PageRenderTime 85ms CodeModel.GetById 34ms RepoModel.GetById 1ms app.codeStats 0ms

/plugins/contact-form-7-to-database-extension/CFDBFilterParser.php

https://gitlab.com/mattswann/launch-housing
PHP | 302 lines | 156 code | 32 blank | 114 comment | 35 complexity | 91155a739f322f6800e7eb9b017a6c11 MD5 | raw file
    

  1. <?php


    2. 

  2. /*


    3. 

  3.     "Contact Form to Database" Copyright (C) 2011-2012 Michael Simpson  (email : michael.d.simpson@gmail.com)


    4. 

  4. 


    5. 

  5.     This file is part of Contact Form to Database.


    6. 

  6. 


    7. 

  7.     Contact Form to Database is free software: you can redistribute it and/or modify


    8. 

  8.     it under the terms of the GNU General Public License as published by


    9. 

  9.     the Free Software Foundation, either version 3 of the License, or


    10. 

  10.     (at your option) any later version.


    11. 

  11. 


    12. 

  12.     Contact Form to Database is distributed in the hope that it will be useful,


    13. 

  13.     but WITHOUT ANY WARRANTY; without even the implied warranty of


    14. 

  14.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the


    15. 

  15.     GNU General Public License for more details.


    16. 

  16. 


    17. 

  17.     You should have received a copy of the GNU General Public License


    18. 

  18.     along with Contact Form to Database.


    19. 

  19.     If not, see <http://www.gnu.org/licenses/>.


    20. 

  20. */


    21. 

  21. 


    22. 

  22. include_once('CFDBEvaluator.php');


    23. 

  23. require_once('CFDBParserBase.php');


    24. 

  24. 


    25. 

  25. /**


    26. 

  26.  * Used to parse boolean expression strings like 'field1=value1&&field2=value2||field3=value3&&field4=value4'


    27. 

  27.  * Where logical AND and OR are represented by && and || respectively.


    28. 

  28.  * Individual expressions (like 'field1=value1') are of the form $name . $operator . $value where


    29. 

  29.  * $operator is any PHP comparison operator or '=' which is interpreted as '=='.


    30. 

  30.  * $value has a special case where if it is 'null' it is interpreted as the value null


    31. 

  31.  */


    32. 

  32. class CFDBFilterParser extends CFDBParserBase implements CFDBEvaluator {


    33. 

  33. 


    34. 

  34.     /**


    35. 

  35.      * @var array of arrays of string where the top level array is broken down on the || delimiters


    36. 

  36.      */


    37. 

  37.     var $tree;


    38. 

  38. 


    39. 

  39. 


    40. 

  40.     public function hasFilters() {


    41. 

  41.         return count($this->tree) > 0; // count is null-safe


    42. 

  42.     }


    43. 

  43. 


    44. 

  44.     public function getFilterTree() {


    45. 

  45.         return $this->tree;


    46. 

  46.     }


    47. 

  47. 


    48. 

  48.     /**


    49. 

  49.      * Parse a string with delimiters || and/or && into a Boolean evaluation tree.


    50. 

  50.      * For example: aaa&&bbb||ccc&&ddd would be parsed into the following tree,


    51. 

  51.      * where level 1 represents items ORed, level 2 represents items ANDed, and


    52. 

  52.      * level 3 represent individual expressions.


    53. 

  53.      * Array


    54. 

  54.      * (


    55. 

  55.      *     [0] => Array


    56. 

  56.      *         (


    57. 

  57.      *             [0] => Array


    58. 

  58.      *                 (


    59. 

  59.      *                     [0] => aaa


    60. 

  60.      *                     [1] => =


    61. 

  61.      *                     [2] => bbb


    62. 

  62.      *                 )


    63. 

  63.      *


    64. 

  64.      *         )


    65. 

  65.      *


    66. 

  66.      *     [1] => Array


    67. 

  67.      *         (


    68. 

  68.      *             [0] => Array


    69. 

  69.      *                 (


    70. 

  70.      *                     [0] => ccc


    71. 

  71.      *                     [1] => =


    72. 

  72.      *                     [2] => ddd


    73. 

  73.      *                 )


    74. 

  74.      *


    75. 

  75.      *             [1] => Array


    76. 

  76.      *                 (


    77. 

  77.      *                     [0] => eee


    78. 

  78.      *                     [1] => =


    79. 

  79.      *                     [2] => fff


    80. 

  80.      *                 )


    81. 

  81.      *


    82. 

  82.      *         )


    83. 

  83.      *


    84. 

  84.      * )


    85. 

  85.      * @param  $filterString string with delimiters && and/or ||


    86. 

  86.      * which each element being an array of strings broken on the && delimiter


    87. 

  87.      */


    88. 

  88.     public function parse($filterString) {


    89. 

  89.         $this->tree = array();


    90. 

  90.         $arrayOfORedStrings = $this->parseORs($filterString);


    91. 

  91.         foreach ($arrayOfORedStrings as $anANDString) {


    92. 

  92.             $arrayOfANDedStrings = $this->parseANDs($anANDString);


    93. 

  93.             $andSubTree = array();


    94. 

  94.             foreach ($arrayOfANDedStrings as $anExpressionString) {


    95. 

  95.                 $exprArray = $this->parseExpression($anExpressionString);


    96. 

  96.                 $count = count($exprArray);


    97. 

  97.                 if ($count > 0) {


    98. 

  98.                     $exprArray[0] = $this->parseValidFunction($exprArray[0]);


    99. 

  99.                     if ($count > 2) {


    100. 

  100.                         $exprArray[2] = $this->parseValidFunction($exprArray[2]);


    101. 

  101.                     } else if ($count > 1) {


    102. 

  102.                         // e.g. "field=" which can happen if it was "field=$_POST(field)" with no $_POST['field'] set


    103. 

  103.                         $exprArray[2] = null;


    104. 

  104.                     } else {


    105. 

  105.                         // Case of "function()" parse as if "function()==true"


    106. 

  106.                         $exprArray[1] = '==';


    107. 

  107.                         $exprArray[2] = true;


    108. 

  108.                     }


    109. 

  109. 


    110. 

  110.                     // if one side of the operation is a function and the other is 'true' or 'false'


    111. 

  111.                     // then convert to Boolean true or false which signals to not try to dereference


    112. 

  112.                     // true or false during evaluateComparison()


    113. 

  113.                     if (is_array($exprArray[0])) {


    114. 

  114.                         if ($exprArray[2] === 'true') {


    115. 

  115.                             $exprArray[2] = true;


    116. 

  116.                         } else if ($exprArray[2] === 'false') {


    117. 

  117.                             $exprArray[2] = false;


    118. 

  118.                         }


    119. 

  119.                     }


    120. 

  120.                     if (is_array($exprArray[2])) {


    121. 

  121.                         if ($exprArray[0] === 'true') {


    122. 

  122.                             $exprArray[0] = true;


    123. 

  123.                         }


    124. 

  124.                         if ($exprArray[0] === 'false') {


    125. 

  125.                             $exprArray[0] = false;


    126. 

  126.                         }


    127. 

  127.                     }


    128. 

  128.                 }


    129. 

  129.                 $andSubTree[] = $exprArray;


    130. 

  130.             }


    131. 

  131.             $this->tree[] = $andSubTree;


    132. 

  132.         }


    133. 

  133.     }


    134. 

  134. 


    135. 

  135.     /**


    136. 

  136.      * Parse a comparison expression into its three components


    137. 

  137.      * @param  $comparisonExpression string in the form 'value1' . 'operator' . 'value2' where


    138. 

  138.      * operator is a php comparison operator or '='


    139. 

  139.      * @return array of string [ value1, operator, value2 ]


    140. 

  140.      */


    141. 

  141.     public function parseExpression($comparisonExpression) {


    142. 

  142.         // Sometimes get HTML codes for greater-than and less-than; replace them with actual symbols


    143. 

  143.         $comparisonExpression = str_replace('&gt;', '>', $comparisonExpression);


    144. 

  144.         $comparisonExpression = str_replace('&lt;', '<', $comparisonExpression);


    145. 

  145.         return preg_split('/(===)|(==)|(=)|(!==)|(!=)|(<>)|(<=)|(<)|(>=)|(>)|(~~)/',


    146. 

  146.                 $comparisonExpression, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE);


    147. 

  147.     }


    148. 

  148. 


    149. 

  149.     /**


    150. 

  150.      * Evaluate expression against input data. Assumes parse was called to set up the expression to


    151. 

  151.      * evaluate. Expression should have key . operator . value tuples and input $data should have the same keys


    152. 

  152.      * with values to check against them.


    153. 

  153.      * For example, an expression in this object is 'name=john' and the input data has [ 'name' => 'john' ]. In


    154. 

  154.      * this case true is returned. if $data has [ 'name' => 'fred' ] then false is returned.


    155. 

  155.      * @param  $data array [ key => value]


    156. 

  156.      * @return boolean result of evaluating $data against expression tree


    157. 

  157.      */


    158. 

  158.     public function evaluate(&$data) {


    159. 

  159.         $this->setTimezone();


    160. 

  160. 


    161. 

  161.         $retVal = true;


    162. 

  162.         if ($this->tree) {


    163. 

  163.             $retVal = false;


    164. 

  164.             foreach ($this->tree as $andArray) { // loop each OR'ed $andArray


    165. 

  165.                 $andBoolean = true;


    166. 

  166.                 // evaluation the list of AND'ed comparison expressions


    167. 

  167.                 foreach ($andArray as $comparison) {


    168. 

  168.                     $andBoolean = $this->evaluateComparison($comparison, $data); //&& $andBoolean


    169. 

  169.                     if (!$andBoolean) {


    170. 

  170.                         break; // short-circuit AND expression evaluation


    171. 

  171.                     }


    172. 

  172.                 }


    173. 

  173.                 $retVal = $retVal || $andBoolean;


    174. 

  174.                 if ($retVal) {


    175. 

  175.                     break; // short-circuit OR expression evaluation


    176. 

  176.                 }


    177. 

  177.             }


    178. 

  178.         }


    179. 

  179.         return $retVal;


    180. 

  180.     }


    181. 

  181. 


    182. 

  182.     public function evaluateComparison($andExpr, &$data) {


    183. 

  183.         if (is_array($andExpr) && count($andExpr) == 3) {


    184. 

  184.             // $andExpr = [$left $op $right]


    185. 

  185. 


    186. 

  186.             // Left operand


    187. 

  187.             $left = $andExpr[0];


    188. 

  188.             // Boolean type means it was set in parse in response


    189. 

  189.             // to a filter like "function(x)" that was turned into an expression


    190. 

  190.             // like "function(x) === true"


    191. 

  191.             if ($left !== true && $left !== false) {


    192. 

  192.                 if (is_array($left)) { // function call


    193. 

  193.                     $left = $this->functionEvaluator->evaluateFunction($left, $data);


    194. 

  194.                 } else {


    195. 

  195.                     $left = $this->functionEvaluator->preprocessValues($left);


    196. 

  196.                     // Dereference $left assuming it is the name of a form field


    197. 

  197.                     // and set it to the value of the field. When not found make it null


    198. 

  198.                     $left = isset($data[$left]) ? $data[$left] : null;


    199. 

  199.                 }


    200. 

  200.             }


    201. 

  201. 


    202. 

  202.             // Operator


    203. 

  203.             $op = $andExpr[1];


    204. 

  204. 


    205. 

  205.             // Right operand


    206. 

  206.             $right = $andExpr[2];


    207. 

  207.             if (is_array($right)) { // function call


    208. 

  208.                 $right = $this->functionEvaluator->evaluateFunction($right, $data);


    209. 

  209.             } else {


    210. 

  210.                 $right = $this->functionEvaluator->preprocessValues($right);


    211. 

  211.             }


    212. 

  212. 


    213. 

  213.             if ($andExpr[0] === 'submit_time') {


    214. 

  214.                 if (!is_numeric($right)) {


    215. 

  215.                     $right = strtotime($right);


    216. 

  216.                 }


    217. 

  217.             }


    218. 

  218. 


    219. 

  219.             if ($left === null && $right === null) {


    220. 

  220.                 // Addresses case where 'Submitted Login' = $user_login but there exist some submissions


    221. 

  221.                 // with no 'Submitted Login' field. Without this clause, those rows where 'Submitted Login' == null


    222. 

  222.                 // would be returned when what we really want to is affirm that there is a 'Submitted Login' value ($left)


    223. 

  223.                 // But we want to preserve the correct behavior for the case where 'field'=null is the constraint.


    224. 

  224.                 return false;


    225. 

  225.             }


    226. 

  226.             return $this->evaluateLeftOpRightComparison($left, $op, $right);


    227. 

  227.         }


    228. 

  228.         return false;


    229. 

  229.     }


    230. 

  230. 


    231. 

  231.     /**


    232. 

  232.      * @param  $left mixed


    233. 

  233.      * @param  $operator string representing any PHP comparison operator or '=' which is taken to mean '=='


    234. 

  234.      * @param  $right $mixed. SPECIAL CASE: if it is the string 'null' it is taken to be the value null


    235. 

  235.      * @return bool evaluation of comparison $left $operator $right


    236. 

  236.      */


    237. 

  237.     public function evaluateLeftOpRightComparison($left, $operator, $right) {


    238. 

  238.         if ($right === 'null') {


    239. 

  239.             // special case


    240. 

  240.             $right = null;


    241. 

  241.         }


    242. 

  242. 


    243. 

  243.         // Try to do numeric comparisons when possible


    244. 

  244.         if (is_numeric($left) && is_numeric($right)) {


    245. 

  245.             $left = (float)$left;


    246. 

  246.             $right = (float)$right;


    247. 

  247.         }


    248. 

  248. 


    249. 

  249.         // Could do this easier with eval() but since this text ultimately


    250. 

  250.         // comes form a shortcode's user-entered attributes, I want to avoid a security hole


    251. 

  251.         $retVal = false;


    252. 

  252.         switch ($operator) {


    253. 

  253.             case '=' :


    254. 

  254.             case '==':


    255. 

  255.                 $retVal = $left == $right;


    256. 

  256.                 break;


    257. 

  257. 


    258. 

  258.             case '===':


    259. 

  259.                 $retVal = $left === $right;


    260. 

  260.                 break;


    261. 

  261. 


    262. 

  262.             case '!=':


    263. 

  263.                 $retVal = $left != $right;


    264. 

  264.                 break;


    265. 

  265. 


    266. 

  266.             case '!==':


    267. 

  267.                 $retVal = $left !== $right;


    268. 

  268.                 break;


    269. 

  269. 


    270. 

  270.             case '<>':


    271. 

  271.                 $retVal = $left <> $right;


    272. 

  272.                 break;


    273. 

  273. 


    274. 

  274.             case '>':


    275. 

  275.                 $retVal = $left > $right;


    276. 

  276.                 break;


    277. 

  277. 


    278. 

  278.             case '>=':


    279. 

  279.                 $retVal = $left >= $right;


    280. 

  280.                 break;


    281. 

  281. 


    282. 

  282.             case '<':


    283. 

  283.                 $retVal = $left < $right;


    284. 

  284.                 break;


    285. 

  285. 


    286. 

  286.             case '<=':


    287. 

  287.                 $retVal = $left <= $right;


    288. 

  288.                 break;


    289. 

  289. 


    290. 

  290.             case '~~':


    291. 

  291.                 $retVal = @preg_match($right, $left) > 0;


    292. 

  292.                 break;


    293. 

  293. 


    294. 

  294.             default:


    295. 

  295.                 trigger_error("Invalid operator: '$operator'", E_USER_NOTICE);


    296. 

  296.                 break;


    297. 

  297.         }


    298. 

  298. 


    299. 

  299.         return $retVal;


    300. 

  300.     }


    301. 

  301. 


    302. 

  302. }


    303. 

  303.