Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:95337 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 9739 invoked from network); 20 Aug 2016 09:21:15 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Aug 2016 09:21:15 -0000 Authentication-Results: pb1.pair.com header.from=lester@lsces.co.uk; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=lester@lsces.co.uk; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lsces.co.uk from 217.147.176.230 cause and error) X-PHP-List-Original-Sender: lester@lsces.co.uk X-Host-Fingerprint: 217.147.176.230 mail4-3.serversure.net Linux 2.6 Received: from [217.147.176.230] ([217.147.176.230:52066] helo=mail4.serversure.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 39/74-03566-90128B75 for ; Sat, 20 Aug 2016 05:21:14 -0400 Received: (qmail 2997 invoked by uid 89); 20 Aug 2016 09:21:10 -0000 Received: by simscan 1.3.1 ppid: 2989, pid: 2993, t: 0.0968s scanners: attach: 1.3.1 clamav: 0.96/m:52/d:10677 Received: from unknown (HELO ?10.0.0.7?) (lester@rainbowdigitalmedia.org.uk@81.138.11.136) by mail4.serversure.net with ESMTPA; 20 Aug 2016 09:21:10 -0000 To: "internals@lists.php.net" References: <7795ca21-bd70-fe65-9519-af95fdfee33f@gmail.com> <40279244-a1ba-2680-8a14-89708bcd1852@gmail.com> <08c8ca8b-fb14-fd1a-c6fa-2ee4db6e870a@lsces.co.uk> Message-ID: <6014cc43-295f-95ca-1c11-1d4795e15cc1@lsces.co.uk> Date: Sat, 20 Aug 2016 10:21:09 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module From: lester@lsces.co.uk (Lester Caine) On 20/08/16 08:30, Yasuo Ohgaki wrote: > The input validation we are discussing is "Input/output rules between > client and server". It decides what's valid/invalid. I think I'm getting two things confused and am mixing your array filtering RFC up with this one. There is so much speculative stuff being discussed rather than trying to nail down key elements? I am looking at the whole process, so I have client side validation with is built from a set of rules added to the smarty templates. This still has a couple of gaps where manual creation of javascript is still needed, but that relates more to getting the validation working with botstrap3. This gives me a clean set of post data, and if one could ignore the morons then working with the $_POST array would be a doddle, but because we live in the real world, it's the BUILDING of the $_POST array when one can't trust the provider that we want to filter, and in an ideal world the rules would be used for each variable as they are added to the array, rather than post creating the array. One could almost envisage a check that the post data packed IS too big for the set of variables being returned and crash out, but simply throwing away suspect data as each variable is built and having the logic to simply create an exception on the first failure, only pass those fields that are valid ensures the $_POST array matches the clients data array. -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk