/**
* Implements corresponding isValidXX logic.
*
* @param string $context Please see corresponding isValidXX description.
* @param string $input Please see corresponding isValidXX description.
* @param string $type Please see corresponding isValidXX description.
* @param int $maxLength Please see corresponding isValidXX description.
* @param bool $allowNull Please see corresponding isValidXX description.
*
* @return does not return a value.
* @throws ValidationException thrown if input is invalid.
* @throws IntrusionException thrown if intrusion is detected.
*/
private function _assertValidInput($context, $input, $type, $maxLength, $allowNull)
{
$validationRule = new StringValidationRule($type, $this->_encoder);
$config = ESAPI::getSecurityConfiguration();
$pattern = $config->getValidationPattern($type);
if ($pattern !== false) {
$validationRule->addWhitelistPattern($pattern);
} else {
$validationRule->addWhitelistPattern($type);
}
$validationRule->setMaximumLength($maxLength);
$validationRule->setAllowNull($allowNull);
$validationRule->assertValid($context, $input);
return null;
}
/**
* assertValid throws IntrusionException for obvious attack ;)
*/
function testStringVR_assertValid_attack()
{
$svr = new StringValidationRule('A_String', null, '^[abc]+$');
$this->setExpectedException('IntrusionException');
$svr->assertValid('testStringVR_assertValid_attack', 'dddddd%2500');
}
