We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Problem validating textarea data with regular expression | Forum

Ilhan Mullier
Ilhan Mullier Mar 20 '15
Hello,

I'm making an Oxwall plugin, I created a form with textarea in a new class like this :

class LAVSMS_CLASS_SmsSendForm extends Form
{  
    public function __construct($name)
    {  
        parent::__construct($name);
      
        $this->fieldMessage = new Textarea('message');
        $this->fieldMessage->setLabel(OW::getLanguage()->text( 'lavsms', 'send_form_message' ));
        $this->fieldMessage->setRequired();
        $this->addElement($this->fieldMessage);
      
        $this->fieldRecipients = new CheckboxGroup('recipients');
        $this->fieldRecipients->setLabel(OW::getLanguage()->text( 'lavsms', 'send_form_recipients' ));
        $this->fieldRecipients->setRequired();
        $this->addElement($this->fieldRecipients);
      
        $this->submit = new Submit('send');
        $this->submit->setValue(OW::getLanguage()->text( 'lavsms', 'send' ));
        $this->addElement($this->submit);
    }
}

In my controller, I call the class like this :

$sendForm = new LAVSMS_CLASS_SmsSendForm('sendForm');      
        $sendForm->fieldRecipients->addOption( 'followers', OW::getLanguage()->text('lavsms', 'send_form_followers') );
        $sendForm->fieldRecipients->addOption( 'followersEteq', OW::getLanguage()->text('lavsms', 'send_form_followersEteq') );
        $this->addForm($sendForm);

And display the form in html file like this:

{form name='sendForm'}
    <table class="ow_table_1 ow_form ow_automargin" style="width: 80%;">
       <tr class="ow_alt1 ow_tr_first">
            <td class="ow_label">{label name='recipients'}</td>
            <td class="ow_value">{input name='recipients'}{error name='recipients'}</td>
        </tr>
       <tr class="ow_alt2">
            <td class="ow_label">{label name='message'}</td>
            <td class="ow_value">{input name='message'}{error name='message'}</td>
        </tr>
    </table>
    <div class="clearfix ow_stdmargin ow_automargin" style="width: 500px;">
        <div class="ow_right">{submit name='send' class='ow_button ow_ic_right_arrow2'}</div>
    </div>
    {/form}

When the form is posted, I try to check the message field data with a regex like this :

if ( OW::getRequest()->isPost() )
        {
            if ( $sendForm->isValid($_POST) )
            {
                $data = $sendForm->getValues();

                $messagePattern = '/^[0-9A-Za-zÄÖÜѧàèé@&_ \/+,:;.!?\"\'\n*()<>=-]{1,100}$/';
              
                if (preg_match($messagePattern, htmlspecialchars($data['message'])))
                {
                    $message = htmlspecialchars($data['message']);
                }
            }
        }

But the last steps does not work. When I input a special character (ÄÖÜѧàèé)
 or a new line (\n) in the message field preg_match() systematicaly returns "false".
I tested my regex on two WEB testers like https://regex101.com/, it matches all the characters and new lines corretly.
I also tested it on one of my sites and preg_match return "true" instead "false" for the same string.
From there, I though of a charset problem. I tried to force utf8 by adding the following in .htaccess :

 <FilesMatch "\.(htm|html|xhtml|xml|css|js|php)$">
AddDefaultCharset utf-8
</FilesMatch>

No luck there either.

Now i'm running out of ideas and I'm kind of stuck. It seems to me the textarea does not post special characters correctly but I don't know how to be sure or where to fix it in Oxwal if that is the case.

Could anyone please help me find out what is going on or propose another way to restrict my field data?

Thank you for any help.
Nickolay
Nickolay Mar 20 '15
Try using m-modifier (multi-line), plus the only symbols you'll need to escape in character class are \^- (click).


$messagePattern = '/^[0-9A-Za-zÄÖÜѧàèé@&_ \\/+,:;.!?"\'\n\r\t*()<>=\-]{1,100}$/m';

Ilhan Mullier
Ilhan Mullier Mar 21 '15
Thank you for your insights, the m-modifier fixed the new line problem, but I used this regex instead :

$messagePatern = '/^[0-9A-Za-zÄÖÜѧàèé@&_ \/+,:;.!?"\'\n\r*()<>=\-]{1,100}$/m';

removed \t to restrict TAB key. Just want the slash not the antislash, it needs to be escaped because it's the delimiter. Is this right?

But the validation still sends illogical results for special characters on the Oxwall server :

if I input :
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzÄÖÜѧàèé@&_ /+,:;.!?"'*()<>=-   
preg_match() returns false

this :
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz@&_ /+,:;.!?"'*()<>=-  
preg_match() returns true

this :
0123456789ABCDEFGHIJKLMNOPQRSTUVW
ÄÖÜѧàèéXYZabcdefghijklmnopqrstuvwxyz@&_ /+,:;.!?"'*()<>=- 
preg_match() returns true

this :
0123456789ABCDEFGHIJKLMNOPQRSTUVWÄÖÜѧàèé
XYZabcdefghijklmnopqrstuvwxyz@&_ /+,:;.!?"'*()<>=-  
preg_match() returns true

this :
0123456789ABCDEFGHIJKLMNOPQRÄÖÜ
ѧàèéSTUVWXYZabcdefghijklmnopqràèéstuvwxyz@&_ /+,:;.!?"'*()<>=- 
preg_match() returns false

I tested those strings with the regex you proposed, and the results are the same.

I then tested those 5 strings with my intial regex, the one you proposed, and the one at the top of this post on regex101 and another php site. The result is true every time.

Taking this into account, I really don't think the problem comes from the regex but I could be wrong.


Ilhan Mullier
Ilhan Mullier Mar 21 '15
I tried using :

$sendForm->fieldMessage->addValidator(new RegExpValidator('/^[0-9A-Za-zÄÖÜѧàèé@&_ \/+,:;.!?"\'\n\r*()<>=\-]{1,100}$/m'));

Same results
Nickolay
Nickolay Mar 21 '15
Don't use htmlspecialchars when passing data to preg_match. Actually it works fine for me. Plus you can try using u-modifier (unicode).
Ilhan Mullier
Ilhan Mullier Mar 23 '15
Hi, it's solved, after using u-modifier I had an UTF8 error, I reencoded and rechecked everything, now it works.

Thank you very much for your help.