search

Wixel / GUMP

A fast, extensible & stand-alone PHP input validation class that allows you to validate any data
https://wixelhq.com
MIT License
1.17k stars 341 forks source link

The problem with filtering nested properties #343

Open tuner7777 opened 1 year ago

tuner7777 commented 1 year ago

The methods filter and filter_rules do not work with nested properties. For example, the code below, the filter_rules method will ignore filters for nested properties.

$data = [
    'id'       => '1',
    'username' => ' testuser123',
    'email'    => ' mail@example.com',
    'person'   => [
        'name'      => ' <script>log();</script> Test',
        'promocode' => 'test_CODE'
    ]
];

$gump           = new GUMP();
$gump->validation_rules( [
    'id'               => [ 'required', 'integer' ],
    'username'         => [ 'required', 'alpha_numeric' ],
    'email'            => [ 'required', 'valid_email' ],
    'person.name'      => [ 'required' ],
    'person.promocode' => [ 'required', 'alpha_numeric_dash' ],
] );
$gump->filter_rules( [
    'id'               => [ 'whole_number' ],
    'username'         => [ 'trim' ],
    'email'            => [ 'trim' ],
    'person.name'      => [ 'trim', 'sanitize_string' ],
    'person.promocode' => [ 'trim', 'sanitize_string', 'upper_case' ],
] );

$valid_data = $gump->run( $data );

if ( $gump->errors() ) {
    var_dump( $gump->get_errors_array() );
} else {
    var_dump( $valid_data );
}

Result:

array(4) {
  ["id"]=>
  int(1)
  ["username"]=>
  string(11) "testuser123"
  ["email"]=>
  string(16) "mail@example.com"
  ["person"]=>
  array(2) {
    ["name"]=>
    string(29) " <script>log();</script> Test"
    ["promocode"]=>
    string(9) "test_CODE"
  }
}

The expected behavior is that the nested property person.promocode should be transformed to uppercase, and in the person.name property, all spaces and <script> tags should be removed.