XF 2.1 Filtering variables?

Dannymh

Dannymh

Active member
Hi,

I am using preg_match to get certain parts of a thread title in order to make activate a specific section of my plugin, these variables are then used in a query to obtain other information. Because a user can change the thread title to whatever they want, there is a slight chance that they could enter something that I don't want them to here and you know how the rest goes.

What I want to do is get the Matches and filter them to make sure they are int's so that they cant altered. Usually I could just cast this in raw PHP but wondering if using filter would be better. In XF 1 we had the rawFilter but I cant seem to find that in XF2.

For clarity the title is entered as

"Thread Title [Round 1, 2020]"

I then use the following code to obtain what I need
Code: 
preg_match( '/\[(Round)\s(.+),\s(.+)\]/', $thread->title, $match );
if($match)
 {

}

Really I only need $match[2] and $match[3] which in this case should be "1" and "2020", probably a better regular expression that I could write but that one was hard enough.

Should I just be casting these as Int's, filtering them or is there a better method altogether since all I want is the round number and the year

Dan
 
That regular expression is fine but it would also match something like:

[Round ABC, XYZ]

This is slightly better assuming that the round and year should always be numeric:
Code: 
/\[Round\s(\d+),\s(\d+)]/
\d matches only 0-9. There are also no brackets around “Round” because you don’t need to capture it (this means the round number is now $match[1] and the year is now $match[2]).

A minor point but you only need to escape the first square bracket. If you do that the second one is unmatched so it doesn’t need escaping.

As for filtering, we already know that the regex will only capture numbers so it is now safe to just run $match[1] and $match[2] through a simple PHP intval and that should be all you need to do.
 
Chris D said:
That regular expression is fine but it would also match something like:

[Round ABC, XYZ]

This is slightly better assuming that the round and year should always be numeric:
Code: 
/\[Round\s(\d+),\s(\d+)]/
\d matches only 0-9. There are also no brackets around “Round” because you don’t need to capture it (this means the round number is now $match[1] and the year is now $match[2]).

A minor point but you only need to escape the first square bracket. If you do that the second one is unmatched so it doesn’t need escaping.

As for filtering, we already know that the regex will only capture numbers so it is now safe to just run $match[1] and $match[2] through a simple PHP intval and that should be all you need to do.
Click to expand...
Perfect thank you
 
You must log in or register to reply here.

Similar threads

O
Fixed Attachments filtering does not work properly
Replies
15
Views
179
XF Bug Bot
XF Bug Bot
E
  • Question Question
XF 2.2 Trying to identify custom user field variables
Replies
2
Views
273
EchoRomeo
E
asprin
  • Solved
XF 2.2 Access $config variables in a Controller?
Replies
1
Views
27
Chris D
Chris D
Miyevan
XF 2.3 Variable to get total forums in a category?
Replies
2
Views
39
Miyevan
Miyevan
JBS
  • Question Question
XF 2.2 Adding member email address to an email using variables
Replies
1
Views
230
JBS
JBS
Back
Top Bottom