use Exporter;
use Carp qw(carp cluck croak confess);
use File::CounterFile;
+use Locale::Country;
use DBIx::DBSchema;
-use FS::UID qw(dbh checkruid swapuid getotaker datasrc driver_name);
+use FS::UID qw(dbh checkruid getotaker datasrc driver_name);
@ISA = qw(Exporter);
@EXPORT_OK = qw(dbh fields hfields qsearch qsearchs dbdef);
$value = $record->ut_alpha('column');
$value = $record->ut_alphan('column');
$value = $record->ut_phonen('column');
- $value = $record->ut_anythingn('column');
+ $value = $record->ut_anything('column');
+ $value = $record->ut_name('column');
$dbdef = reload_dbdef;
$dbdef = reload_dbdef "/non/standard/filename";
$sth->execute( map $record->{$_},
grep defined( $record->{$_} ) && $record->{$_} ne '', @fields
- ) or croak $dbh->errstr;
+ ) or croak "Error executing \"$statement\": ". $dbh->errstr;
$dbh->commit or croak $dbh->errstr if $FS::UID::AutoCommit;
if ( eval 'scalar(@FS::'. $table. '::ISA);' ) {
#warn "table $table is tainted" if is_tainted($table);
#warn "field $field is tainted" if is_tainted($field);
- &swapuid;
my($counter) = new File::CounterFile "$table.$field",0;
# hack for web demo
# getotaker() =~ /^([\w\-]{1,16})$/ or die "Illegal CGI REMOTE_USER!";
my($index)=$counter->inc;
$index=$counter->inc
while qsearchs($table,{$field=>$index}); #just in case
- &swapuid;
$index =~ /^(\d*)$/;
$index=$1;
my $phonen = $self->getfield($field);
if ( $phonen eq '' ) {
$self->setfield($field,'');
- } elsif ( $country eq 'US' ) {
+ } elsif ( $country eq 'US' || $country eq 'CA' ) {
$phonen =~ s/\D//g;
$phonen =~ /^(\d{3})(\d{3})(\d{4})(\d*)$/
or return "Illegal (phone) $field: ". $self->getfield($field);
$self->setfield($field,$phonen);
} else {
warn "don't know how to check phone numbers for country $country";
- return $self->ut_alphan($field);
+ return $self->ut_textn($field);
}
'';
}
'';
}
+=item ut_name COLUMN
+
+Check/untaint proper names; allows alphanumerics, spaces and the following
+punctuation: , . - '
+
+May not be null.
+
=cut
+sub ut_name {
+ my( $self, $field ) = @_;
+ $self->getfield($field) =~ /^([\w \,\.\-\']+)$/
+ or return "Illegal (name) $field: ". $self->getfield($field);
+ $self->setfield($field,$1);
+ '';
+}
+
+=item ut_zip COLUMN
+
+Check/untaint zip codes.
+
+=cut
+
+sub ut_zip {
+ my( $self, $field, $country ) = @_;
+ if ( $country eq 'US' ) {
+ $self->getfield($field) =~ /\s*(\d{5}(\-\d{4})?)\s*$/
+ or return "Illegal (zip) $field for country $country: ".
+ $self->getfield($field);
+ $self->setfield($field,$1);
+ } else {
+ $self->getfield($field) =~ /^\s*(\w[\w\-\s]{2,8}\w)\s*$/
+ or return "Illegal (zip) $field: ". $self->getfield($field);
+ $self->setfield($field,$1);
+ }
+ '';
+}
+
+=item ut_country COLUMN
+
+Check/untaint country codes. Country names are changed to codes, if possible -
+see L<Locale::Country>.
+
+=cut
+
+sub ut_country {
+ my( $self, $field ) = @_;
+ unless ( $self->getfield($field) =~ /^(\w\w)$/ ) {
+ if ( $self->getfield($field) =~ /^([\w \,\.\(\)\']+)$/
+ && country2code($1) ) {
+ $self->setfield($field,uc(country2code($1)));
+ }
+ }
+ $self->getfield($field) =~ /^(\w\w)$/
+ or return "Illegal (country) $field: ". $self->getfield($field);
+ $self->setfield($field,uc($1));
+ '';
+}
+
=item ut_anything COLUMN
Untaints arbitrary data. Be careful.
sub ut_anything {
my($self,$field)=@_;
- $self->getfield($field) =~ /^(.*)$/
+ $self->getfield($field) =~ /^(.*)$/s
or return "Illegal $field: ". $self->getfield($field);
$self->setfield($field,$1);
'';
=head1 VERSION
-$Id: Record.pm,v 1.18 2001-07-30 07:33:08 ivan Exp $
+$Id: Record.pm,v 1.26 2001-08-31 09:20:35 ivan Exp $
=head1 BUGS
The Pg money kludge in the new method only strips `$'.
-The ut_phonen method assumes US-style phone numbers.
+The ut_phonen method only checks US-style phone numbers.
The _quote function should probably use ut_float instead of a regex.
or allow it to be set. Working around it is ugly any way around - DBI should
be fixed. (only affects RDBMS which return uppercase column names)
+ut_zip should take an optional country like ut_phone.
+
=head1 SEE ALSO
L<DBIx::DBSchema>, L<FS::UID>, L<DBI>