MDL-76525 mod_data: Add param validation for data fields

laurentdavid · Jan 18, 2023 · 4f4fbea · 4f4fbea
1 parent 5dbac07
commit 4f4fbea
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 5 deletions.
diff --git a/mod/data/field.php b/mod/data/field.php
@@ -134,6 +134,13 @@
                 $type = required_param('type', PARAM_FILE);
                 $field = data_get_field_new($type, $data);
 
+                if (!empty($validationerrors = $field->validate($fieldinput))) {
+                    $displaynoticebad = html_writer::alist($validationerrors);
+                    $mode = 'new';
+                    $newtype = $type;
+                    break;
+                }
+
                 $field->define_field($fieldinput);
                 $field->insert_field();
 
@@ -161,6 +168,11 @@
 
             /// Create a field object to collect and store the data safely
                 $field = data_get_field_from_id($fid, $data);
+                if (!empty($validationerrors = $field->validate($fieldinput))) {
+                    $displaynoticebad = html_writer::alist($validationerrors);
+                    $mode = 'display';
+                    break;
+                }
                 $oldfieldname = $field->field->name;
 
                 $field->field->name = $fieldinput->name;

diff --git a/mod/data/field/picture/field.class.php b/mod/data/field/picture/field.class.php
@@ -137,6 +137,29 @@ function display_add_field($recordid = 0, $formdata = null) {
         return $str;
     }
 
+    /**
+     * Validate the image field type parameters.
+     *
+     * This will check for valid numeric values in the width and height fields.
+     *
+     * @param stdClass $fieldinput the field input data
+     * @return array array of error messages if width or height parameters are not numeric
+     * @throws coding_exception
+     */
+    public function validate(stdClass $fieldinput): array {
+        $errors = [];
+        // These are the params we have to check if they are numeric, because they represent width and height of the image
+        // in single and list view.
+        $widthandheightparams = ['param1', 'param2', 'param4', 'param5'];
+
+        foreach ($widthandheightparams as $param) {
+            if (!empty($fieldinput->$param) && !is_numeric($fieldinput->$param)) {
+                $errors[$param] = get_string('error_invalid' . $param, 'datafield_picture');
+            }
+        }
+        return $errors;
+    }
+
     // TODO delete this function and instead subclass data_field_file - see MDL-16493
 
     function get_file($recordid, $content=null) {
@@ -317,7 +340,7 @@ function update_thumbnail($content, $file) {
                              'filename'=>'thumb_'.$file->get_filename(), 'userid'=>$file->get_userid());
         try {
             // this may fail for various reasons
-            $fs->convert_image($file_record, $file, $this->field->param4, $this->field->param5, true);
+            $fs->convert_image($file_record, $file, (int) $this->field->param4, (int) $this->field->param5, true);
             return true;
         } catch (Exception $e) {
             debugging($e->getMessage());

diff --git a/mod/data/field/picture/lang/en/datafield_picture.php b/mod/data/field/picture/lang/en/datafield_picture.php
@@ -26,5 +26,9 @@
 
 $string['pluginname'] = 'Image';
 $string['fieldtypelabel'] = 'Image';
+$string['error_invalidparam1'] = 'Width in single view needs to be a numeric value.';
+$string['error_invalidparam2'] = 'Height in single view needs to be a numeric value.';
+$string['error_invalidparam4'] = 'Width in list view needs to be a numeric value.';
+$string['error_invalidparam5'] = 'Height in list view needs to be a numeric value.';
 $string['privacy:metadata'] = 'The Image field component doesn\'t store any personal data; it uses tables defined in mod_data.';
 $string['sample'] = 'Image description placeholder';
diff --git a/mod/data/field/picture/mod.html b/mod/data/field/picture/mod.html
@@ -20,27 +20,27 @@
         <td class="c0"><label for="param1">
             <?php echo get_string('fieldwidthsingleview', 'data');?></label></td>
         <td class="c1">
-            <input class="picturefieldsize" type="text" name="param1" id="param1" value="<?php if (!empty($this->field->param1)) p($this->field->param1); ?>" />
+            <input class="picturefieldsize" type="number" name="param1" id="param1" value="<?php if (!empty($this->field->param1)) p($this->field->param1); ?>" />
         </td>
     </tr>
     <tr>
         <td class="c0"><label for="param2">
             <?php echo get_string('fieldheightsingleview', 'data');?></label></td>
         <td class="c1">
-            <input class="picturefieldsize" type="text" name="param2" id="param2" value="<?php if (!empty($this->field->param2)) p($this->field->param2); ?>" />
+            <input class="picturefieldsize" type="number" name="param2" id="param2" value="<?php if (!empty($this->field->param2)) p($this->field->param2); ?>" />
         </td>
     </tr>
     <tr>
         <td class="c0"><label for="param4">
             <?php echo get_string('fieldwidthlistview', 'data');?></label></td>
-        <td class="c1"><input class="picturefieldsize" type="text" name="param4" id="param4" value="<?php if (!empty($this->field->param4)) p($this->field->param4); ?>" />
+        <td class="c1"><input class="picturefieldsize" type="number" name="param4" id="param4" value="<?php if (!empty($this->field->param4)) p($this->field->param4); ?>" />
         </td>
     </tr>
     <tr>
         <td class="c0"><label for="param5">
             <?php echo get_string('fieldheightlistview', 'data');?></label></td>
         <td class="c1">
-            <input class="picturefieldsize" type="text" name="param5" id="param5" value="<?php if (!empty($this->field->param5)) p($this->field->param5); ?>" />
+            <input class="picturefieldsize" type="number" name="param5" id="param5" value="<?php if (!empty($this->field->param5)) p($this->field->param5); ?>" />
         </td>
     </tr>
     <tr>

diff --git a/mod/data/lib.php b/mod/data/lib.php
@@ -451,6 +451,19 @@ function display_edit_field() {
         echo $OUTPUT->box_end();
     }
 
+    /**
+     * Validates params of fieldinput data. Overwrite to validate fieldtype specific data.
+     *
+     * You are expected to return an array like ['paramname' => 'Error message for paramname param'] if there is an error,
+     * return an empty array if everything is fine.
+     *
+     * @param stdClass $fieldinput The field input data to check
+     * @return array $errors if empty validation was fine, otherwise contains one or more error messages
+     */
+    public function validate(stdClass $fieldinput): array {
+        return [];
+    }
+
     /**
      * Return the data_content of the field, or generate it if it is in preview mode.
      *

diff --git a/mod/data/upgrade.txt b/mod/data/upgrade.txt
@@ -1,6 +1,10 @@
 This files describes API changes in /mod/data - plugins,
 information provided here is intended especially for developers.
 
+== 4.2 ==
+* The field base class now has a method validate(). Overwrite it in the field type to provide validation of field type's
+  parameters in the field add/modify form.
+
 === 4.1 ===
 * The method data_view is now deprecated. Use $maganer->set_module_viewed instead.
 * The data_print_template function is now deprecated and replaced by mod_data\template class.