Created
May 28, 2009 17:57
-
-
Save adamcik/119469 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
require_once 'PHPUnit/Framework.php'; | |
require_once 'untaint.php'; | |
class IntTest extends PHPUnit_Framework_TestCase { | |
public function testValidInt() { | |
$data = array('foo' => 1, 'bar' => -9999999999); | |
$values = Untaint::check(array('foo'=>UNTAINT_INT, 'bar'=>UNTAINT_INT), $data); | |
$this->assertEquals($data['foo'], $values['foo']); | |
$this->assertEquals($data['bar'], $values['bar']); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidFloatToInt() { | |
$data = array('foo' => 1.0); | |
$values = Untaint::check(array('foo'=>UNTAINT_INT), $data); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidStringToInt() { | |
$data = array('foo' => 'foobar'); | |
$values = Untaint::check(array('foo'=>UNTAINT_INT), $data); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidArrayToInt() { | |
$data = array('foo' => array(1,2,3,4)); | |
$values = Untaint::check(array('foo'=>UNTAINT_INT), $data); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidObjectToInt() { | |
$data = array('foo' => new Untaint()); | |
$values = Untaint::check(array('foo'=>UNTAINT_INT), $data); | |
} | |
} | |
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<phpunit> | |
<testsuite name="UntaintTests"> | |
<file>Tests/UintTest.php</file> | |
<file>Tests/IntTest.php</file> | |
</testsuite> | |
</phpunit> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
require_once 'PHPUnit/Framework.php'; | |
require_once 'untaint.php'; | |
class UintTest extends PHPUnit_Framework_TestCase { | |
public function testValidUint() { | |
$data = array('foo' => 1, 'bar' => 9999999999); | |
$values = Untaint::check(array('foo'=>UNTAINT_UINT, 'bar'=>UNTAINT_UINT), $data); | |
$this->assertEquals($data['foo'], $values['foo']); | |
$this->assertEquals($data['bar'], $values['bar']); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidFloatToUint() { | |
$data = array('foo' => 1.0); | |
$values = Untaint::check(array('foo'=>UNTAINT_UINT), $data); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidStringToUint() { | |
$data = array('foo' => 'foobar'); | |
$values = Untaint::check(array('foo'=>UNTAINT_UINT), $data); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidArrayToUint() { | |
$data = array('foo' => array(1,2,3,4)); | |
$values = Untaint::check(array('foo'=>UNTAINT_UINT), $data); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidObjectToUint() { | |
$data = array('foo' => new Untaint()); | |
$values = Untaint::check(array('foo'=>UNTAINT_UINT), $data); | |
} | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
class Untaint { | |
public static function get($dict, $required=true) { | |
return self::check($dict, $_GET, $required); | |
} | |
public static function post($dict, $required=true) { | |
return self::check($dict, $_POST, $required); | |
} | |
public static function check($dict, $request, $required=true) { | |
$errors = array(); | |
$values = array(); | |
$cleaned_values = array(); | |
foreach ($dict as $key => $checker) { | |
$values[$key] = null; | |
if (!array_key_exists($key, $request)) { | |
$errors[$key] = "does not exist."; | |
} else { | |
$values[$key] = $request[$key]; | |
$checker = new $checker(); | |
$value = $checker->validate($request[$key]); | |
if ($checker->is_valid()) { | |
$cleaned_values[$key] = $value; | |
} else { | |
$errors[$key] = $checker->error(); | |
} | |
} | |
} | |
if ($required && $errors) | |
throw new UntaintException($values, $errors); | |
return $cleaned_values; | |
} | |
} | |
class UntaintException extends Exception { | |
private $errors_array = array(); | |
private $values_array = array(); | |
public function __construct($values, $errors) { | |
parent::__construct("Input did not validate."); | |
$this->values_array = $values; | |
$this->errors_array = $errors; | |
} | |
public function values() { | |
return $this->values_array; | |
} | |
public function errors() { | |
return $this->errors_array; | |
} | |
} | |
class UntaintChecker { | |
protected $regexp = '/^()$/'; | |
protected $message = 'is not valid.'; | |
protected $valid = false; | |
public function error() { | |
if (!$this->is_valid()) | |
return $this->message; | |
return ""; | |
} | |
public function is_valid() { | |
return $this->valid; | |
} | |
public function validate($value) { | |
if (!$this->check_string($value)) { | |
$this->message = 'contains invalid characters.'; | |
return null; | |
} | |
$matches = array(); | |
if (!preg_match($this->regexp, $value, $matches)) | |
return null; | |
$this->valid = true; | |
return $matches[0]; | |
} | |
private function check_string($string) { | |
return ($string == $this->strip_invalid_characters($string)); | |
} | |
private function strip_invalid_characters($string) { | |
return iconv( "UTF-8", "UTF-8//IGNORE", $string ); | |
} | |
} | |
define('UNTAINT_UINT', 'UntaintUint'); | |
class UntaintUint extends UntaintChecker { | |
protected $regexp = '/^(\d+)$/'; | |
protected $message = 'is not a valid positive number.'; | |
} | |
define('UNTAINT_INT', 'UntaintInt'); | |
class UntaintInt extends UntaintChecker { | |
protected $regexp = '/^(-?\d+)$/'; | |
protected $message = 'is not a valid number.'; | |
} | |
define('UNTAINT_EMAIL', 'UntaintEmail'); | |
class UntaintEmail extends UntaintChecker { | |
protected $regexp = '/^((?:[\+_a-z0-9-]+)(?:\.[\+_a-z0-9-]+)*@(?:[a-z0-9-]+)(?:\.[a-z0-9-]+)*(?:\.[a-z]{2,6})$)/i'; | |
protected $message = 'is not a valid email.'; | |
} | |
/* | |
try { | |
$result = Untaint::check_get(array( | |
'foo' => UNTAINT_INT, | |
'bar' => UNTAINT_UINT, | |
'baz' => UNTAINT_EMAIL, | |
)); | |
print_r($result); | |
} catch (UntaintException $e) { | |
print_r($e->values()); | |
print_r($e->errors()); | |
} | |
*/ | |
/* | |
const UINT = '/^(\d+)$/'; | |
const INT = '/^(-?\d+)$/'; | |
const DATE = '/^([0-9]{2,4}-[0-9]{1,2}-[0-9]{1,2})$/'; | |
const EMAIL = '/^((?:[\+_a-z0-9-]+)(?:\.[\+_a-z0-9-]+)*@(?:[a-z0-9-]+)(?:\.[a-z0-9-]+)*(?:\.[a-z]{2,6})$)/i'; | |
const PHONE = '/^((?:\+[0-9]+)? *(?:[0-9] *){5,})$/'; | |
const OBLATNO = '/^([0-9]{1,5})$/'; | |
const CARDNO = '/^([0-9]{1,6})$/'; | |
const POSTNO = '/^([0-9]{4})$/'; | |
private static $error_messages = array( | |
self::UINT => 'is not a valid positive number.', | |
self::INT => 'is not a valid number.', | |
self::DATE => 'is not a valid date.', | |
self::EMAIL => 'is not a valid email.', | |
self::PHONE => 'is not a valid phone number.', | |
self::OBLATNO => 'is not a valid oblat number.', | |
self::CARDNO => 'is not a valid card number.', | |
self::POSTNO => 'is not a valid postal number.', | |
); | |
*/ | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment