From c8450a736de2728738e8a1ea844a0eb423f30f9e Mon Sep 17 00:00:00 2001
From: Suhendi <suhendi999@gmail.com>
Date: Sat, 1 Feb 2020 13:00:56 +0700
Subject: [PATCH] Add validation to biodata via regex

---
 controller/Account/RegisterController.php |  5 +++++
 controller/BiodataController.php          | 16 ++++++++++++++++
 controller/EditController.php             |  6 ++++++
 3 files changed, 27 insertions(+)

diff --git a/controller/Account/RegisterController.php b/controller/Account/RegisterController.php
index 0e234c1..41a92e1 100644
--- a/controller/Account/RegisterController.php
+++ b/controller/Account/RegisterController.php
@@ -3,6 +3,7 @@ namespace JLAS\Book\Controller\Account;
 use \JLAS\Book\Controller\BaseController;
 use \JLAS\Book\Model as Model;
 use \JLAS\Book\Entity as Entity;
+use JLAS\Book\Controller\BiodataController as BiodataController;
 
 class RegisterController extends BaseController {
 
@@ -28,6 +29,10 @@ class RegisterController extends BaseController {
                     "address" => escapeHTML($this->getArg('address')),
                     "phone" => escapeHTML($this->getArg('phone')),
                 ));
+                if (!BiodataController::validate($biodata)) {
+                    $this->setResponse(400);
+                    return;
+                }
                 try {
                     // Create user.
                     $user = new Entity\AccountEntity(array(
diff --git a/controller/BiodataController.php b/controller/BiodataController.php
index 4f59995..28f5901 100644
--- a/controller/BiodataController.php
+++ b/controller/BiodataController.php
@@ -6,6 +6,22 @@ use \JLAS\Book\Entity as Entity;
 
 class BiodataController extends BaseController {
 
+    static $username_pattern = '^\w{5,20}$';
+    static $phone_pattern = '^\d{9,12}$';
+
+    public static function validate($biodata) {
+        if (!filter_var($biodata->email, FILTER_VALIDATE_EMAIL)) {
+            return false;
+        }
+        if (!preg_match($username_pattern, $biodata->username)) {
+            return false;
+        }
+        if (!preg_match($phone_pattern, $biodata->phone)) {
+            return false;
+        }
+        return true;
+    }
+
     /**
      * Get the data needed for this controller.
      * @return array data passed to the view.
diff --git a/controller/EditController.php b/controller/EditController.php
index 6d917d7..8b56d9f 100644
--- a/controller/EditController.php
+++ b/controller/EditController.php
@@ -3,6 +3,7 @@ namespace JLAS\Book\Controller;
 use \JLAS\Book\Controller\BaseController;
 use \JLAS\Book\Model as Model;
 use \JLAS\Book\Entity as Entity;
+use JLAS\Book\Controller\BiodataController as BiodataController;
 
 class EditController extends BaseController {
 
@@ -50,6 +51,11 @@ class EditController extends BaseController {
                 $biodata->name = escapeHTML($this->getArg('name'));
                 $biodata->address = escapeHTML($this->getArg('address'));
                 $biodata->phone = escapeHTML($this->getArg('phone'));
+
+                if (!BiodataController::validate($biodata)) {
+                    $this->setResponse(400);
+                    return;
+                }
                 
                 //Update profile picture
                 if (isset($image_id)) {
-- 
GitLab