Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:102003 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 78405 invoked from network); 27 Mar 2018 11:03:19 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Mar 2018 11:03:19 -0000 Authentication-Results: pb1.pair.com header.from=crocodile2u@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=crocodile2u@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.173 as permitted sender) X-PHP-List-Original-Sender: crocodile2u@gmail.com X-Host-Fingerprint: 209.85.217.173 mail-ua0-f173.google.com Received: from [209.85.217.173] ([209.85.217.173:46862] helo=mail-ua0-f173.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 5B/CB-35998-3F42ABA5 for ; Tue, 27 Mar 2018 06:03:16 -0500 Received: by mail-ua0-f173.google.com with SMTP id u9so776784ual.13 for ; Tue, 27 Mar 2018 04:03:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=G3Yqyn03KgJqLqwvM6rd+E465xSAQXGSb1ug++YNKcI=; b=jaODOd0NncnH4zE5LOVijxcJ+/CijdTZdudPQttuKEznOLwayI7pxvKWv/fdjHUWAm /oj4F9No3yRItr5/oegyETGEohgT/fPnfKu+/YFjcBsQYUBu1hJd65q/gTs7LJRqBfx6 tPQ26X5DJ4eDXqR9sRcIC4uLHW42KdTHrtQrMgQc5S1XdWArsFGP3SuyuuTESlTmlUOn NdPHM5XHlwX+87Hs0JnJ4oR2f6G6JYrWF4CIu54QmnaC4Lxn10JbjJsiMvutp+u/daQl nGKGIdmWHR+gfikCpiD4q1N2fkap/peBR/i6CNV96kxNOGUJaEWS8pimbsPwojwCzlZn 9DEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=G3Yqyn03KgJqLqwvM6rd+E465xSAQXGSb1ug++YNKcI=; b=Legb3uuiKXwwGsow8ychYl3d4RAJYN8/yT/s7yJJLP3SqmEe2mLHxGk7YdjHopF8w5 o6+ADfSa6WFkLO5bP/G47Fsr7m3c9sF5FvWh/8PZq2kF3tJdyjCSjr/tTIPoPNBIr3a6 N3QB3ht2+/9cE9CnnZfpJQ9+V18gSBLuk/QDanYgnJKQdRlbdu9itJP6+QmUlkUnvyLP oTZrLzFC+QiH4prOhwKtkpIZ3bqaibjM2xumwqc9xKuOxH22O9xG5pZoySkXEntqECIz 07AYgoizzrzDNGbTkdfwXQImh6xuwvbSIeNUG2LTTJ5Yo2gTRYoImmpgvicY3lixc8Tm tSow== X-Gm-Message-State: AElRT7FRH4z5LOrrqJ9sAMcYBJYF5VVoFTkRA4YUkHGQsYJp+m9CovVz RibC+da/k+Z2gmDFSKup++RVKQ99cyMjZKcbpmk= X-Google-Smtp-Source: AG47ELvtuRFzz7wjvig2AfBj4NMQ9jMw/UK90SRkelGLDD/a1Mt3IGU7SJooEQqTG1n9uVaIzZmdWjA0VYm0lcFv3LI= X-Received: by 10.159.34.241 with SMTP id 104mr20626879uan.182.1522148593350; Tue, 27 Mar 2018 04:03:13 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Tue, 27 Mar 2018 11:03:02 +0000 Message-ID: To: Yasuo Ohgaki Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary="94eb2c04c93233bd4d056862d63c" Subject: Re: [PHP-DEV] Re: A validator module for PHP7 From: crocodile2u@gmail.com (Crocodile) --94eb2c04c93233bd4d056862d63c Content-Type: text/plain; charset="UTF-8" It's almost always the case that you need to provide a meaningful feedback about what exactly went wrong, rather then to just say "Failed!" While simplicity is nice and you cannot overrate value of validation, this whole thing is pretty much useless to me personally without this ability. Also, I don't think it's a good idea to mix validation of scalar values, arrays and even multiple arrays, in a single function. On Tue, Mar 27, 2018 at 11:43 AM Yasuo Ohgaki wrote: > On Mon, Sep 4, 2017 at 3:33 PM, Yasuo Ohgaki wrote: > > > Hi all, > > > > I spent a little time for a new input validation module. It's not totally > > new module, but is based on Filter module's validation filter improvement > > RFC in many ways. [1] > > > > As all of us knew already, input validation is the most important > practice > > in secure coding. [2][3] Yet, we don't provide usable feature out of box. > > Sadly, almost all apps do not have proper input validation at trust > > boundary. Unless we improve filter's validation, we need usable basic > > validator by default. IMO. > > > > Since I didn't get much feedbacks during the RFC discussion, I cannot > tell > > what part is disliked. I guess too much features in filter is one reason. > > Another is messed up codes/features by providing both "filter" and > > "validation". > > > > Validator for PHP7 (validate module) gets rid of unneeded features. It > > only has features for basic PHP data type validations. Validation > > rule(spec) array is flexible enough. Almost any types of inputs could be > > handled by multiple and nested validation rules. > > > > Except some minor features like overflow checks, most planned features > are > > implemented. > > > > https://github.com/yohgaki/validate-php > > > > Although the code is based on filter module's code, it's almost full > > rewrite except validation logic came from filter. Please consider this as > > under development module. > > Feedbacks are appreciated. > > > > Regards, > > > > [1] https://wiki.php.net/rfc/add_validate_functions_to_filter > > [2] https://www.securecoding.cert.org/confluence/display/ > > seccode/Top+10+Secure+Coding+Practices > > [3] https://www.owasp.org/index.php/OWASP_Secure_Coding_ > > Practices_-_Quick_Reference_Guide > > > > -- > > Yasuo Ohgaki > > yohgaki@ohgaki.net > > > > > I thought it would be nice to have PHP script version for > Validate PHP. It a lot easier to modify API as needed. So > I spend few hours last weekend. > > https://github.com/yohgaki/validate-php-scr > > Caution, I just wrote it and didn't debug it yet. > However, it is good enough to play with, I suppose. > > API differs a little. This has more simplified parameter > structure. Suggestions and comments are appreciated. > > Regards, > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net > -- Best regards, Victor Bolshov --94eb2c04c93233bd4d056862d63c--