From 6ce7f0ef225108dfbd4a89a423c9a435e9ff5d48 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 11:02:20 +0200 Subject: [PATCH 01/36] createArticle-Eingabevalidierung --- content/createArticle.php | 25 +++++ php/controller/createArticle-controller.php | 110 +++++++++++++++++--- 2 files changed, 118 insertions(+), 17 deletions(-) diff --git a/content/createArticle.php b/content/createArticle.php index 381c85a..3e95141 100644 --- a/content/createArticle.php +++ b/content/createArticle.php @@ -18,6 +18,31 @@ session_start(); Jeder Beitrag muss einen Titel, Kategorie und Inhalt besitzen.

+ +

+ Der Titel enthält ungültige Zeichen oder erfüllt die Länge von 5-120 Zeichen nicht. +

+ + +

+ Der Text ist zu lang. Maximal 7.000 Zeichen erlaubt (ca. 1.000 Wörter). +

+ + +

+ Die ausgewählte Kategorie ist ungültig. +

+ + +

+ Ungültige Schlagworte gefunden. Erlaubt sind nur Buchstaben, Zahlen, Leerzeichen und Bindestriche (2-20 Zeichen). +

+ + +

+ Bei der Validierung deiner Daten ist ein Fehler aufgetreten. Bitte versuche es erneut. +

+ diff --git a/php/controller/createArticle-controller.php b/php/controller/createArticle-controller.php index 375d136..5896928 100644 --- a/php/controller/createArticle-controller.php +++ b/php/controller/createArticle-controller.php @@ -7,25 +7,101 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { if(!isset($_POST["title"]) ||!isset($_POST["content"]) || !isset($_POST["category"])){ $_SESSION["message"] = "missing_parameters"; header("location: ../../index.php?pfad=createArticle"); - } else { - - $title = $_POST["title"]; - $content = $_POST["content"]; - $category = $_POST["category"]; - $author = "max.mustermann"; // TODO: später aus Session den angemeldeten Nutzer beziehen. - $tags = $_POST["tags"]; - - try { - $articleManager = ArticleManager::getInstance(); - $articleManager->addArticle($title, $content, $author, $category, $tags); - } catch (Exception $e){ - $_SESSION["message"] = "internal_error"; - } - $_SESSION["message"] = "new_article"; - // Weiterleitung zur Homepage - header("location: ../../index.php"); exit(); + } else { + // ------------------------ Validierung des Authors: ---------------------------- + $author = "max.mustermann"; // TODO: später aus Session den angemeldeten Nutzer beziehen. + $validatedAuthor = $author; + // --------------------- Eingabevalidierung des Titels: ------------------------- + $title = $_POST["title"]; + // Mit Regex prüfen: + $titlePattern = '/^[a-zA-Z0-9äöüÄÖÜß\s.,!?:;()\'"„“«»_+-]{5,120}$/u'; //Erlaubt: Buchstaben, Zahlen, Standardsatzzeichen; 5-120 Zeichen + if (preg_match($titlePattern, $title)) { + $validatedTitle = $title; + } else { + $_SESSION["message"] = "invalid_title"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + if (!preg_match('/^[a-zA-Z0-9äöüÄÖÜß\s.,!?:;()\'"„“«»_+-]{5,120}$/u', $title)) { + $errors['title'] = "Der Titel enthält ungültige Zeichen oder erfüllt die Länge von 5-120 Zeichen nicht."; + } + + // --------------------- Eingabeüberprüfung des Contents: ----------------------- + $content = $_POST["content"]; + $zeichenAnzahl = mb_strlen($content); + if ($zeichenAnzahl <= 7000) { + $validatedContent = $content; + }else{ + $_SESSION["message"] = "invalid_content"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + + // --------------------- -Eingabevalidierung der Kategorie: -------------------- + $category = $_POST["category"]; + $allowedCategories = [ + 'deutsch', 'englisch', 'franzoesisch', 'latein', 'literatur', + 'mathe', 'biologie', 'chemie', 'physik', 'informatik', 'astronomie', + 'geschichte', 'erdkunde', 'sozialkunde', 'wirtschaft', 'religion', + 'ethik', 'philosophie', 'psychologie', 'kunst', 'musik', 'theater', + 'technik', 'werken', 'hauswirtschaft', 'sport' + ]; + if (!in_array($category, $allowedCategories, true)) { + $_SESSION["message"] = "invalid_category"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + + // -------------------------- Eingabevalidierung der tags: ---------------------- + if (isset($_POST['tags'])) { + $tags = trim($_POST['tags']); + } else { + $tags = ''; + } + $validatedTags = []; + $rawTags = explode(',', $tags); // String mit Kommas in array... + + foreach ($rawTags as $rawTag) { + // Leerzeichen am Anfang/Ende des einzelnen Tags entfernen: + $tag = trim($rawTag); + + // leere Elemente überspringen: + if ($tag === '') { + continue; + } + + // Tag mit Regex prüfen: + $tagPattern = '/^[a-zA-Z0-9äöüÄÖÜß\s-]{2,20}$/u'; //Erlaubt: Buchstaben, Zahlen, Bindestriche, Leerzeichen; 2-20 Zeichen + if (preg_match($tagPattern, $tag)) { + $validatedTags[] = $tag; + } else { + $_SESSION["message"] = "invalid_tags"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + } + // Duplikate entfernen: + $validatedTags = array_unique($validatedTags); + + // ----------------- Übertragung der validierten Daten in ArticleManager: --------------------------- + if (!isset($validatedTitle) || !isset($validatedContent) || !isset($validatedCategory) || !isset($validatedTags)) { + $_SESSION["message"] = "validation_missing"; + } else { + try { + $articleManager = ArticleManager::getInstance(); + $articleManager->addArticle($validatedTitle, $validatedContent, $validatedAuthor, $validatedCategory, $validatedTags); + } catch (Exception $e){ + $_SESSION["message"] = "internal_error"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + $_SESSION["message"] = "new_article"; + // Weiterleitung zur Homepage + header("location: ../../index.php"); + exit(); + } } } From 979378d142cfd4986ee7c10686cbfa326f25ccfe Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 11:06:33 +0200 Subject: [PATCH 02/36] Update createArticle-controller.php --- php/controller/createArticle-controller.php | 1 + 1 file changed, 1 insertion(+) diff --git a/php/controller/createArticle-controller.php b/php/controller/createArticle-controller.php index 5896928..d0a5b6a 100644 --- a/php/controller/createArticle-controller.php +++ b/php/controller/createArticle-controller.php @@ -84,6 +84,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { } // Duplikate entfernen: $validatedTags = array_unique($validatedTags); + $validatedTags = implode(',', $validatedTags); // ----------------- Übertragung der validierten Daten in ArticleManager: --------------------------- if (!isset($validatedTitle) || !isset($validatedContent) || !isset($validatedCategory) || !isset($validatedTags)) { From 59268dc1026e381dfc9e0c628a63d174cee3d6fe Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 11:14:59 +0200 Subject: [PATCH 03/36] Eingaben gehen bei Fehlermeldungen nicht verloren --- content/createArticle.php | 12 +++++++++--- php/controller/createArticle-controller.php | 4 ++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/content/createArticle.php b/content/createArticle.php index 3e95141..7697780 100644 --- a/content/createArticle.php +++ b/content/createArticle.php @@ -46,8 +46,12 @@ session_start(); - - + + @@ -104,7 +108,9 @@ session_start();
- +
diff --git a/php/controller/createArticle-controller.php b/php/controller/createArticle-controller.php index d0a5b6a..ad90d86 100644 --- a/php/controller/createArticle-controller.php +++ b/php/controller/createArticle-controller.php @@ -4,6 +4,10 @@ require_once '../model/LocalArticleManager.php'; require_once '../model/ArticleManager.php'; if ($_SERVER["REQUEST_METHOD"] === "POST") { + $_SESSION["old_title"] = $_POST["title"] ?? ''; + $_SESSION["old_content"] = $_POST["content"] ?? ''; + $_SESSION["old_category"] = $_POST["category"] ?? ''; + $_SESSION["old_tags"] = $_POST["tags"] ?? ''; if(!isset($_POST["title"]) ||!isset($_POST["content"]) || !isset($_POST["category"])){ $_SESSION["message"] = "missing_parameters"; header("location: ../../index.php?pfad=createArticle"); From 09795c30dd5e392b3fc77413c0d729f3d7dbc5cc Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 11:19:01 +0200 Subject: [PATCH 04/36] debugging --- php/controller/createArticle-controller.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/php/controller/createArticle-controller.php b/php/controller/createArticle-controller.php index ad90d86..9533580 100644 --- a/php/controller/createArticle-controller.php +++ b/php/controller/createArticle-controller.php @@ -16,6 +16,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { // ------------------------ Validierung des Authors: ---------------------------- $author = "max.mustermann"; // TODO: später aus Session den angemeldeten Nutzer beziehen. $validatedAuthor = $author; + echo "Autorvalidierung erfolgreich"; // --------------------- Eingabevalidierung des Titels: ------------------------- $title = $_POST["title"]; @@ -31,6 +32,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { if (!preg_match('/^[a-zA-Z0-9äöüÄÖÜß\s.,!?:;()\'"„“«»_+-]{5,120}$/u', $title)) { $errors['title'] = "Der Titel enthält ungültige Zeichen oder erfüllt die Länge von 5-120 Zeichen nicht."; } + echo "Titelvalidierung erfolgreich"; // --------------------- Eingabeüberprüfung des Contents: ----------------------- $content = $_POST["content"]; @@ -42,6 +44,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { header("location: ../../index.php?pfad=createArticle"); exit(); } + echo "Contentvalidierung erfolgreich"; // --------------------- -Eingabevalidierung der Kategorie: -------------------- $category = $_POST["category"]; @@ -57,6 +60,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { header("location: ../../index.php?pfad=createArticle"); exit(); } + echo "Kategorievalidierung erfolgreich"; // -------------------------- Eingabevalidierung der tags: ---------------------- if (isset($_POST['tags'])) { @@ -89,6 +93,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { // Duplikate entfernen: $validatedTags = array_unique($validatedTags); $validatedTags = implode(',', $validatedTags); + echo "Tagvalidierung erfolgreich"; // ----------------- Übertragung der validierten Daten in ArticleManager: --------------------------- if (!isset($validatedTitle) || !isset($validatedContent) || !isset($validatedCategory) || !isset($validatedTags)) { @@ -97,6 +102,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { try { $articleManager = ArticleManager::getInstance(); $articleManager->addArticle($validatedTitle, $validatedContent, $validatedAuthor, $validatedCategory, $validatedTags); + echo "Speichern erfolgreich"; } catch (Exception $e){ $_SESSION["message"] = "internal_error"; header("location: ../../index.php?pfad=createArticle"); From 6aa1cd9a6304b6f0aea1c33ebedc1904744c008b Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 11:30:07 +0200 Subject: [PATCH 05/36] Update createArticle-controller.php --- php/controller/createArticle-controller.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/php/controller/createArticle-controller.php b/php/controller/createArticle-controller.php index 9533580..a4c0fa2 100644 --- a/php/controller/createArticle-controller.php +++ b/php/controller/createArticle-controller.php @@ -60,11 +60,12 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { header("location: ../../index.php?pfad=createArticle"); exit(); } + $validatedCategory = $category; echo "Kategorievalidierung erfolgreich"; // -------------------------- Eingabevalidierung der tags: ---------------------- if (isset($_POST['tags'])) { - $tags = trim($_POST['tags']); + $tags = $_POST['tags']; } else { $tags = ''; } @@ -96,8 +97,10 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { echo "Tagvalidierung erfolgreich"; // ----------------- Übertragung der validierten Daten in ArticleManager: --------------------------- - if (!isset($validatedTitle) || !isset($validatedContent) || !isset($validatedCategory) || !isset($validatedTags)) { + if (!isset($validatedTitle) || !isset($validatedContent) || !isset($validatedAuthor) || !isset($validatedCategory) || !isset($validatedTags)) { $_SESSION["message"] = "validation_missing"; + header("location: ../../index.php?pfad=createArticle"); + exit(); } else { try { $articleManager = ArticleManager::getInstance(); From d6249169c65ced736aaff6be9a45fc3e91d2f768 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 11:31:25 +0200 Subject: [PATCH 06/36] Update createArticle.php --- content/createArticle.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/createArticle.php b/content/createArticle.php index 7697780..9d2dadf 100644 --- a/content/createArticle.php +++ b/content/createArticle.php @@ -47,10 +47,10 @@ session_start(); unset($_SESSION["message"]); ?> @@ -109,7 +109,7 @@ session_start();
From f12babf2b13bf9e0dba9291db615161ab7fd053b Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 11:35:25 +0200 Subject: [PATCH 07/36] Update createArticle.php --- content/createArticle.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/createArticle.php b/content/createArticle.php index 9d2dadf..c52fb80 100644 --- a/content/createArticle.php +++ b/content/createArticle.php @@ -47,10 +47,10 @@ session_start(); unset($_SESSION["message"]); ?> @@ -109,7 +109,7 @@ session_start();
From 829a0e49d820ffc85823fc98aa145242668299e4 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 11:42:51 +0200 Subject: [PATCH 08/36] Content: zwischen 10 und 7000 Zeichen --- content/createArticle.php | 2 +- php/controller/createArticle-controller.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/createArticle.php b/content/createArticle.php index c52fb80..970186c 100644 --- a/content/createArticle.php +++ b/content/createArticle.php @@ -25,7 +25,7 @@ session_start();

- Der Text ist zu lang. Maximal 7.000 Zeichen erlaubt (ca. 1.000 Wörter). + Der Text erlaubt eine Länge von 10 bis maximal 7.000 Zeichen (ca. 1.000 Wörter).

diff --git a/php/controller/createArticle-controller.php b/php/controller/createArticle-controller.php index a4c0fa2..10916fb 100644 --- a/php/controller/createArticle-controller.php +++ b/php/controller/createArticle-controller.php @@ -13,7 +13,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { header("location: ../../index.php?pfad=createArticle"); exit(); } else { - // ------------------------ Validierung des Authors: ---------------------------- + // ------------------------ Validierung des Autors: ---------------------------- $author = "max.mustermann"; // TODO: später aus Session den angemeldeten Nutzer beziehen. $validatedAuthor = $author; echo "Autorvalidierung erfolgreich"; @@ -37,7 +37,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { // --------------------- Eingabeüberprüfung des Contents: ----------------------- $content = $_POST["content"]; $zeichenAnzahl = mb_strlen($content); - if ($zeichenAnzahl <= 7000) { + if ($zeichenAnzahl <= 7000 && $zeichenAnzahl > 10) { $validatedContent = $content; }else{ $_SESSION["message"] = "invalid_content"; From 754777d69e0dcf96c87f39b1b2d046029dd2b571 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 11:49:36 +0200 Subject: [PATCH 09/36] Update showArticle-controller.php --- php/controller/showArticle-controller.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index 79b5e9e..38d69ee 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -15,12 +15,16 @@ if (isset($_GET["id"])){ $author = $article->getAuthor(); $tags = $article->getTags(); }else{ - $_SESSION["message"] = "article_not_found"; + header("location: ../../index.php?pfad=404"); + exit(); } } catch (Exception $e){ $_SESSION["message"] = "internal_error"; + header("location: ../../index.php?pfad=showArticle"); + exit(); } }else{ - $_SESSION["message"] = "article_not_found"; + header("location: ../../index.php?pfad=404"); + exit(); } ?> \ No newline at end of file From 603c208ae4fe40dedd7a910fb670316648e5c13a Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 11:50:59 +0200 Subject: [PATCH 10/36] Update showArticle-controller.php --- php/controller/showArticle-controller.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index 38d69ee..f0ef716 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -24,7 +24,6 @@ if (isset($_GET["id"])){ exit(); } }else{ - header("location: ../../index.php?pfad=404"); - exit(); + $_SESSION["message"] = "missing_id"; } ?> \ No newline at end of file From 9f4ca058bdeb35e1820695fca3cfb0b18519ee02 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 11:52:16 +0200 Subject: [PATCH 11/36] Update showArticle-controller.php --- php/controller/showArticle-controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index f0ef716..c78bdbd 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -3,7 +3,7 @@ session_start(); require_once 'php/model/Article.php'; require_once 'php/model/ArticleManager.php'; -if (isset($_GET["id"])){ +if (isset($_GET["id"]) && !empty($_GET["id"])){ try { $id = $_GET["id"]; $articleManager = ArticleManager::getInstance(); From c5bfd02f09ed400dc860675e5417f34a56f46821 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:02:21 +0200 Subject: [PATCH 12/36] Update showArticle-controller.php --- php/controller/showArticle-controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index c78bdbd..b5ae40d 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -15,7 +15,7 @@ if (isset($_GET["id"]) && !empty($_GET["id"])){ $author = $article->getAuthor(); $tags = $article->getTags(); }else{ - header("location: ../../index.php?pfad=404"); + header("location: ../index.php?pfad=404"); exit(); } } catch (Exception $e){ From 76beb8d62e9892c323237ca3fa1291e871d36428 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:02:40 +0200 Subject: [PATCH 13/36] Update showArticle-controller.php --- php/controller/showArticle-controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index b5ae40d..46936b8 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -15,7 +15,7 @@ if (isset($_GET["id"]) && !empty($_GET["id"])){ $author = $article->getAuthor(); $tags = $article->getTags(); }else{ - header("location: ../index.php?pfad=404"); + header("location: index.php?pfad=404"); exit(); } } catch (Exception $e){ From ca337c4fac572fe8dc051eae1843aae9538b9ec4 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:03:22 +0200 Subject: [PATCH 14/36] debugging --- php/controller/showArticle-controller.php | 1 + 1 file changed, 1 insertion(+) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index 46936b8..2e0e4ca 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -15,6 +15,7 @@ if (isset($_GET["id"]) && !empty($_GET["id"])){ $author = $article->getAuthor(); $tags = $article->getTags(); }else{ + echo "Test"; header("location: index.php?pfad=404"); exit(); } From 21793dffd7496d61883f6565804c6e8cfa9b4658 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:03:40 +0200 Subject: [PATCH 15/36] Update showArticle-controller.php --- php/controller/showArticle-controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index 2e0e4ca..154da0b 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -16,7 +16,7 @@ if (isset($_GET["id"]) && !empty($_GET["id"])){ $tags = $article->getTags(); }else{ echo "Test"; - header("location: index.php?pfad=404"); + header("Location: index.php?pfad=404"); exit(); } } catch (Exception $e){ From 7dc3c3b9882dcb3c226ecd3772308134917fa5f1 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:06:32 +0200 Subject: [PATCH 16/36] Update showArticle-controller.php --- php/controller/showArticle-controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index 154da0b..3f88d42 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -16,7 +16,7 @@ if (isset($_GET["id"]) && !empty($_GET["id"])){ $tags = $article->getTags(); }else{ echo "Test"; - header("Location: index.php?pfad=404"); + header("location: ../../../index.php?pfad=404"); exit(); } } catch (Exception $e){ From 80732354663181a1c25d18194e2119f32c584c0d Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:07:26 +0200 Subject: [PATCH 17/36] Update showArticle-controller.php --- php/controller/showArticle-controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index 3f88d42..2e0e4ca 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -16,7 +16,7 @@ if (isset($_GET["id"]) && !empty($_GET["id"])){ $tags = $article->getTags(); }else{ echo "Test"; - header("location: ../../../index.php?pfad=404"); + header("location: index.php?pfad=404"); exit(); } } catch (Exception $e){ From fdece531afbf5f30a207bd54789904a3b87dd8fc Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:09:44 +0200 Subject: [PATCH 18/36] Update showArticle-controller.php --- php/controller/showArticle-controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index 2e0e4ca..53e7226 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -16,7 +16,7 @@ if (isset($_GET["id"]) && !empty($_GET["id"])){ $tags = $article->getTags(); }else{ echo "Test"; - header("location: index.php?pfad=404"); + header("location: /index.php?pfad=404"); exit(); } } catch (Exception $e){ From a6210c9d6ece421efff6fcf27f55c4a3b1a8f44b Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:13:03 +0200 Subject: [PATCH 19/36] Update showArticle-controller.php --- php/controller/showArticle-controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index 53e7226..154da0b 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -16,7 +16,7 @@ if (isset($_GET["id"]) && !empty($_GET["id"])){ $tags = $article->getTags(); }else{ echo "Test"; - header("location: /index.php?pfad=404"); + header("Location: index.php?pfad=404"); exit(); } } catch (Exception $e){ From 62190fa8217388beec497c4de06618b7770db33a Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:17:10 +0200 Subject: [PATCH 20/36] Update showArticle.php --- content/showArticle.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/content/showArticle.php b/content/showArticle.php index 77125dd..4457dcc 100644 --- a/content/showArticle.php +++ b/content/showArticle.php @@ -1,12 +1,11 @@ + - -
From d18f33a87a21dd2e2aded2428046646159d890ed Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:17:11 +0200 Subject: [PATCH 21/36] Update showArticle-controller.php --- php/controller/showArticle-controller.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index 154da0b..95d649d 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -16,12 +16,12 @@ if (isset($_GET["id"]) && !empty($_GET["id"])){ $tags = $article->getTags(); }else{ echo "Test"; - header("Location: index.php?pfad=404"); + header("location: index.php?pfad=404"); exit(); } } catch (Exception $e){ $_SESSION["message"] = "internal_error"; - header("location: ../../index.php?pfad=showArticle"); + header("location: index.php?pfad=showArticle"); exit(); } }else{ From 10b058afa03f6d98ef5c1d481fca01464f8319fe Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:22:14 +0200 Subject: [PATCH 22/36] Update path.php --- path.php | 1 + 1 file changed, 1 insertion(+) diff --git a/path.php b/path.php index 61ea409..d1d0a18 100644 --- a/path.php +++ b/path.php @@ -1,3 +1,4 @@ From e105ab61b7c8bbaf9c1eee6b2eda6957d094929b Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:24:59 +0200 Subject: [PATCH 23/36] Update showArticle-controller.php --- php/controller/showArticle-controller.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/php/controller/showArticle-controller.php b/php/controller/showArticle-controller.php index 95d649d..38bb3f2 100644 --- a/php/controller/showArticle-controller.php +++ b/php/controller/showArticle-controller.php @@ -15,13 +15,12 @@ if (isset($_GET["id"]) && !empty($_GET["id"])){ $author = $article->getAuthor(); $tags = $article->getTags(); }else{ - echo "Test"; - header("location: index.php?pfad=404"); + //header("location: index.php?pfad=404"); + include_once "content/404.php"; exit(); } } catch (Exception $e){ $_SESSION["message"] = "internal_error"; - header("location: index.php?pfad=showArticle"); exit(); } }else{ From c440c25e4175a3d52138d44b81d4692a828d316e Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:30:50 +0200 Subject: [PATCH 24/36] Update updateArticle.php --- content/updateArticle.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/content/updateArticle.php b/content/updateArticle.php index 06d345e..01d5108 100644 --- a/content/updateArticle.php +++ b/content/updateArticle.php @@ -23,6 +23,31 @@ include_once 'php/controller/showArticle-controller.php'; Jeder Beitrag muss einen Titel, Kategorie und Inhalt besitzen.

+ +

+ Der Titel enthält ungültige Zeichen oder erfüllt die Länge von 5-120 Zeichen nicht. +

+ + +

+ Der Text erlaubt eine Länge von 10 bis maximal 7.000 Zeichen (ca. 1.000 Wörter). +

+ + +

+ Die ausgewählte Kategorie ist ungültig. +

+ + +

+ Ungültige Schlagworte gefunden. Erlaubt sind nur Buchstaben, Zahlen, Leerzeichen und Bindestriche (2-20 Zeichen). +

+ + +

+ Bei der Validierung deiner Daten ist ein Fehler aufgetreten. Bitte versuche es erneut. +

+ From cd38af22dbcfbf6c9efde2773aac53e0dc4d0607 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:33:13 +0200 Subject: [PATCH 25/36] Update updateArticle.php --- content/updateArticle.php | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/content/updateArticle.php b/content/updateArticle.php index 01d5108..67be89e 100644 --- a/content/updateArticle.php +++ b/content/updateArticle.php @@ -51,9 +51,20 @@ include_once 'php/controller/showArticle-controller.php'; - +
@@ -111,7 +122,13 @@ include_once 'php/controller/showArticle-controller.php';
- +
From c96d93c2ceebaa1a18f21593e4f59415b304544a Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:42:00 +0200 Subject: [PATCH 26/36] Update updateArticle-controller.php --- php/controller/updateArticle-controller.php | 120 +++++++++++++++++--- 1 file changed, 104 insertions(+), 16 deletions(-) diff --git a/php/controller/updateArticle-controller.php b/php/controller/updateArticle-controller.php index fa5e232..6d1b875 100644 --- a/php/controller/updateArticle-controller.php +++ b/php/controller/updateArticle-controller.php @@ -5,6 +5,10 @@ require_once '../model/ArticleManager.php'; require_once '../model/Article.php'; if ($_SERVER["REQUEST_METHOD"] === "POST") { + $_SESSION["old_title"] = $_POST["title"] ?? ''; + $_SESSION["old_content"] = $_POST["content"] ?? ''; + $_SESSION["old_category"] = $_POST["category"] ?? ''; + $_SESSION["old_tags"] = $_POST["tags"] ?? ''; try { $id = $_GET["id"]; } catch (Exception $e){ @@ -12,28 +16,112 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { } if (!isset($_POST["title"]) ||!isset($_POST["content"]) || !isset($_POST["category"])){ $_SESSION["message"] = "missing_parameters"; - header("location: ../../index.php?pfad=updateArticle"); } elseif(!isset($id)) { $_SESSION["message"] = "missing_id"; - //header("location: ../../index.php?pfad=updateArticle"); }else{ - $newTitle = $_POST["title"]; - $newContent = $_POST["content"]; - $newCategory = $_POST["category"]; + // ------------------------ Validierung des Autors: ---------------------------- $author = "max.mustermann"; // TODO: später aus Session den angemeldeten Nutzer beziehen. - $newTags = $_POST["tags"]; + $validatedAuthor = $author; + echo "Autorvalidierung erfolgreich"; - try { - $articleManager = ArticleManager::getInstance(); // TODO: Später aus Session den Nutzer auslesen und Autorenrechte prüfen! - $article = $articleManager->getArticle($id); - $article->setTitle($newTitle); - $article->setContent($newContent); - $article->setCategory($newCategory); - $article->setTags($newTags); - $articleManager->updateArticle($id ,$article, $author); - } catch (Exception $e){ - $_SESSION["message"] = "internal_error"; + // --------------------- Eingabevalidierung des Titels: ------------------------- + $title = $_POST["title"]; + // Mit Regex prüfen: + $titlePattern = '/^[a-zA-Z0-9äöüÄÖÜß\s.,!?:;()\'"„“«»_+-]{5,120}$/u'; //Erlaubt: Buchstaben, Zahlen, Standardsatzzeichen; 5-120 Zeichen + if (preg_match($titlePattern, $title)) { + $validatedTitle = $title; + } else { + $_SESSION["message"] = "invalid_title"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + if (!preg_match('/^[a-zA-Z0-9äöüÄÖÜß\s.,!?:;()\'"„“«»_+-]{5,120}$/u', $title)) { + $errors['title'] = "Der Titel enthält ungültige Zeichen oder erfüllt die Länge von 5-120 Zeichen nicht."; + } + echo "Titelvalidierung erfolgreich"; + + // --------------------- Eingabeüberprüfung des Contents: ----------------------- + $content = $_POST["content"]; + $zeichenAnzahl = mb_strlen($content); + if ($zeichenAnzahl <= 7000 && $zeichenAnzahl > 10) { + $validatedContent = $content; + }else{ + $_SESSION["message"] = "invalid_content"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + echo "Contentvalidierung erfolgreich"; + + // --------------------- -Eingabevalidierung der Kategorie: -------------------- + $category = $_POST["category"]; + $allowedCategories = [ + 'deutsch', 'englisch', 'franzoesisch', 'latein', 'literatur', + 'mathe', 'biologie', 'chemie', 'physik', 'informatik', 'astronomie', + 'geschichte', 'erdkunde', 'sozialkunde', 'wirtschaft', 'religion', + 'ethik', 'philosophie', 'psychologie', 'kunst', 'musik', 'theater', + 'technik', 'werken', 'hauswirtschaft', 'sport' + ]; + if (!in_array($category, $allowedCategories, true)) { + $_SESSION["message"] = "invalid_category"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + $validatedCategory = $category; + echo "Kategorievalidierung erfolgreich"; + + // -------------------------- Eingabevalidierung der tags: ---------------------- + if (isset($_POST['tags'])) { + $tags = $_POST['tags']; + } else { + $tags = ''; + } + $validatedTags = []; + $rawTags = explode(',', $tags); // String mit Kommas in array... + + foreach ($rawTags as $rawTag) { + // Leerzeichen am Anfang/Ende des einzelnen Tags entfernen: + $tag = trim($rawTag); + + // leere Elemente überspringen: + if ($tag === '') { + continue; + } + + // Tag mit Regex prüfen: + $tagPattern = '/^[a-zA-Z0-9äöüÄÖÜß\s-]{2,20}$/u'; //Erlaubt: Buchstaben, Zahlen, Bindestriche, Leerzeichen; 2-20 Zeichen + if (preg_match($tagPattern, $tag)) { + $validatedTags[] = $tag; + } else { + $_SESSION["message"] = "invalid_tags"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + } + // Duplikate entfernen: + $validatedTags = array_unique($validatedTags); + $validatedTags = implode(',', $validatedTags); + echo "Tagvalidierung erfolgreich"; + + // ----------------- Übertragung der validierten Daten in ArticleManager: --------------------------- + if (!isset($validatedTitle) || !isset($validatedContent) || !isset($validatedAuthor) || !isset($validatedCategory) || !isset($validatedTags)) { + $_SESSION["message"] = "validation_missing"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } else { + try { + $articleManager = ArticleManager::getInstance(); + $article = $articleManager->getArticle($id); + $article->setTitle($validatedTitle); + $article->setContent($validatedContent); + $article->setCategory($validatedCategory); + $article->setTags($validatedTags); + $articleManager->updateArticle($id ,$article, $validatedAuthor); + } catch (Exception $e){ + $_SESSION["message"] = "internal_error"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } } $_SESSION["message"] = "article_updated"; // Weiterleitung zur Homepage From 1ca27bc072ebf671d8ba22548fb2845ff76cda42 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:43:11 +0200 Subject: [PATCH 27/36] Update updateArticle.php --- content/updateArticle.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/updateArticle.php b/content/updateArticle.php index 67be89e..49c0254 100644 --- a/content/updateArticle.php +++ b/content/updateArticle.php @@ -126,8 +126,7 @@ include_once 'php/controller/showArticle-controller.php'; value=" - ?>" + echo htmlspecialchars($_SESSION['old_tags'] ?? ''); unset($_SESSION['old_tags']); ?>" placeholder="z.B. Technik, IT (mit Komma trennen)"> From a24914126f33044e21cf57c4f89272cf71d3d6d1 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:46:51 +0200 Subject: [PATCH 28/36] Update updateArticle-controller.php --- php/controller/updateArticle-controller.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/php/controller/updateArticle-controller.php b/php/controller/updateArticle-controller.php index 6d1b875..999ae76 100644 --- a/php/controller/updateArticle-controller.php +++ b/php/controller/updateArticle-controller.php @@ -23,7 +23,6 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { // ------------------------ Validierung des Autors: ---------------------------- $author = "max.mustermann"; // TODO: später aus Session den angemeldeten Nutzer beziehen. $validatedAuthor = $author; - echo "Autorvalidierung erfolgreich"; // --------------------- Eingabevalidierung des Titels: ------------------------- $title = $_POST["title"]; @@ -39,7 +38,6 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { if (!preg_match('/^[a-zA-Z0-9äöüÄÖÜß\s.,!?:;()\'"„“«»_+-]{5,120}$/u', $title)) { $errors['title'] = "Der Titel enthält ungültige Zeichen oder erfüllt die Länge von 5-120 Zeichen nicht."; } - echo "Titelvalidierung erfolgreich"; // --------------------- Eingabeüberprüfung des Contents: ----------------------- $content = $_POST["content"]; @@ -51,7 +49,6 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { header("location: ../../index.php?pfad=createArticle"); exit(); } - echo "Contentvalidierung erfolgreich"; // --------------------- -Eingabevalidierung der Kategorie: -------------------- $category = $_POST["category"]; @@ -68,7 +65,6 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { exit(); } $validatedCategory = $category; - echo "Kategorievalidierung erfolgreich"; // -------------------------- Eingabevalidierung der tags: ---------------------- if (isset($_POST['tags'])) { @@ -101,7 +97,6 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { // Duplikate entfernen: $validatedTags = array_unique($validatedTags); $validatedTags = implode(',', $validatedTags); - echo "Tagvalidierung erfolgreich"; // ----------------- Übertragung der validierten Daten in ArticleManager: --------------------------- if (!isset($validatedTitle) || !isset($validatedContent) || !isset($validatedAuthor) || !isset($validatedCategory) || !isset($validatedTags)) { From 268fe6a6b96a499822a1640d7011bd80ba20cbbe Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:49:45 +0200 Subject: [PATCH 29/36] Update updateArticle.php --- content/updateArticle.php | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/content/updateArticle.php b/content/updateArticle.php index 49c0254..ac86814 100644 --- a/content/updateArticle.php +++ b/content/updateArticle.php @@ -53,17 +53,21 @@ include_once 'php/controller/showArticle-controller.php'; ?> @@ -124,9 +128,12 @@ include_once 'php/controller/showArticle-controller.php'; " placeholder="z.B. Technik, IT (mit Komma trennen)"> From 308e5af6ff507a6698bdb56945f71bb35f561a78 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 12:51:17 +0200 Subject: [PATCH 30/36] tags-> bis 50 Zeichen --- content/createArticle.php | 2 +- php/controller/createArticle-controller.php | 2 +- php/controller/updateArticle-controller.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/createArticle.php b/content/createArticle.php index 970186c..41f1ca8 100644 --- a/content/createArticle.php +++ b/content/createArticle.php @@ -35,7 +35,7 @@ session_start();

- Ungültige Schlagworte gefunden. Erlaubt sind nur Buchstaben, Zahlen, Leerzeichen und Bindestriche (2-20 Zeichen). + Ungültige Schlagworte gefunden. Erlaubt sind nur Buchstaben, Zahlen, Leerzeichen und Bindestriche (2-50 Zeichen).

diff --git a/php/controller/createArticle-controller.php b/php/controller/createArticle-controller.php index 10916fb..77e71ea 100644 --- a/php/controller/createArticle-controller.php +++ b/php/controller/createArticle-controller.php @@ -82,7 +82,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { } // Tag mit Regex prüfen: - $tagPattern = '/^[a-zA-Z0-9äöüÄÖÜß\s-]{2,20}$/u'; //Erlaubt: Buchstaben, Zahlen, Bindestriche, Leerzeichen; 2-20 Zeichen + $tagPattern = '/^[a-zA-Z0-9äöüÄÖÜß\s-]{2,50}$/u'; //Erlaubt: Buchstaben, Zahlen, Bindestriche, Leerzeichen; 2-50 Zeichen if (preg_match($tagPattern, $tag)) { $validatedTags[] = $tag; } else { diff --git a/php/controller/updateArticle-controller.php b/php/controller/updateArticle-controller.php index 999ae76..807a45d 100644 --- a/php/controller/updateArticle-controller.php +++ b/php/controller/updateArticle-controller.php @@ -85,7 +85,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { } // Tag mit Regex prüfen: - $tagPattern = '/^[a-zA-Z0-9äöüÄÖÜß\s-]{2,20}$/u'; //Erlaubt: Buchstaben, Zahlen, Bindestriche, Leerzeichen; 2-20 Zeichen + $tagPattern = '/^[a-zA-Z0-9äöüÄÖÜß\s-]{2,50}$/u'; //Erlaubt: Buchstaben, Zahlen, Bindestriche, Leerzeichen; 2-50 Zeichen if (preg_match($tagPattern, $tag)) { $validatedTags[] = $tag; } else { From d5f30176c4ed71bbc863b60de8c78e5a10691822 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 13:41:22 +0200 Subject: [PATCH 31/36] article-validator.php --- php/controller/updateArticle-controller.php | 135 ++++++++------------ php/validator/article-validator.php | 104 +++++++++++++++ 2 files changed, 154 insertions(+), 85 deletions(-) create mode 100644 php/validator/article-validator.php diff --git a/php/controller/updateArticle-controller.php b/php/controller/updateArticle-controller.php index 807a45d..086de7e 100644 --- a/php/controller/updateArticle-controller.php +++ b/php/controller/updateArticle-controller.php @@ -3,6 +3,7 @@ session_start(); require_once '../model/LocalArticleManager.php'; require_once '../model/ArticleManager.php'; require_once '../model/Article.php'; +require_once '../validator/article-validator.php'; if ($_SERVER["REQUEST_METHOD"] === "POST") { $_SESSION["old_title"] = $_POST["title"] ?? ''; @@ -19,111 +20,75 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { } elseif(!isset($id)) { $_SESSION["message"] = "missing_id"; }else{ - - // ------------------------ Validierung des Autors: ---------------------------- - $author = "max.mustermann"; // TODO: später aus Session den angemeldeten Nutzer beziehen. - $validatedAuthor = $author; - - // --------------------- Eingabevalidierung des Titels: ------------------------- $title = $_POST["title"]; - // Mit Regex prüfen: - $titlePattern = '/^[a-zA-Z0-9äöüÄÖÜß\s.,!?:;()\'"„“«»_+-]{5,120}$/u'; //Erlaubt: Buchstaben, Zahlen, Standardsatzzeichen; 5-120 Zeichen - if (preg_match($titlePattern, $title)) { - $validatedTitle = $title; - } else { - $_SESSION["message"] = "invalid_title"; - header("location: ../../index.php?pfad=createArticle"); - exit(); - } - if (!preg_match('/^[a-zA-Z0-9äöüÄÖÜß\s.,!?:;()\'"„“«»_+-]{5,120}$/u', $title)) { - $errors['title'] = "Der Titel enthält ungültige Zeichen oder erfüllt die Länge von 5-120 Zeichen nicht."; - } - - // --------------------- Eingabeüberprüfung des Contents: ----------------------- $content = $_POST["content"]; - $zeichenAnzahl = mb_strlen($content); - if ($zeichenAnzahl <= 7000 && $zeichenAnzahl > 10) { - $validatedContent = $content; - }else{ - $_SESSION["message"] = "invalid_content"; - header("location: ../../index.php?pfad=createArticle"); - exit(); - } - - // --------------------- -Eingabevalidierung der Kategorie: -------------------- + $author = "max.mustermann"; // TODO: später aus Session den angemeldeten Nutzer beziehen. $category = $_POST["category"]; - $allowedCategories = [ - 'deutsch', 'englisch', 'franzoesisch', 'latein', 'literatur', - 'mathe', 'biologie', 'chemie', 'physik', 'informatik', 'astronomie', - 'geschichte', 'erdkunde', 'sozialkunde', 'wirtschaft', 'religion', - 'ethik', 'philosophie', 'psychologie', 'kunst', 'musik', 'theater', - 'technik', 'werken', 'hauswirtschaft', 'sport' - ]; - if (!in_array($category, $allowedCategories, true)) { - $_SESSION["message"] = "invalid_category"; - header("location: ../../index.php?pfad=createArticle"); - exit(); - } - $validatedCategory = $category; - - // -------------------------- Eingabevalidierung der tags: ---------------------- if (isset($_POST['tags'])) { $tags = $_POST['tags']; } else { $tags = ''; } - $validatedTags = []; - $rawTags = explode(',', $tags); // String mit Kommas in array... - foreach ($rawTags as $rawTag) { - // Leerzeichen am Anfang/Ende des einzelnen Tags entfernen: - $tag = trim($rawTag); - - // leere Elemente überspringen: - if ($tag === '') { - continue; - } - - // Tag mit Regex prüfen: - $tagPattern = '/^[a-zA-Z0-9äöüÄÖÜß\s-]{2,50}$/u'; //Erlaubt: Buchstaben, Zahlen, Bindestriche, Leerzeichen; 2-50 Zeichen - if (preg_match($tagPattern, $tag)) { - $validatedTags[] = $tag; - } else { - $_SESSION["message"] = "invalid_tags"; - header("location: ../../index.php?pfad=createArticle"); - exit(); - } + // -------------------------------- Validierung der Daten: ------------------------- + if (!articleAuthorValidator($author)) { + $_SESSION["message"] = "author_not_valid"; + header("location: ../../index.php?pfad=createArticle"); + exit(); } - // Duplikate entfernen: - $validatedTags = array_unique($validatedTags); - $validatedTags = implode(',', $validatedTags); - // ----------------- Übertragung der validierten Daten in ArticleManager: --------------------------- - if (!isset($validatedTitle) || !isset($validatedContent) || !isset($validatedAuthor) || !isset($validatedCategory) || !isset($validatedTags)) { - $_SESSION["message"] = "validation_missing"; + if (!articleTitleValidator($title)) { + $_SESSION["message"] = "invalid_title"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + + if (!articleContentValidator($content)) { + $_SESSION["message"] = "invalid_content"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + + if (!articleCategoryValidator($category)) { + $_SESSION["message"] = "invalid_category"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + + if (!articleTagValidator($_POST["tags"])) { + $_SESSION["message"] = "invalid_tags"; header("location: ../../index.php?pfad=createArticle"); exit(); } else { - try { - $articleManager = ArticleManager::getInstance(); - $article = $articleManager->getArticle($id); - $article->setTitle($validatedTitle); - $article->setContent($validatedContent); - $article->setCategory($validatedCategory); - $article->setTags($validatedTags); - $articleManager->updateArticle($id ,$article, $validatedAuthor); - } catch (Exception $e){ - $_SESSION["message"] = "internal_error"; - header("location: ../../index.php?pfad=createArticle"); - exit(); + $cleanedTags = []; + $rawTags = explode(',', $tags); + foreach ($rawTags as $rawTag) { + // Leerzeichen am Anfang/Ende des einzelnen Tags entfernen: + $tag = trim($rawTag); + // Duplikate entfernen: + $cleanedTags = array_unique($cleanedTags); + $cleanedTags = implode(',', $cleanedTags); } } + + // ----------------- Übertragung der validierten Daten in ArticleManager: --------------------------- + try { + $articleManager = ArticleManager::getInstance(); + $article = $articleManager->getArticle($id); + $article->setTitle($title); + $article->setContent($content); + $article->setCategory($category); + $article->setTags($cleanedTags); + $articleManager->updateArticle($id ,$article, $author); + } catch (Exception $e){ + $_SESSION["message"] = "internal_error"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } $_SESSION["message"] = "article_updated"; // Weiterleitung zur Homepage header("location: ../../index.php?pfad=showArticle&id=$id"); - } - exit(); } ?> \ No newline at end of file diff --git a/php/validator/article-validator.php b/php/validator/article-validator.php new file mode 100644 index 0000000..2eb1dbc --- /dev/null +++ b/php/validator/article-validator.php @@ -0,0 +1,104 @@ + 10) { + return true; + }else{ + return false; + } +} + +/** + * Prüft, ob die Kategorie eine erlaubt Kategorie ist. + * @param $category + * @return bool + */ +function articleCategoryValidator($category) +{ + $allowedCategories = [ + 'deutsch', 'englisch', 'franzoesisch', 'latein', 'literatur', + 'mathe', 'biologie', 'chemie', 'physik', 'informatik', 'astronomie', + 'geschichte', 'erdkunde', 'sozialkunde', 'wirtschaft', 'religion', + 'ethik', 'philosophie', 'psychologie', 'kunst', 'musik', 'theater', + 'technik', 'werken', 'hauswirtschaft', 'sport' + ]; + if (in_array($category, $allowedCategories, true)) { + return true; + } else { + return false; + } +} + +/** + * Prüft, ob die Tags die folgenden Bedingungen erfüllen: + * Buchstaben von a-z; A-Z + * Zahlen von 0-9 + * Umlaute äöüÄÖÜß + * Satzeichen - + * 2-50 Zeichen + * @param $tags + * @return bool + */ +function articleTagValidator($tags) +{ + if (!isset($tags)) { + $tags = ''; + } + + $rawTags = explode(',', $tags); + + foreach ($rawTags as $rawTag) { + // Leerzeichen am Anfang/Ende des einzelnen Tags entfernen: + $tag = trim($rawTag); + + // leere Elemente überspringen: + if ($tag === '') { + continue; + } + + // Tag mit Regex prüfen: + $tagPattern = '/^[a-zA-Z0-9äöüÄÖÜß\s-]{2,50}$/u'; + if (!preg_match($tagPattern, $tag)) { + return false; + } + } + return true; +} + +?> \ No newline at end of file From 3df526d5b5a5fb381950f45e5be4b6c253388a07 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 13:54:02 +0200 Subject: [PATCH 32/36] Update article-validator.php --- php/validator/article-validator.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/php/validator/article-validator.php b/php/validator/article-validator.php index 2eb1dbc..02c4f94 100644 --- a/php/validator/article-validator.php +++ b/php/validator/article-validator.php @@ -3,6 +3,7 @@ * Prüft, ob der Autor auch der Eigentümer des Beitrags ist. * @param $author * @return true + * TODO: Implement this. */ function articleAuthorValidator($author) { @@ -21,6 +22,7 @@ function articleAuthorValidator($author) */ function articleTitleValidator($title) { + $title = trim($title); $titlePattern = '/^[a-zA-Z0-9äöüÄÖÜß\s.,!?:;()\'"„“«»_+-]{5,120}$/u'; if (preg_match($titlePattern, $title)) { return true; @@ -36,8 +38,9 @@ function articleTitleValidator($title) */ function articleContentValidator($content) { + $content = trim($content); $zeichenAnzahl = mb_strlen($content); - if ($zeichenAnzahl <= 7000 && $zeichenAnzahl > 10) { + if ($zeichenAnzahl <= 7000 && $zeichenAnzahl >= 10) { return true; }else{ return false; From 17345345b5625228ec6361ec315105c2da9b72db Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 13:54:04 +0200 Subject: [PATCH 33/36] Update updateArticle-controller.php --- php/controller/updateArticle-controller.php | 33 ++++++++++++--------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/php/controller/updateArticle-controller.php b/php/controller/updateArticle-controller.php index 086de7e..3a40f5c 100644 --- a/php/controller/updateArticle-controller.php +++ b/php/controller/updateArticle-controller.php @@ -10,15 +10,19 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { $_SESSION["old_content"] = $_POST["content"] ?? ''; $_SESSION["old_category"] = $_POST["category"] ?? ''; $_SESSION["old_tags"] = $_POST["tags"] ?? ''; - try { + + if (isset($_GET["id"]) && !empty($_GET["id"])) { $id = $_GET["id"]; - } catch (Exception $e){ + } else { $_SESSION["message"] = "missing_id"; + header("location: ../../index.php?pfad=updateArticle"); + exit(); } + if (!isset($_POST["title"]) ||!isset($_POST["content"]) || !isset($_POST["category"])){ $_SESSION["message"] = "missing_parameters"; - } elseif(!isset($id)) { - $_SESSION["message"] = "missing_id"; + header("location: ../../index.php?pfad=updateArticle"); + exit(); }else{ $title = $_POST["title"]; $content = $_POST["content"]; @@ -33,31 +37,31 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { // -------------------------------- Validierung der Daten: ------------------------- if (!articleAuthorValidator($author)) { $_SESSION["message"] = "author_not_valid"; - header("location: ../../index.php?pfad=createArticle"); + header("location: ../../index.php?pfad=updateArticle"); exit(); } if (!articleTitleValidator($title)) { $_SESSION["message"] = "invalid_title"; - header("location: ../../index.php?pfad=createArticle"); + header("location: ../../index.php?pfad=updateArticle"); exit(); } if (!articleContentValidator($content)) { $_SESSION["message"] = "invalid_content"; - header("location: ../../index.php?pfad=createArticle"); + header("location: ../../index.php?pfad=updateArticle"); exit(); } if (!articleCategoryValidator($category)) { $_SESSION["message"] = "invalid_category"; - header("location: ../../index.php?pfad=createArticle"); + header("location: ../../index.php?pfad=updateArticle"); exit(); } - if (!articleTagValidator($_POST["tags"])) { + if (!articleTagValidator($tags)) { $_SESSION["message"] = "invalid_tags"; - header("location: ../../index.php?pfad=createArticle"); + header("location: ../../index.php?pfad=updateArticle"); exit(); } else { $cleanedTags = []; @@ -65,10 +69,11 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { foreach ($rawTags as $rawTag) { // Leerzeichen am Anfang/Ende des einzelnen Tags entfernen: $tag = trim($rawTag); - // Duplikate entfernen: - $cleanedTags = array_unique($cleanedTags); - $cleanedTags = implode(',', $cleanedTags); + $cleanedTags[] = $tag; } + // Duplikate entfernen: + $cleanedTags = array_unique($cleanedTags); + $cleanedTags = implode(',', $cleanedTags); } // ----------------- Übertragung der validierten Daten in ArticleManager: --------------------------- @@ -82,7 +87,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { $articleManager->updateArticle($id ,$article, $author); } catch (Exception $e){ $_SESSION["message"] = "internal_error"; - header("location: ../../index.php?pfad=createArticle"); + header("location: ../../index.php?pfad=updateArticle"); exit(); } $_SESSION["message"] = "article_updated"; From e779162ec256fe9248f00671b113406e8a6944f5 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 13:57:53 +0200 Subject: [PATCH 34/36] Update createArticle-controller.php --- php/controller/createArticle-controller.php | 124 +++++++------------- 1 file changed, 43 insertions(+), 81 deletions(-) diff --git a/php/controller/createArticle-controller.php b/php/controller/createArticle-controller.php index 77e71ea..0270a00 100644 --- a/php/controller/createArticle-controller.php +++ b/php/controller/createArticle-controller.php @@ -13,109 +13,71 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { header("location: ../../index.php?pfad=createArticle"); exit(); } else { - // ------------------------ Validierung des Autors: ---------------------------- - $author = "max.mustermann"; // TODO: später aus Session den angemeldeten Nutzer beziehen. - $validatedAuthor = $author; - echo "Autorvalidierung erfolgreich"; - - // --------------------- Eingabevalidierung des Titels: ------------------------- $title = $_POST["title"]; - // Mit Regex prüfen: - $titlePattern = '/^[a-zA-Z0-9äöüÄÖÜß\s.,!?:;()\'"„“«»_+-]{5,120}$/u'; //Erlaubt: Buchstaben, Zahlen, Standardsatzzeichen; 5-120 Zeichen - if (preg_match($titlePattern, $title)) { - $validatedTitle = $title; - } else { + $content = $_POST["content"]; + $author = "max.mustermann"; // TODO: später aus Session den angemeldeten Nutzer beziehen. + $category = $_POST["category"]; + $tags = $_POST['tags'] ?? ''; + + // -------------------------------- Validierung der Daten: ------------------------- + if (!articleAuthorValidator($author)) { + $_SESSION["message"] = "author_not_valid"; + header("location: ../../index.php?pfad=createArticle"); + exit(); + } + + if (!articleTitleValidator($title)) { $_SESSION["message"] = "invalid_title"; header("location: ../../index.php?pfad=createArticle"); exit(); } - if (!preg_match('/^[a-zA-Z0-9äöüÄÖÜß\s.,!?:;()\'"„“«»_+-]{5,120}$/u', $title)) { - $errors['title'] = "Der Titel enthält ungültige Zeichen oder erfüllt die Länge von 5-120 Zeichen nicht."; - } - echo "Titelvalidierung erfolgreich"; - // --------------------- Eingabeüberprüfung des Contents: ----------------------- - $content = $_POST["content"]; - $zeichenAnzahl = mb_strlen($content); - if ($zeichenAnzahl <= 7000 && $zeichenAnzahl > 10) { - $validatedContent = $content; - }else{ + if (!articleContentValidator($content)) { $_SESSION["message"] = "invalid_content"; header("location: ../../index.php?pfad=createArticle"); exit(); } - echo "Contentvalidierung erfolgreich"; - // --------------------- -Eingabevalidierung der Kategorie: -------------------- - $category = $_POST["category"]; - $allowedCategories = [ - 'deutsch', 'englisch', 'franzoesisch', 'latein', 'literatur', - 'mathe', 'biologie', 'chemie', 'physik', 'informatik', 'astronomie', - 'geschichte', 'erdkunde', 'sozialkunde', 'wirtschaft', 'religion', - 'ethik', 'philosophie', 'psychologie', 'kunst', 'musik', 'theater', - 'technik', 'werken', 'hauswirtschaft', 'sport' - ]; - if (!in_array($category, $allowedCategories, true)) { + if (!articleCategoryValidator($category)) { $_SESSION["message"] = "invalid_category"; header("location: ../../index.php?pfad=createArticle"); exit(); } - $validatedCategory = $category; - echo "Kategorievalidierung erfolgreich"; - // -------------------------- Eingabevalidierung der tags: ---------------------- - if (isset($_POST['tags'])) { - $tags = $_POST['tags']; - } else { - $tags = ''; - } - $validatedTags = []; - $rawTags = explode(',', $tags); // String mit Kommas in array... - - foreach ($rawTags as $rawTag) { - // Leerzeichen am Anfang/Ende des einzelnen Tags entfernen: - $tag = trim($rawTag); - - // leere Elemente überspringen: - if ($tag === '') { - continue; - } - - // Tag mit Regex prüfen: - $tagPattern = '/^[a-zA-Z0-9äöüÄÖÜß\s-]{2,50}$/u'; //Erlaubt: Buchstaben, Zahlen, Bindestriche, Leerzeichen; 2-50 Zeichen - if (preg_match($tagPattern, $tag)) { - $validatedTags[] = $tag; - } else { - $_SESSION["message"] = "invalid_tags"; - header("location: ../../index.php?pfad=createArticle"); - exit(); - } - } - // Duplikate entfernen: - $validatedTags = array_unique($validatedTags); - $validatedTags = implode(',', $validatedTags); - echo "Tagvalidierung erfolgreich"; - - // ----------------- Übertragung der validierten Daten in ArticleManager: --------------------------- - if (!isset($validatedTitle) || !isset($validatedContent) || !isset($validatedAuthor) || !isset($validatedCategory) || !isset($validatedTags)) { - $_SESSION["message"] = "validation_missing"; + if (!articleTagValidator($tags)) { + $_SESSION["message"] = "invalid_tags"; header("location: ../../index.php?pfad=createArticle"); exit(); } else { - try { - $articleManager = ArticleManager::getInstance(); - $articleManager->addArticle($validatedTitle, $validatedContent, $validatedAuthor, $validatedCategory, $validatedTags); - echo "Speichern erfolgreich"; - } catch (Exception $e){ - $_SESSION["message"] = "internal_error"; - header("location: ../../index.php?pfad=createArticle"); - exit(); + $cleanedTags = []; + $rawTags = explode(',', $tags); + foreach ($rawTags as $rawTag) { + // Leerzeichen am Anfang/Ende des einzelnen Tags entfernen: + $tag = trim($rawTag); + $cleanedTags[] = $tag; } - $_SESSION["message"] = "new_article"; - // Weiterleitung zur Homepage - header("location: ../../index.php"); + // Duplikate entfernen: + $cleanedTags = array_unique($cleanedTags); + $cleanedTags = implode(',', $cleanedTags); + } + // ----------------- Übertragung der validierten Daten in ArticleManager: --------------------------- + try { + $articleManager = ArticleManager::getInstance(); + $articleManager->addArticle($title, $content, $author, $category, $cleanedTags); + + // Formulardaten nach erfolgreichem Erstellen aus der Session löschen + unset($_SESSION["old_title"], $_SESSION["old_content"], $_SESSION["old_category"], $_SESSION["old_tags"]); + + } catch (Exception $e){ + $_SESSION["message"] = "internal_error"; + header("location: ../../index.php?pfad=createArticle"); exit(); } + + $_SESSION["message"] = "new_article"; + // Weiterleitung zur Homepage + header("location: ../../index.php"); + exit(); } } From f99b7bc8ab8db1b6e18925f54d852681f661cc03 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 14:02:11 +0200 Subject: [PATCH 35/36] Update updateArticle-controller.php --- php/controller/updateArticle-controller.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/php/controller/updateArticle-controller.php b/php/controller/updateArticle-controller.php index 3a40f5c..6ff32ec 100644 --- a/php/controller/updateArticle-controller.php +++ b/php/controller/updateArticle-controller.php @@ -28,11 +28,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") { $content = $_POST["content"]; $author = "max.mustermann"; // TODO: später aus Session den angemeldeten Nutzer beziehen. $category = $_POST["category"]; - if (isset($_POST['tags'])) { - $tags = $_POST['tags']; - } else { - $tags = ''; - } + $tags = $_POST['tags'] ?? ''; // -------------------------------- Validierung der Daten: ------------------------- if (!articleAuthorValidator($author)) { From 625dd35b9eb7287ff03c022c7a875942916d9121 Mon Sep 17 00:00:00 2001 From: NOrtmann1 Date: Mon, 1 Jun 2026 14:02:31 +0200 Subject: [PATCH 36/36] Update createArticle-controller.php --- php/controller/createArticle-controller.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/php/controller/createArticle-controller.php b/php/controller/createArticle-controller.php index 0270a00..d4c1cec 100644 --- a/php/controller/createArticle-controller.php +++ b/php/controller/createArticle-controller.php @@ -2,12 +2,14 @@ session_start(); require_once '../model/LocalArticleManager.php'; require_once '../model/ArticleManager.php'; +require_once '../validator/article-validator.php'; if ($_SERVER["REQUEST_METHOD"] === "POST") { $_SESSION["old_title"] = $_POST["title"] ?? ''; $_SESSION["old_content"] = $_POST["content"] ?? ''; $_SESSION["old_category"] = $_POST["category"] ?? ''; $_SESSION["old_tags"] = $_POST["tags"] ?? ''; + if(!isset($_POST["title"]) ||!isset($_POST["content"]) || !isset($_POST["category"])){ $_SESSION["message"] = "missing_parameters"; header("location: ../../index.php?pfad=createArticle");