added validation for Ids before calling communibase

kingsquare · Nov 17, 2014 · caa55aa · caa55aa
1 parent 9439d68
commit caa55aa
Showing 1 changed file with 25 additions and 2 deletions.
diff --git a/src/Communibase/Connector.php b/src/Communibase/Connector.php
@@ -85,6 +85,9 @@ public function getById($entityType, $id, $params = array()) {
 		if (empty($id)) {
 			throw new Exception('Id is empty');
 		}
+		if (!$this->isIdValid($id)) {
+			throw new Exception('Id is invalid, please use a correctly formatted id');
+		}
 		$ch = $this->setupCurlHandle($entityType . '.json/crud/' . $id, $params);
 		curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
 		return $this->getResult($ch);
@@ -128,10 +131,13 @@ public function getByRef($ref, $parentEntity = array()) {
 	 * @return array entities
 	 */
 	public function getByIds($entityType, $ids, $params = array()) {
-		if (empty($ids)) {
+		$validIds = array_filter($ids, array($this, 'isIdValid'));
+
+		if (empty($validIds)) {
 			return array();
 		}
-		return $this->search($entityType, array('_id' => array('$in' => $ids)), $params);
+
+		return $this->search($entityType, array('_id' => array('$in' => $validIds)), $params);
 	}
 
 	/**
@@ -392,4 +398,21 @@ private function getResult($ch) {
 
 		return $responseData;
 	}
+
+	/**
+	 * @param string $id
+	 *
+	 * @return bool
+	 */
+	private function isIdValid($id) {
+		if (empty($id)) {
+			return false;
+		}
+
+		if (preg_match('#[0-9a-fA-F]{24}#', $id) === 0) {
+			return false;
+		}
+
+		return true;
+	}
 }