...

View Full Version : PEAR validate



timgolding
10-30-2007, 04:29 PM
Hi

I am having a few problems with the PEAR validate extension. I need to be able to validate an input string. However I need to allow HTML special chars in the validation, at present including such strings causes validation to fail.



function inputbox_validate($post_obj)
{
// Ensures data is English alpha numeric with possible whitespaces and punctuation including name punctuation
// Not really working with ENT_QUOTES etc
if(!Validate::string($post_obj, array("format"=>VALIDATE_NUM.VALIDATE_EALPHA.VALIDATE_PUNCTUATION.VALIDATE_SPACE.VALIDATE_NAME,"min_length"=>1,"max_length"=>256)))
$post_obj=NULL;

return $post_obj;
}


echo inputbox_validate('Jamie's')
//output: NULL


I can add extra predifned Regex in Pear. Here is an example of the predefined constants already available.



define('VALIDATE_NUM', '0-9');
define('VALIDATE_SPACE', '\s');
define('VALIDATE_ALPHA_LOWER', 'a-z');
define('VALIDATE_ALPHA_UPPER', 'A-Z');
define('VALIDATE_ALPHA', VALIDATE_ALPHA_LOWER . VALIDATE_ALPHA_UPPER);
define('VALIDATE_EALPHA_LOWER', VALIDATE_ALPHA_LOWER . '');
define('VALIDATE_EALPHA_UPPER', VALIDATE_ALPHA_UPPER . '');
define('VALIDATE_EALPHA', VALIDATE_EALPHA_LOWER . VALIDATE_EALPHA_UPPER);
define('VALIDATE_PUNCTUATION', VALIDATE_SPACE . '\.,;\:&"\'\?\!\(\)');
define('VALIDATE_NAME', VALIDATE_EALPHA . VALIDATE_SPACE . "'");
define('VALIDATE_STREET', VALIDATE_NAME . "/\\\.");

firepages
10-31-2007, 05:01 AM
one of the goals of validation is to prevent html or scripts so messing with the function itself seems a bad idea.

you could validate a string stripped of tags...


<?
$validate_this=strip_tags($str);
if(inputbox_validate($validate_this)!=NULL){
//stripped data is in a valid format
//$str however is still insecure
}
?>


but then whilst you know the text passed is a valid name , you dont know what malicious scripts they may have passed in $str;

timgolding
10-31-2007, 03:46 PM
I had thought of this however if i completely strip tags that removes ENT_QUOTES. I can replace these first but then the validator fails. Basically validation fails if I put ENT_QUOTES or SPECIAL CHARS. which is what I intend to allow.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum