Merge pull request #2 from SmartBase-SK/feat_sanitize

triv: sanitize all strings from special characters

Author: mihalikv

lib/ObjectSerializer.php

@@ -28,6 +28,11 @@ public static function setDateTimeFormat($format)
         self::$dateTimeFormat = $format;
     }
 
+    public static function removeSpecialCharacters($string)
+    {
+        return preg_replace('/[<>`|\\\\]/', '', $string);
+    }
+
     /**
      * Serialize data
      *
@@ -39,6 +44,10 @@ public static function setDateTimeFormat($format)
      */
     public static function sanitizeForSerialization($data, $type = null, $format = null)
     {
+        if (is_string($data)) {
+            return self::removeSpecialCharacters($data);
+        }
+
         if (is_scalar($data) || null === $data) {
             return $data;
         }

tests/tests.php

@@ -69,7 +69,7 @@ private function getDirectTransactionPayload(
                 "variable_symbol" => "123",
             ]),
             "tds_data" => new DirectTransactionTDSData([
-                "card_holder" => "Janko Hraško",
+                "card_holder" => "Ja<nko> Hrašk|o",
                 "email" => "[email protected]",
                 "billing_address" => $address,
                 "shipping_address" => $address,
@@ -105,21 +105,21 @@ private function getPaymentPayload(
         ]);
 
         $userData = new UserData([
-            "first_name" => "Janko",
-            "last_name" => "Hrasko",
+            "first_name" => "|Jan\ko|",
+            "last_name" => "<Hraško>\\`",
             "email" => "[email protected]",
         ]);
 
         $bankTransfer = new BankTransfer();
         $billingAddress = new Address([
-            "street_name" => "TestStreet",
+            "street_name" => "<Test|\Street",
             "building_number" => "12",
-            "town_name" => "Town",
+            "town_name" => "T<ow>n",
             "post_code" => "97405",
             "country" => "SK",
         ]);
         $shippingAddress = new Address([
-            "street_name" => "TestStreet",
+            "street_name" => "T`est| Street",
             "building_number" => "12",
             "town_name" => "Town",
             "post_code" => "97405",