This commit is contained in:
@ -240,6 +240,37 @@ function qdb_analytics_stale_clients(PDO $pdo, array $tokenRec): array {
|
||||
return $out;
|
||||
}
|
||||
|
||||
/** Max length for counselor/admin client follow-up notes (characters). */
|
||||
const QDB_CLIENT_NOTE_MAX_LENGTH = 200;
|
||||
|
||||
/**
|
||||
* Sanitize a client follow-up note. Empty string clears the note.
|
||||
* Rejects input that sanitizes to empty while the raw value was non-empty.
|
||||
*/
|
||||
function qdb_normalize_client_followup_note(mixed $note): string {
|
||||
require_once __DIR__ . '/text_sanitize.php';
|
||||
$raw = is_string($note) || is_numeric($note) ? trim((string)$note) : '';
|
||||
if ($raw === '') {
|
||||
return '';
|
||||
}
|
||||
if (mb_strlen($raw) > QDB_CLIENT_NOTE_MAX_LENGTH) {
|
||||
json_error(
|
||||
'INVALID_FIELD',
|
||||
'note must be at most ' . QDB_CLIENT_NOTE_MAX_LENGTH . ' characters',
|
||||
400
|
||||
);
|
||||
}
|
||||
$clean = sanitize_free_text($raw, QDB_CLIENT_NOTE_MAX_LENGTH);
|
||||
if ($clean === '') {
|
||||
json_error('INVALID_FIELD', 'note contains disallowed content', 400);
|
||||
}
|
||||
return $clean;
|
||||
}
|
||||
|
||||
/**
|
||||
* Upsert a follow-up note for a client visible under the caller's RBAC.
|
||||
* Pass an already-normalized note (see qdb_normalize_client_followup_note).
|
||||
*/
|
||||
function qdb_analytics_set_followup_note(PDO $pdo, array $tokenRec, string $clientCode, string $note): void {
|
||||
$clientCode = trim($clientCode);
|
||||
if ($clientCode === '') {
|
||||
|
||||
Reference in New Issue
Block a user