Add secureData method and options

aetiom · aetiom · commit 75106937acb5 · 2018-12-11T15:25:14.000+01:00
diff --git a/config/config.php b/config/config.php
@@ -25,5 +25,11 @@
      * @var integer sent_email_ttl : Sent email time to live in days. 
      * After that TTL, a sent email can be trashed/flushed.
      */
-    'sent_email_ttl' => 390
+    'sent_email_ttl' => 390,
+    
+    /**
+     * @var boolean secure_data : Secure raw data before inserting it into database
+     * (doing a pdo quote on all external stored datas)
+     */
+    'secure_data' => true
 ];
diff --git a/src/classes/modeles/AbstrModeles.php b/src/classes/modeles/AbstrModeles.php
@@ -49,6 +49,26 @@ public function create_table($table_map_query)
     
     
     
+    /**
+     * Secure Data before inserting it into database
+     * 
+     * @param string  $data : data value
+     * @param string  $type : data type (integer, boolean, email)
+     * @param boolean $html : use htmlentities
+     * 
+     * @return mixed data value formated and secured
+     */
+    protected function secureData($data, $type='', $html=false)
+    {
+        if ($this->secure_data) {
+            return \BfwMailer\Helpers\Secure::secureData($data, $type, $html);
+        }
+        
+        return $data;
+    }
+    
+    
+    
     /**
      * Fetching, verifying and returning data on a Sql Fetch
      * 
diff --git a/src/classes/modeles/Content.php b/src/classes/modeles/Content.php
@@ -55,10 +55,10 @@ public function create_table($table_map_query = null)
     public function search($subject, $body, $alt_body, $attachments)
     {
         $req = $this->select()->from($this->tableName, '*')
-                ->where(self::DB_SUBJECT.    '=:sub',  array(':sub'  => $subject))
-                ->where(self::DB_BODY.       '=:body', array(':body' => $body))
-                ->where(self::DB_ALT_BODY.   '=:altb', array(':altb' => $alt_body))
-                ->where(self::DB_ATTACHMENTS.'=:att',  array(':att'  => $attachments))
+                ->where(self::DB_SUBJECT.    '=:sub',  array(':sub'  => $this->secureData($subject)))
+                ->where(self::DB_BODY.       '=:body', array(':body' => $this->secureData($body, '', true)))
+                ->where(self::DB_ALT_BODY.   '=:altb', array(':altb' => $this->secureData($alt_body)))
+                ->where(self::DB_ATTACHMENTS.'=:att',  array(':att'  => $this->secureData($attachments)))
                 ->limit(1);
         $result = $this->fetch_sql($req, 'fetchRow');
         
@@ -83,10 +83,10 @@ public function search($subject, $body, $alt_body, $attachments)
     public function add($subject, $body, $alt_body, $attachments)
     {
         $content = array(
-            self::DB_SUBJECT     => $subject,
-            self::DB_BODY        => \BfwMailer\Helpers\Secure::secureData($body, 'string', true),
-            self::DB_ALT_BODY    => $alt_body,
-            self::DB_ATTACHMENTS => $attachments
+            self::DB_SUBJECT     => $this->secureData($subject),
+            self::DB_BODY        => $this->secureData($body, '', true),
+            self::DB_ALT_BODY    => $this->secureData($alt_body),
+            self::DB_ATTACHMENTS => $this->secureData($attachments)
         );
         
         $req = $this->insert()->into($this->tableName, $content)->execute();
