 @@ function getnewwatchlistentry()
 	return cfe({ type="group", value=watch, label="Watchlist Entry" })
 end
 
-function createwatchlistentry(watch)
+local function validatewatchlistentry(watch)
 	local success = true
 	for i,name in ipairs({"clientuserid", "expiredatetime"}) do
 		if watch.value[name].value == "" then
@@ -906,28 +920,48 @@ function createwatchlistentry(watch)
 			success = false
 		end
 	end
+	if not watch.value.expiredatetime.errtxt then
+		local res, err = pcall(function()
+			databaseconnect(DatabaseUser)
+			local s
+			s,watch.value.expiredatetime.errtxt = testdatabaseentry("TIMESTAMP", watch.value.expiredatetime.value)
+			databasedisconnect()
+			success = success and s
+		end)
+		if not res and err then
+			watch.value.expiredatetime.errtxt = err
+			success = false
+		end
+	end
+	return success
+end
+
+function createwatchlistentry(watch)
 	watch.value.clientuserid.value = watch.value.clientuserid.value:lower()
 	watch.errtxt = "Failed to create watchlist entry"
-	local res, err = pcall(function()
-		databaseconnect(DatabaseUser)
-		local watchlist = listwatchlistentries() or {}
-		for i,w in ipairs(watchlist) do
-			if w.clientuserid == watch.value.clientuserid.value then
-				watch.value.clientuserid.errtxt = "User ID already exists"
-				success = false
-				break
+	local success = validatewatchlistentry(watch)
+	if success then
+		local res, err = pcall(function()
+			databaseconnect(DatabaseUser)
+			local watchlist = listwatchlistentries() or {}
+			for i,w in ipairs(watchlist) do
+				if w.clientuserid == watch.value.clientuserid.value then
+					watch.value.clientuserid.errtxt = "User ID already exists"
+					success = false
+					break
+				end
 			end
-		end
-		if success then
-			local count = importwatchlistentry(watch.value.clientuserid.value, watch.value.expiredatetime.value)
-			if count > 0 then
-				watch.errtxt = nil
+			if success then
+				local count = importwatchlistentry(watch.value.clientuserid.value, watch.value.expiredatetime.value)
+				if count > 0 then
+					watch.errtxt = nil
+				end
 			end
+			databasedisconnect()
+		end)
+		if not res and err then
+			watch.errtxt = watch.errtxt .. "\n" .. err
 		end
-		databasedisconnect()
-	end)
-	if not res and err then
-		watch.errtxt = watch.errtxt .. "\n" .. err
 	end
 
 	return watch
@@ -951,6 +985,42 @@ function deletewatchlistent(clientuserid)
 	return result
 end
 
+local validateparameters = function(params)
+	local success = true
+	if params.clientip.value ~= "" and string.find(params.clientip.value, "[^%d%.]") then
+		params.clientip.errtxt = "Invalid IP Address"
+		success = false
+	end
+	if params.window.value ~= "" and not validator.is_integer(params.window.value) then
+		params.window.errtxt = "Must be an integer"
+		success = false
+	end
+	local res, err = pcall(function()
+		databaseconnect(DatabaseUser)
+		local s
+		if params.starttime.value ~= "" then
+			s,params.starttime.errtxt = testdatabaseentry("TIMESTAMP", params.starttime.value)
+			success = success and s
+		end
+		if params.endtime.value ~= "" then
+			s,params.endtime.errtxt = testdatabaseentry("TIMESTAMP", params.endtime.value)
+			success = success and s
+		end
+		if params.focus.value ~= "" then
+			s,params.focus.errtxt = testdatabaseentry("TIMESTAMP", params.focus.value)
+			success = success and s
+		end
+		databasedisconnect()
+	end)
+	if not res and err then
+		params.starttime.errtxt = err
+		params.endtime.errtxt = err
+		params.focus.errtxt = err
+		success = false
+	end
+	return success
+end
+
 local handleparameters = function(clientuserid, starttime, endtime, clientip, focus)
 	local result = {}
 	result.clientuserid = cfe({ value=clientuserid or "", label="User ID" })
@@ -958,7 +1028,7 @@ local handleparameters = function(clientuserid, starttime, endtime, clientip, fo
 	result.endtime = cfe({ value=endtime or "", label="End Time" })
 	result.clientip = cfe({ value=clientip or "", label="Client IP" })
 	result.window = cfe({ value=config.window or "5", label="Time Window" })
-	result.focus = cfe({ value=focus or "", label="Time Window" })
+	result.focus = cfe({ value=focus or "", label="Focus Time" })
 	return result
 end
 
@@ -969,11 +1039,16 @@ function getweblog(clientuserid, starttime, endtime, clientip, focus)
 	end
 	local result = handleparameters(clientuserid, starttime, endtime, clientip, focus)
 	result.log = cfe({ type="list", value={}, label="Weblog Access Log" })
-	local res, err = pcall(function()
-		databaseconnect(DatabaseUser)
-		result.log.value = listpubweblogentries(clientuserid, starttime, endtime, clientip) or {}
-		databasedisconnect()
-	end)
+	local success = validateparameters(result)
+	if success then
+		local res, err = pcall(function()
+			databaseconnect(DatabaseUser)
+			result.log.value = listpubweblogentries(clientuserid, starttime, endtime, clientip) or {}
+			databasedisconnect()
+		end)
+	else
+		err = "Invalid search parameters"
+	end
 	return cfe({ type="group", value=result, errtxt=err, label="Weblog Access Log" })
 end
 
@@ -984,11 +1059,16 @@ function getblocklog(clientuserid, starttime, endtime, clientip, focus)
 	end
 	local result = handleparameters(clientuserid, starttime, endtime, clientip, focus)
 	result.log = cfe({ type="list", value={}, label="Weblog Block Log" })
-	local res, err = pcall(function()
-		databaseconnect(DatabaseUser)
-		result.log.value = listpubblocklogentries(clientuserid, starttime, endtime, clientip) or {}
-		databasedisconnect()
-	end)
+	local success = validateparameters(result)
+	if success then
+		local res, err = pcall(function()
+			databaseconnect(DatabaseUser)
+			result.log.value = listpubblocklogentries(clientuserid, starttime, endtime, clientip) or {}
+			databasedisconnect()
+		end)
+	else
+		err = "Invalid search parameters"
+	end
 	return cfe({ type="group", value=result, errtxt=err, label="Weblog Block Log" })
 end
 
@@ -1048,9 +1128,8 @@ function getconfig()
 	return cfe({ type="group", value=result, label="Weblog Config" })
 end
 
-function updateconfig(newconfig)
+local function validateconfig(newconfig)
 	local success = modelfunctions.validateselect(newconfig.value.groupby)
-	-- Validating a timestamp is going to be tricky, how about using postgres?
 	if newconfig.value.window.value == "" then
 		newconfig.value.window.errtxt = "Cannot be blank"
 		success = false
@@ -1070,6 +1149,29 @@ function updateconfig(newconfig)
 		newconfig.value.historydays.errtxt = "Must be a number"
 		success = false
 	end 
+	local res, err = pcall(function()
+		databaseconnect(DatabaseUser)
+		local s
+		if newconfig.value.auditstart.value ~= "" then
+			s,newconfig.value.auditstart.errtxt = testdatabaseentry("TIMESTAMP", newconfig.value.auditstart.value)
+			success = success and s
+		end
+		if newconfig.value.auditend.value ~= "" then
+			s,newconfig.value.auditend.errtxt = testdatabaseentry("TIMESTAMP", newconfig.value.auditend.value)
+			success = success and s
+		end
+		databasedisconnect()
+	end)
+	if not res and err then
+		newconfig.value.auditstart.errtxt = err
+		newconfig.value.auditend.errtxt = err
+		success = false
+	end
+	return newconfig
+end
+
+function updateconfig(newconfig)
+	local success = validateconfig(newconfig)
 	if success then
 		configcontent = format.update_ini_file(configcontent, "", "auditstart", newconfig.value.auditstart.value)
 		configcontent = format.update_ini_file(configcontent, "", "auditend", newconfig.value.auditend.value)
author	Ted Trask <ttrask01@yahoo.com>	2009-08-28 14:59:58 +0000
committer	Ted Trask <ttrask01@yahoo.com>	2009-08-28 14:59:58 +0000
commit	138ae855953c6ba7dadd62a092d53feb46777579 (patch)
tree	35186954708fa0a56f130a78108b8b2f9f751857 /weblog-model.lua
parent	48a8fe99954ac0dc8ea9bd666fad1af3a97eb910 (diff)
download	acf-weblog-138ae855953c6ba7dadd62a092d53feb46777579.tar.bz2 acf-weblog-138ae855953c6ba7dadd62a092d53feb46777579.tar.xz