Add true validation functions validate_var_array() and input_input_array() #2048
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ext/filter/filter.c
Outdated
| zval_ptr_dtor(return_value); | ||
| RETURN_FALSE; | ||
| } | ||
| } |
|
when is a array considered invalid? (and why?) |
|
I updated the patch. It is considered invalid as soon as a validation rule fails now. |
added 5 commits
August 2, 2016 10:37
All filters are used. Evaluation order is the same as defined. It's possible to mix sanitize and validation filters. Any validation failure result in exception.
Example
<?php
error_reporting(E_ALL | E_STRICT);
$data = array(
'component' => '10',
);
$args = array(
'component' =>
array(
array(
'filter' => FILTER_VALIDATE_INT,
'options' => array('min_range' => 1, 'max_range' => 10)
),
array(
'filter' => FILTER_VALIDATE_REGEXP,
'options' => array('regexp' => '/[0123456789]{2}/')
),
array(
'filter' => FILTER_VALIDATE_FLOAT
),
),
);
$myinputs = validate_var_array($data, $args);
var_dump($myinputs);
…ame more useful to see what is wrong.
Add validate_var() and validate_input() for consistency and testing feature.
…d empty elements by default.
ext/filter/filter_private.h
Outdated
| #define FILTER_STRING_ENCODING_UTF8 1 | ||
|
|
||
| #define FILTER_FLAG_STRING_RAW 0x0001 | ||
| #define FILTER_FLAG_STRING_ALLOW_CNTRL 0x0002 |
There was a problem hiding this comment.
I think this should be named FILTER_FLAG_STRING_ALLOW_CTRL (without the 'n' in the end), as well as the userland constant as the constant name is already fairly long, and because CTRL is a more common abbreviation of control than CNTRL
There was a problem hiding this comment.
No problem for me. The reason CNTRL is used is this API.
- int iscntrl(int c);
I have mixed feeling. We have following
http://php.net/manual/en/intlchar.iscntrl.php
http://php.net/manual/en/function.ctype-cntrl.php
Any comments on using CTRL? Anyone?
added 14 commits
August 4, 2016 05:18
There is code assume invalid filter existence, yet it didn't exist. Add filter_check_definition() function. Filter definition error is silently ignored for perfomance reason. Definition error could be fatal bug. This function provide check feature finds typo, format error.
There is code assume invalid filter existence, yet it didn't exist. Add filter_check_definition() function. Filter definition error is silently ignored for perfomance reason. Definition error could be fatal bug. This function provide check feature finds typo, format error.
…php-src into master-rfc-validation-functions
…ers are retained because users will get invalid return value and continue execution. Added missing options and finish filter_check_definition().
This behavior is unacceptable for validation functions. Removed trim from int/float/bool validation. Bool validation filter converts empty strings to FALSE. This is not prefered behavior for validation function. Reject empty string and makede it optional. FILTER_FLAG_BOOL_ALLOW_EMPTY is added.
…INE according to other options
added 11 commits
August 6, 2016 13:26
…equire_input_array(). Fixed typo
…ValidateException.
As a result, users could get more useful infomation about validation exceptions.
i.e. Message returned from getMessage() contains invalid_key, filter_name, filter_flags.
class FilterValidateException extends Exception {
protected $invalid_key;
protected $invalid_value;
protected $filter_id;
protected $filter_name;
protected $filter_flags;
}
filter_get_invalid_key() has been removed by Exception improvement.
|
Gonna close this due to inactivity, please open a new PR if you decide to pick up on it and post an RFC |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See RFC for more details and updates.
RFC: https://wiki.php.net/rfc/add_validate_functions_to_filter
filter_var_array()/filter_input_array() return value is hard to tell if there were validation errors because they simply filter inputs. i.e. They set FALSE or NULL for invalid elements and return filtered array. This behavior makes it difficult to use filter_array()/filter_input_array() as validation functions that reject invalid inputs.
This patch adds true validation functions
String validation filter
Invalid validation filter
Note on callback filter
Multiple sanitize/validation filter.
e.g.