From 37d21ee6c317e68eb44c21ebab3074f0caf70432 Mon Sep 17 00:00:00 2001
From: Pierre <pierre@hubert.fr>
Date: Tue, 17 Apr 2018 14:17:13 +0200
Subject: [PATCH] Can get and check a user domain directory validity from a
 $_POST request

---
 functions/requests.php | 43 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/functions/requests.php b/functions/requests.php
index 6716c60..f3d583d 100644
--- a/functions/requests.php
+++ b/functions/requests.php
@@ -444,4 +444,47 @@ function save_post_image(string $fieldName, int $userID, string $folder, int $ma
 	//Return image path
 	return $target_file_path;
 
+}
+
+/**
+ * Check a user directory validity
+ * 
+ * @param string $directory The directory to check
+ * @return bool TRUE if the domain seems to be valid / FALSE else
+ */
+function checkUserDirectoryValidity(string $directory) : bool {
+	
+	//Check domain length
+	if(strlen($directory) < 4)
+		return FALSE;
+	
+	//Check if the domain contains forbidden characters
+	if(str_replace(array(".html", ".txt", ".php", "à", "â", "é", "ê", "@", "/", "\"", "'", '"'), "", $directory) != $directory)
+		return FALSE;
+
+	//If we get there, the domain is valid
+	return TRUE;
+}
+
+/**
+ * Get a user post directory from a $_POST request and transform it to make it SQL-safe
+ * 
+ * @param string $name The name of the $_POST Request
+ * @return string The user virtual directory, safe for saving
+ * @throws RESTException If the directory is missing, or invalid
+ */
+function getPostUserDirectory(string $name) : string {
+
+	//Check if the $_POST variable exists or not
+	if(!isset($_POST[$name]))
+		Rest_fatal_error(400, "Please specify a user directory in '".$name."'!");
+	$directory = (string) $_POST[$name];
+
+	//Check domain validity
+	if(!checkUserDirectoryValidity($directory))
+		Rest_fatal_error(401, "Specified directory seems to be invalid!");
+	
+	//Return the directory
+	return $name;
+
 }
\ No newline at end of file