PEAR validate [Archive] - CodingForums.com

timgolding

10-30-2007, 03:29 PM

Hi

I am having a few problems with the PEAR validate extension. I need to be able to validate an input string. However I need to allow HTML special chars in the validation, at present including such strings causes validation to fail.

function inputbox_validate($post_obj)
{
// Ensures data is English alpha numeric with possible whitespaces and punctuation including name punctuation
// Not really working with ENT_QUOTES etc
if(!Validate::string($post_obj, array("format"=>VALIDATE_NUM.VALIDATE_EALPHA.VALIDATE_PUNCTUATION.VALIDATE_SPACE.VALIDATE_NAME,"min_length"=>1,"max_length"=>256)))
$post_obj=NULL;

return $post_obj;
}

echo inputbox_validate('Jamie's')
//output: NULL

I can add extra predifned Regex in Pear. Here is an example of the predefined constants already available.

define('VALIDATE_NUM', '0-9');
define('VALIDATE_SPACE', '\s');
define('VALIDATE_ALPHA_LOWER', 'a-z');
define('VALIDATE_ALPHA_UPPER', 'A-Z');
define('VALIDATE_ALPHA', VALIDATE_ALPHA_LOWER . VALIDATE_ALPHA_UPPER);
define('VALIDATE_EALPHA_LOWER', VALIDATE_ALPHA_LOWER . 'áéíóúàèìòùäëïöüâêîôûñçþæðåý');
define('VALIDATE_EALPHA_UPPER', VALIDATE_ALPHA_UPPER . 'ÁÉÍÓÚÀÈÌÒÙÄËÏÖÜÂÊÎÔÛÑÇÞÆÐÅÝ');
define('VALIDATE_EALPHA', VALIDATE_EALPHA_LOWER . VALIDATE_EALPHA_UPPER);
define('VALIDATE_PUNCTUATION', VALIDATE_SPACE . '\.,;\:&"\'\?\!');
define('VALIDATE_NAME', VALIDATE_EALPHA . VALIDATE_SPACE . "'");
define('VALIDATE_STREET', VALIDATE_NAME . "/\\ºª\.");

firepages

10-31-2007, 04:01 AM

one of the goals of validation is to prevent html or scripts so messing with the function itself seems a bad idea.

you could validate a string stripped of tags...

<?
$validate_this=strip_tags($str);
if(inputbox_validate($validate_this)!=NULL){
//stripped data is in a valid format
//$str however is still insecure
}
?>

but then whilst you know the text passed is a valid name , you dont know what malicious scripts they may have passed in $str;