Get a post movie ID securely

This commit is contained in:
Pierre 2018-01-06 19:03:26 +01:00
parent 9546895a4d
commit 5a75165082
2 changed files with 55 additions and 0 deletions

View File

@ -54,6 +54,16 @@ class Movies {
} }
/**
* Check whether a movie specified by its ID exists or not
*
* @param int $movieID The ID of the movie to check
* @return bool TRUE if the movie exists / false else
*/
function exist(int $movieID) : bool {
return CS::get()->db->count($this::MOVIES_TABLE, "WHERE ID = ?", array($movieID)) > 0;
}
/** /**
* Parse a video informations * Parse a video informations
* *

View File

@ -212,6 +212,30 @@ function getPostPostID(string $name = "postID") : int {
return $postID; return $postID;
} }
/**
* Get the ID of a movie in a rest request
*
* @param string $name Optionnal, the name of the post ID field
* @return int $movieID The ID of the movie
*/
function getPostMovieId(string $name = "movieID") : int {
//Get movieID
if(!isset($_POST[$name]))
Rest_fatal_error(400, "Excepted movie ID in '".$name."' !");
$movieID = toInt($_POST[$name]);
//Check movie ID validity
if($movieID < 1)
Rest_fatal_error(400, "Invalid movie ID in '".$name."' !");
//Check if the movie exists
if(!CS::get()->components->movies->exist($movieID))
Rest_fatal_error(404, "Specified movie does not exists!");
return $movieID;
}
/** /**
* Check the validity of an file posted in a request * Check the validity of an file posted in a request
* *
@ -235,3 +259,24 @@ function check_post_file(string $name) : bool {
return true; return true;
} }
/**
* Check the validity of a Youtube video ID
*
* @param string $id The ID of the YouTube video
* @return bool True if the ID is valid / false else
*/
function check_youtube_id(string $id) : bool {
//Check length
if(strlen($id) < 5)
return FALSE;
//Check for illegal characters
if($id !== str_replace(array("/", "\\", "@", "&", "?", ".", "'", '"'), "", $id))
return FALSE;
//The video is considered as valid
return TRUE;
}