/** * Returns the canonicalized, valid input. * Throws ValidationException if the input is not valid or * IntrusionException if the input is an obvious attack. * * @param string $context A descriptive name of the parameter that you are * validating (e.g., ProfilePage_Signature). This value * is used by any logging or error handling that is done * with respect to the value passed in. * @param string $input The actual string user input data to validate. * * @return string canonicalized, valid input. * @throws ValidationException, IntrusionException */ public function getValid($context, $input) { // Parent validator will sanity check. $canonical = parent::getValid($context, $input); $clean_email = filter_var($canonical, FILTER_SANITIZE_EMAIL); if ($clean_email == false) { throw new ValidationException('Email Address Input is not valid.', 'Error attempting to sanitize Email Address: ' . $input, $context); } if (strcmp($canonical, $clean_email) !== 0) { throw new ValidationException('Email Address Input may not be valid.', 'Resorted to string comparsion of canonicalized and purified ' . 'Email Address input - result was Not Equal', $context); } return $clean_email; }
/** * Helper method to validate input and return the canonicalized, validated value * if valid. * * @param string $context A description of the input to be validated. * @param string $input The input to validate. * @param string $pattern The regex pattern against which to validate the * supplied input. * @param string $type A descriptive name for the StringValidationRule. * @param int $maxLength The maximum post-canonicalized length of valid * inputs. * @param bool $allowNULL Whether an empty string is considered valid input. * * @throws ValidationException * * @return string canonicalized, valid inputs only. */ private function _getIfValid($context, $input, $pattern, $type, $maxLength, $allowNull) { $validationRule = new StringValidationRule($type, $this->_encoder); if ($pattern != null) { $validationRule->addWhitelistPattern($pattern); } $validationRule->setMaximumLength($maxLength); $validationRule->setAllowNull($allowNull); return $validationRule->getValid($context, $input); }
/** * Returns the canonicalized, valid input. * Throws ValidationException if the input is not valid or * IntrusionException if the input is an obvious attack. * * @param string $context A descriptive name of the parameter that you are * validating (e.g., ProfilePage_Signature). This value * is used by any logging or error handling that is done * with respect to the value passed in. * @param string $input The actual string user input data to validate. * * @throws ValidationException, IntrusionException * * @return string canonicalized, valid input. */ public function getValid($context, $input) { // Parent validator will sanity check. $canonical = parent::getValid($context, $input); $clean_html = null; try { $clean_html = $this->_purifier->purify($canonical); } catch (Exception $e) { throw new ValidationException('HTML Input is not valid.', 'Caught ' . gettype($e) . ' attempting to purify HTML: ' . $e->getMessage, $context); } // If ErrorCollector was used, it may be able to tell us about errors in // the html. If not, (poor quality) assumption is that if canonicalized // input and the output don't match then the input wasn't valid. $numErrors = 0; $errors = $this->_purifier->context->get('ErrorCollector'); if ($errors instanceof HTMLPurifier_ErrorCollector) { $numErrors = sizeof($errors->getRaw(), false); if ($numErrors > 0) { throw new ValidationException('HTML Input is not valid.', "{$numErrors} found in HTML - Input is not valid.", $context); } } elseif (strcmp($canonical, $clean_html) !== 0) { throw new ValidationException('HTML Input may not be valid.', 'Resorted to string comparsion of canonicalized and purified ' . 'HTML input - result was Not Equal', $context); } return $clean_html; }
/** * getValid returns canonicalised input for valid input */ function testStringVR_getValid_valid() { $svr = new StringValidationRule('A_String', null, '^[abc]+$'); $this->assertEquals('aabbcc', $svr->getValid('testStringVR_getValid_valid', 'aabbcc')); $this->assertEquals('aabbcc', $svr->getValid('testStringVR_getValid_valid', '%61abbcc')); }