From d6e2fb3cbb92accfa1bf55ef71be310a05985434 Mon Sep 17 00:00:00 2001 From: Michelangelo van Dam Date: Sat, 21 Mar 2020 22:43:51 +0100 Subject: [PATCH 1/3] Issue #99: Problems validating non-Latin trader values In this commit I changed the way we're filtering and validating characters so that we allow non-Latin characters as we have in Germany, Poland, Greece and other countries. --- src/Vies/Vies.php | 4 +- tests/Vies/ValidatorTest.php | 84 ++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+), 2 deletions(-) diff --git a/src/Vies/Vies.php b/src/Vies/Vies.php index 4a19f6e..d621acf 100644 --- a/src/Vies/Vies.php +++ b/src/Vies/Vies.php @@ -386,7 +386,7 @@ private function addOptionalArguments(array &$requestParams, string $argumentKey private function filterArgument(string $argumentValue): string { $argumentValue = str_replace(['"', '\''], '', $argumentValue); - return filter_var($argumentValue, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_STRIP_HIGH); + return filter_var($argumentValue, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_STRIP_LOW); } /** @@ -399,7 +399,7 @@ private function filterArgument(string $argumentValue): string private function validateArgument(string $argumentValue): bool { if (false === filter_var($argumentValue, FILTER_VALIDATE_REGEXP, [ - 'options' => ['regexp' => '/^[a-zA-Z0-9\s\.\-,]+$/'] + 'options' => ['regexp' => '/^[a-zA-Z0-9\s\.\-,\pL]+$/u'] ])) { return false; } diff --git a/tests/Vies/ValidatorTest.php b/tests/Vies/ValidatorTest.php index 2079869..4fd99f9 100644 --- a/tests/Vies/ValidatorTest.php +++ b/tests/Vies/ValidatorTest.php @@ -85,4 +85,88 @@ public function testVatNumberChecksumFailure() } } } + + public function traderDataProvider() + { + return [ + 'Belgian Trader Name' => [ + [ + 'countryCode' => 'BE', + 'vatNumber' => '0203430576', + 'requesterCountryCode' => 'BE', + 'requesterVatNumber' => '0203430576', + 'traderName' => 'B-Rail', + 'traderCompanyType' => 'NV', + 'traderStreet' => 'Frankrijkstraat 65', + 'traderPostcode' => '1060', + 'traderCity' => 'Sint-Gillis', + ], + ], + 'German Trader Name' => [ + [ + 'countryCode' => 'DE', + 'vatNumber' => '811569869', + 'requesterCountryCode' => 'DE', + 'requesterVatNumber' => '811569869', + 'traderName' => 'Deutsche Bahn', + 'traderCompanyType' => 'AG', + 'traderStreet' => 'Potsdamer Platz 2', + 'traderPostcode' => '10785', + 'traderCity' => 'Berlin', + ], + ], + 'Greek Trader Name' => [ + [ + 'countryCode' => 'EL', + 'vatNumber' => '999645865', + 'requesterCountryCode' => 'EL', + 'requesterVatNumber' => '999645865', + 'traderName' => 'ΤΡΑΙΝΟΣΕ', + 'traderCompanyType' => 'AE', + 'traderStreet' => 'ΚΑΡΟΛΟΥ 1-3', + 'traderPostcode' => '10437', + 'traderCity' => 'ΑΘΗΝΑ', + ], + ], + 'Polish Trader Name' => [ + [ + 'countryCode' => 'PL', + 'vatNumber' => '1132316427', + 'requesterCountryCode' => 'PL', + 'requesterVatNumber' => '1132316427', + 'traderName' => 'PKP POLSKIE LINIE KOLEJOWE SPÓŁKA AKCYJNA', + 'traderCompanyType' => '', + 'traderStreet' => 'TARGOWA 74', + 'traderPostcode' => '03-734', + 'traderCity' => 'WARSZAWA', + ], + ], + ]; + } + + /** + * Testing that arguments that contain non-latin values are still + * validated correctly + * + * @group issue-99 + * @covers \DragonBe\Vies\Vies::validateVat + * @covers \DragonBe\Vies\Vies::validateArgument + * @dataProvider TraderDataProvider + */ + public function testArgumentValidationSucceedsForNonLatinArgumentValues(array $traderData) + { + $vies = new Vies(); + $vatResponse = $vies->validateVat( + $traderData['countryCode'], + $traderData['vatNumber'], + $traderData['requesterCountryCode'], + $traderData['requesterVatNumber'], + $traderData['traderName'], + $traderData['traderCompanyType'], + $traderData['traderStreet'], + $traderData['traderPostcode'], + $traderData['traderCity'] + ); + $this->assertTrue($vatResponse->isValid()); + } } From 7ef89626f3547ebdb62e3307668c32bbafe3ac4f Mon Sep 17 00:00:00 2001 From: Michelangelo van Dam Date: Wed, 27 May 2020 20:20:41 +0200 Subject: [PATCH 2/3] Improving argument filtering After some discussion on issue #99 I improved the way we filter arguments, especially for trader company names and added a couple of additional test cases to make sure we allow special characters inside the trader names. --- src/Vies/Vies.php | 5 ++-- tests/Vies/ValidatorTest.php | 52 ++++++++++++++++++++++++++++++++++++ tests/Vies/ViesTest.php | 8 ------ 3 files changed, 55 insertions(+), 10 deletions(-) diff --git a/src/Vies/Vies.php b/src/Vies/Vies.php index d621acf..d625a13 100644 --- a/src/Vies/Vies.php +++ b/src/Vies/Vies.php @@ -386,7 +386,7 @@ private function addOptionalArguments(array &$requestParams, string $argumentKey private function filterArgument(string $argumentValue): string { $argumentValue = str_replace(['"', '\''], '', $argumentValue); - return filter_var($argumentValue, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_STRIP_LOW); + return filter_var($argumentValue, FILTER_SANITIZE_STRIPPED, FILTER_FLAG_STRIP_LOW); } /** @@ -398,8 +398,9 @@ private function filterArgument(string $argumentValue): string */ private function validateArgument(string $argumentValue): bool { + $regexp = '/^[a-zA-Z0-9\s\.\-,&\+\(\)\pL]+$/u'; if (false === filter_var($argumentValue, FILTER_VALIDATE_REGEXP, [ - 'options' => ['regexp' => '/^[a-zA-Z0-9\s\.\-,\pL]+$/u'] + 'options' => ['regexp' => $regexp] ])) { return false; } diff --git a/tests/Vies/ValidatorTest.php b/tests/Vies/ValidatorTest.php index 4fd99f9..3dd04ce 100644 --- a/tests/Vies/ValidatorTest.php +++ b/tests/Vies/ValidatorTest.php @@ -141,6 +141,58 @@ public function traderDataProvider() 'traderCity' => 'WARSZAWA', ], ], + 'Ampesant Trader Name' => [ + [ + 'countryCode' => 'BE', + 'vatNumber' => '0458591947', + 'requesterCountryCode' => 'BE', + 'requesterVatNumber' => '0458591947', + 'traderName' => 'VAN AERDE & PARTNERS', + 'traderCompanyType' => 'BVBA', + 'traderStreet' => 'RIJSELSTRAAT 274', + 'traderPostcode' => '8200', + 'traderCity' => 'BRUGGE', + ], + ], + 'Dot-dash Trader Name' => [ + [ + 'countryCode' => 'BE', + 'vatNumber' => '0467609086', + 'requesterCountryCode' => 'BE', + 'requesterVatNumber' => '0467609086', + 'traderName' => 'HAELTERMAN C.V.-KLIMA', + 'traderCompanyType' => 'BVBA', + 'traderStreet' => 'GERAARDSBERGSESTEENWEG 307', + 'traderPostcode' => '9404', + 'traderCity' => 'NINOVE', + ], + ], + 'Accent Trader Name' => [ + [ + 'countryCode' => 'BE', + 'vatNumber' => '0873284862', + 'requesterCountryCode' => 'BE', + 'requesterVatNumber' => '0873284862', + 'traderName' => '\'t GERIEF', + 'traderCompanyType' => 'CVBA', + 'traderStreet' => 'LICHTAARTSEWEG(HRT) 22', + 'traderPostcode' => '2200', + 'traderCity' => 'HERENTALS', + ], + ], + 'Plus Trader Name' => [ + [ + 'countryCode' => 'BE', + 'vatNumber' => '0629758840', + 'requesterCountryCode' => 'BE', + 'requesterVatNumber' => '0629758840', + 'traderName' => 'ARCHITECTUUR+', + 'traderCompanyType' => 'BVBA', + 'traderStreet' => 'STATIONSSTRAAT 28', + 'traderPostcode' => '3930', + 'traderCity' => 'HAMONT-ACHEL', + ], + ], ]; } diff --git a/tests/Vies/ViesTest.php b/tests/Vies/ViesTest.php index 6ae7f75..5939fc0 100644 --- a/tests/Vies/ViesTest.php +++ b/tests/Vies/ViesTest.php @@ -445,14 +445,6 @@ public function badOptionalInformationProvider(): array '1000', 'Some Town', ], - [ - 'HackThePlanet', - 'Ltd', - 'Main Street 1', - '1000', - 'Some Town', - ], [ 'HackThePlanet', 'Ltd', From b9716900f47d6872bb5030ab5616b624a2bd1715 Mon Sep 17 00:00:00 2001 From: Michelangelo van Dam Date: Wed, 27 May 2020 21:05:42 +0200 Subject: [PATCH 3/3] More whitelist validation chars For Spain the full trader details are required and cannot be filtered before validation, therefor we need to add these characters to the whitelist. Not really an ideal situation, but we improve over time. --- src/Vies/Vies.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Vies/Vies.php b/src/Vies/Vies.php index d625a13..6596c2b 100644 --- a/src/Vies/Vies.php +++ b/src/Vies/Vies.php @@ -398,7 +398,7 @@ private function filterArgument(string $argumentValue): string */ private function validateArgument(string $argumentValue): bool { - $regexp = '/^[a-zA-Z0-9\s\.\-,&\+\(\)\pL]+$/u'; + $regexp = '/^[a-zA-Z0-9\s\.\-,&\+\(\)\/º\pL]+$/u'; if (false === filter_var($argumentValue, FILTER_VALIDATE_REGEXP, [ 'options' => ['regexp' => $regexp] ])) {