/** * Implements corresponding isValidXX logic. * * @param string $context Please see corresponding isValidXX description. * @param string $input Please see corresponding isValidXX description. * @param string $type Please see corresponding isValidXX description. * @param int $maxLength Please see corresponding isValidXX description. * @param bool $allowNull Please see corresponding isValidXX description. * * @return does not return a value. * @throws ValidationException thrown if input is invalid. * @throws IntrusionException thrown if intrusion is detected. */ private function _assertValidInput($context, $input, $type, $maxLength, $allowNull) { $validationRule = new StringValidationRule($type, $this->_encoder); $config = ESAPI::getSecurityConfiguration(); $pattern = $config->getValidationPattern($type); if ($pattern !== false) { $validationRule->addWhitelistPattern($pattern); } else { $validationRule->addWhitelistPattern($type); } $validationRule->setMaximumLength($maxLength); $validationRule->setAllowNull($allowNull); $validationRule->assertValid($context, $input); return null; }
/** * assertValid throws IntrusionException for obvious attack ;) */ function testStringVR_assertValid_attack() { $svr = new StringValidationRule('A_String', null, '^[abc]+$'); $this->setExpectedException('IntrusionException'); $svr->assertValid('testStringVR_assertValid_attack', 'dddddd%2500'); }