Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95557
Return-Path: <rowan.collins@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 89656 invoked from network); 2 Sep 2016 10:40:23 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Sep 2016 10:40:23 -0000
Authentication-Results: pb1.pair.com smtp.mail=rowan.collins@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=rowan.collins@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.179 as permitted sender)
X-PHP-List-Original-Sender: rowan.collins@gmail.com
X-Host-Fingerprint: 209.85.192.179 mail-pf0-f179.google.com  
Received: from [209.85.192.179] ([209.85.192.179:33029] helo=mail-pf0-f179.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id C9/A3-19490-51759C75 for <internals@lists.php.net>; Fri, 02 Sep 2016 06:40:22 -0400
Received: by mail-pf0-f179.google.com with SMTP id g202so18284094pfb.0
        for <internals@lists.php.net>; Fri, 02 Sep 2016 03:40:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-transfer-encoding;
        bh=uZ6I80EW2ldwQ9GG5jS6n7udcDoa+xP2J9pSqXAsmdA=;
        b=WP6YJB6kdD/0grAiY6qcQpRFgMoD641Xukp6ZBhOISKEzAp9VSopf4NEz8kJgSwitJ
         dGf0nmB5AD98CDxBExqRiYiMX2Dj0DSY6Bth8vN55HrzODEk2zttMzW7fPIX++gjsoOW
         6jnh9OpBw+9XXC0e+UhFPeWlZai95/057qei8vpvrwgkIo4oVlz3QeoH1I9PT4MYzLZN
         6rmJrvlKNZhmu8H13mpVH1yLeehFkNSvtVCLWLF/nRZ6KbdoSvmzVAVboYQTy483Rf8j
         6m5IrNFRBjTV9Fcu4QdDal8VDk35wIwAHe2jrlgAkbS+hzTwWyqYuBNoQU5fXSAv8M6S
         xt9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:subject:to:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding;
        bh=uZ6I80EW2ldwQ9GG5jS6n7udcDoa+xP2J9pSqXAsmdA=;
        b=IRBWNQDfRgVjE75ACiHtyV3lzbs0vWQtOTidGP0hwPXCJbZsGLKtfFH4pRbTPW2svs
         KViuDt3QXtY91/LTi0XlJonDpTL2SyOcAs8s7LPTsdBaksQpcHisLpKCHQrnFanMHC1j
         o2BQUHy4G7wYRZ+CR+lDfxBjUI6SLvAZ4MCn/zT+YOwddFeOJuRUzJIWbEeINBZM0gcT
         OQ5poEin3Mv/VvR46QjcTRV82l0u6ByfyqXdyCbppoAlSt+zQ4DzJVCHHSFWhOvB28RJ
         e/1u8t66PMzIhp0rnD34UQo5zSlE5cDOE1fNDhqZaJOd/df6KnnZ8O/GtKwaaUDpRZ4P
         XHzA==
X-Gm-Message-State: AE9vXwNbXuv/6gBu16aROyXr7ldgDAnqlHtQcOV5gkvyHldnriaQlpCGipenWetQPceyOg==
X-Received: by 10.98.34.151 with SMTP id p23mr35359926pfj.102.1472812817817;
        Fri, 02 Sep 2016 03:40:17 -0700 (PDT)
Received: from [192.168.0.98] ([93.188.182.58])
        by smtp.gmail.com with ESMTPSA id e68sm13896659pfk.1.2016.09.02.03.40.15
        for <internals@lists.php.net>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 02 Sep 2016 03:40:16 -0700 (PDT)
To: internals@lists.php.net
References: <CAGa2bXarw2jTj0yhXpywWNQOJLR2pdhfaqSdwj_btT2giEL15Q@mail.gmail.com>
 <CAGa2bXaA+uvh_wpRAHeiv+Xb-JOrTAkyoe3jzq3FVCEbfja_5w@mail.gmail.com>
 <232F1604-2211-4351-B830-EDC958A25D6D@strojny.net>
 <CAGa2bXb2y4afY28rwdcjgxUEkr41ZPMMdj4dUtMDVtJLBONAbA@mail.gmail.com>
 <2de35db0-9974-cc96-83dd-3d2dbd48f7f8@lsces.co.uk>
 <CAGa2bXYG1Or9+SGf3Rm4Yi5KUQ1mwnffTSSzuwARpy4bFfXB=w@mail.gmail.com>
Message-ID: <5b72e9da-068a-bc79-82c2-f36f723f42bb@gmail.com>
Date: Fri, 2 Sep 2016 11:37:48 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CAGa2bXYG1Or9+SGf3Rm4Yi5KUQ1mwnffTSSzuwARpy4bFfXB=w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC][VOTE] Add validation functions to filter module
From: rowan.collins@gmail.com (Rowan Collins)

On 02/09/2016 11:11, Yasuo Ohgaki wrote:
> Taking care of tampered data by business logic will reduce both
> readability and maintainability. And more importantly, make code
> less secure because programmers tend to focus on logic
> in model, not input data validations.

This certainly makes sense. I guess the challenge is that in order to 
know if data has been tampered, you need to have some knowledge of the 
expected format. That expectation depends on what data you're expecting, 
which depends - ultimately - on the domain objects being modelled.

More specifically, though, it depends on the interaction design - in an 
HTML context, the forms being presented. So the validation needs 
knowledge of the form controls - e.g. if a select box was shown, and the 
value is not from the known list of options, the input has been tampered 
with.

If that's the case, the logical place to build the validation is into a 
form builder. At which point you've probably got a complex architecture 
in userland, and filter_* functions are unlikely to be a natural fit.

If somebody's *not* using a library to build the form (e.g. they're 
laying out the HTML by hand), are they likely to set up the complex 
validation settings needed by the filter_* functions?

Regards,
-- 
Rowan Collins
[IMSoP]