DataPublicAjaxLogistics => bez CSRF

<?php

namespace APK_NAME\Core\Data;

use APK_NAME\Core\SystemCore\DatabaseInterface;
use APK_NAME\Core\SystemCore\PDO_core;
use APK_NAME\Core\SystemStatic\SQLFileReader;

require_once '../../vendor/autoload.php';

class DataPublicAjaxLogistics
{
    private DatabaseInterface $pdo;
    private array $requestData;

    public function __construct(DatabaseInterface $pdo)
    {
        $this->sessionTest();
        $this->pdo = $pdo;
        $this->requestData = $this->sanitizeInput();
        $this->jsonEncode($this->requestData['case']);
    }

    private function sessionTest(): void
    {
        session_start();
        if (!isset($_SESSION['logged']) || $_SESSION['logged'] !== true) {
            exit('Uživatel není přihlášen.');
        }
    }

    private function sanitizeInput(): array
    {
        return [
            'source' => filter_input(INPUT_GET, 'source', FILTER_DEFAULT),
            'parse_id' => filter_input(INPUT_GET, 'parse_id', FILTER_SANITIZE_NUMBER_INT),
            'id_records' => filter_input(INPUT_GET, 'id_records', FILTER_SANITIZE_NUMBER_INT),
            'id' => filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT),
            'case' => filter_input(INPUT_GET, 'case', FILTER_DEFAULT),
            'date' => filter_input(INPUT_GET, 'date', FILTER_DEFAULT),
        ];
    }

    private function jsonEncode($file): void
    {
        header('Content-Type: application/json; charset=UTF-8');
        echo match ($file) {
            'some_case_code' => json_encode(['data' => $this->getDataSQL('sql_file_name')]),
            default => json_encode(['error' => 'TABLE NOT SELECTED']),
        };
    }

    private function getDataSQL($sqlFile): array
    {
        $data = $this->pdo->selectData(SQLFileReader::getSQL("../../backoffice/core/sql/logistics/" . $sqlFile));
        return array_map([$this, 'encodeBlobs'], $data);
    }

    private function encodeBlobs($row): array
    {
        foreach ($row as $column => &$value) {
            if (str_contains($column, '_blob') && isset($value)) {
                $value = base64_encode($value);
            }
        }
        return $row;
    }
}

new DataPublicAjaxLogistics(PDO_core::getInstance());

Comments

Napsat komentář

Vaše e-mailová adresa nebude zveřejněna. Vyžadované informace jsou označeny *