-
-
Save klette/120068 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
require_once 'PHPUnit/Framework.php'; | |
require_once 'untaint.php'; | |
class IntTest extends PHPUnit_Framework_TestCase { | |
public function testValidInt() { | |
$data = array('foo' => 1, 'bar' => -9999999999); | |
$values = Untaint::check(array('foo'=>UNTAINT_INT, 'bar'=>UNTAINT_INT), $data); | |
$this->assertEquals($data['foo'], $values['foo']); | |
$this->assertEquals($data['bar'], $values['bar']); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidFloatToInt() { | |
$data = array('foo' => 1.0); | |
$values = Untaint::check(array('foo'=>UNTAINT_INT), $data); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidStringToInt() { | |
$data = array('foo' => 'foobar'); | |
$values = Untaint::check(array('foo'=>UNTAINT_INT), $data); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidArrayToInt() { | |
$data = array('foo' => array(1,2,3,4)); | |
$values = Untaint::check(array('foo'=>UNTAINT_INT), $data); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidObjectToInt() { | |
$data = array('foo' => new Untaint()); | |
$values = Untaint::check(array('foo'=>UNTAINT_INT), $data); | |
} | |
} | |
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<phpunit> | |
<testsuite name="UntaintTests"> | |
<file>Tests/UintTest.php</file> | |
<file>Tests/IntTest.php</file> | |
</testsuite> | |
</phpunit> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
require_once 'PHPUnit/Framework.php'; | |
require_once 'untaint.php'; | |
class UintTest extends PHPUnit_Framework_TestCase { | |
public function testValidUint() { | |
$data = array('foo' => 1, 'bar' => 9999999999); | |
$values = Untaint::check(array('foo'=>UNTAINT_UINT, 'bar'=>UNTAINT_UINT), $data); | |
$this->assertEquals($data['foo'], $values['foo']); | |
$this->assertEquals($data['bar'], $values['bar']); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidFloatToUint() { | |
$data = array('foo' => 1.0); | |
$values = Untaint::check(array('foo'=>UNTAINT_UINT), $data); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidStringToUint() { | |
$data = array('foo' => 'foobar'); | |
$values = Untaint::check(array('foo'=>UNTAINT_UINT), $data); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidArrayToUint() { | |
$data = array('foo' => array(1,2,3,4)); | |
$values = Untaint::check(array('foo'=>UNTAINT_UINT), $data); | |
} | |
/** | |
* @expectedException UntaintException | |
*/ | |
public function testInvalidObjectToUint() { | |
$data = array('foo' => new Untaint()); | |
$values = Untaint::check(array('foo'=>UNTAINT_UINT), $data); | |
} | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
class Untaint { | |
public static function check_get($dict, $required=true) { | |
return self::check($dict, $_GET, $required); | |
} | |
public static function check_post($dict, $required=true) { | |
return self::check($dict, $_POST, $required); | |
} | |
public static function check($dict, $request, $required=true) { | |
$errors = array(); | |
$values = array(); | |
foreach ($dict as $key => $checker) { | |
$checker = new $checker(); | |
$values[$key] = null; | |
if (!array_key_exists($key, $request)) { | |
$errors[$key] = "does not exist."; | |
} else { | |
$value = $checker->validate($request[$key]); | |
if ($checker->is_valid()) { | |
$values[$key] = $value; | |
} else { | |
$errors[$key] = $checker->error(); | |
} | |
} | |
} | |
if ($required && $errors) | |
throw new UntaintException($errors); | |
return $values; | |
} | |
} | |
class UntaintException extends Exception { | |
public $errors = array(); | |
public function __construct($errors) { | |
parent::__construct("Input did not validate."); | |
$this->errors = $errors; | |
} | |
} | |
class UntaintChecker { | |
protected $regexp = '/^()$/'; | |
protected $message = 'is not valid.'; | |
protected $valid = false; | |
public function error() { | |
if (!$this->is_valid()) | |
return $this->message; | |
return ""; | |
} | |
public function is_valid() { | |
return $this->valid; | |
} | |
public function validate($value) { | |
if (!$this->check_string($value)) { | |
$this->message = 'contains invalid characters.'; | |
return null; | |
} | |
$matches = array(); | |
if (!preg_match($this->regexp, $value, $matches)) | |
return null; | |
$this->valid = true; | |
return $matches[0]; | |
} | |
private function check_string($string) { | |
return ($string == $this->strip_invalid_characters($string)); | |
} | |
private function strip_invalid_characters($string) { | |
return iconv( "UTF-8", "UTF-8//IGNORE", $string ); | |
} | |
} | |
define('UNTAINT_UINT', 'UntaintUint'); | |
class UntaintUint extends UntaintChecker { | |
protected $regexp = '/^(\d+)$/'; | |
protected $message = 'is not a valid positive number.'; | |
} | |
define('UNTAINT_INT', 'UntaintInt'); | |
class UntaintInt extends UntaintChecker { | |
protected $regexp = '/^(-?\d+)$/'; | |
protected $message = 'is not a valid number.'; | |
} | |
define('UNTAINT_EMAIL', 'UntaintEmail'); | |
class UntaintEmail extends UntaintChecker { | |
protected $regexp = '/^((?:[\+_a-z0-9-]+)(?:\.[\+_a-z0-9-]+)*@(?:[a-z0-9-]+)(?:\.[a-z0-9-]+)*(?:\.[a-z]{2,6})$)/i'; | |
protected $message = 'is not a valid email.'; | |
} | |
/* | |
try { | |
$result = Untaint::check_get(array( | |
'foo' => UNTAINT_INT, | |
'bar' => UNTAINT_UINT, | |
'baz' => UNTAINT_EMAIL, | |
)); | |
print_r($result); | |
} catch (UntaintException $e) { | |
foreach ($e->errors as $key => $value) { | |
print "$key $value <br />"; | |
} | |
} | |
*/ | |
/* | |
const UINT = '/^(\d+)$/'; | |
const INT = '/^(-?\d+)$/'; | |
const DATE = '/^([0-9]{2,4}-[0-9]{1,2}-[0-9]{1,2})$/'; | |
const EMAIL = '/^((?:[\+_a-z0-9-]+)(?:\.[\+_a-z0-9-]+)*@(?:[a-z0-9-]+)(?:\.[a-z0-9-]+)*(?:\.[a-z]{2,6})$)/i'; | |
const PHONE = '/^((?:\+[0-9]+)? *(?:[0-9] *){5,})$/'; | |
const OBLATNO = '/^([0-9]{1,5})$/'; | |
const CARDNO = '/^([0-9]{1,6})$/'; | |
const POSTNO = '/^([0-9]{4})$/'; | |
private static $error_messages = array( | |
self::UINT => 'is not a valid positive number.', | |
self::INT => 'is not a valid number.', | |
self::DATE => 'is not a valid date.', | |
self::EMAIL => 'is not a valid email.', | |
self::PHONE => 'is not a valid phone number.', | |
self::OBLATNO => 'is not a valid oblat number.', | |
self::CARDNO => 'is not a valid card number.', | |
self::POSTNO => 'is not a valid postal number.', | |
); | |
*/ | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment