Form validation and security

[nbarnum]

I want to add extra fields to a contact form.  What sort of security/validation does Prestashop have to make inputs such as text, checkbox and radio boxes secure?  I'm developing a custom contact form that allows the customer to choose a product and customize their requested accessories/options for a quote.  A drop down allows them to chose the category from 6 categories then chose options from about 5 questions each.  With all the options for each category there's close to 68 inputs I need to secure.

 

How do I secure inputs in a Prestashop Form?

[PascalVG]

Easiest way to see how they do basic input checking for is to look at some screens. Check some files in controllers/front/, and also look at file classes/Validate.php. There you see functions like isString, isBool etc, which checks input and match it with expected input. You can  make them more exotic, like isTrackingNumber, or do some comparisons, like isPercentage. You can write your own pattern of course to match your special purpose input fields using preg_match or other checks etc. Just give this function to the input field definition (again, see controller files) and it will be taken care of

 

I remember reading somewhere that they worked hard to prevent SQL injection, and use functions like pSQL(<your input data var>) promoted to 'box' attempts, but not sure how well they succeeded in preventing it all. (Google prestashop 1.6 sql injection  and you see some pages that insinuate some injection success)

 

Anyone else some more info?

 

 

My 2 cents,

pascal