Last active
August 26, 2015 15:08
-
-
Save phpdave/7745f3962b6107bf3a22 to your computer and use it in GitHub Desktop.
Playing around with Value Objects
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<? | |
class EmailValue | |
{ | |
protected $value; | |
public function __construct($emailAddress) | |
{ | |
//sanitize for DB (NULL bytes, HTML and PHP tags stripped) | |
$emailAddress = strip_tags($emailAddress); | |
//Supposedly does more than strip tags | |
$emailAddress = xss_clean($emailAddress); | |
if (!filter_var($address, FILTER_VALIDATE_EMAIL)) { | |
throw new InvalidArgumentException(sprintf('"%s" is not a valid email', $address)); | |
} | |
$this->value = $emailAddress; | |
} | |
public function __toString() | |
{ | |
return $this->address; | |
} | |
public function equals(EmailAddress $address) | |
{ | |
return strtolower((string) $this) === strtolower((string) $address); | |
} | |
} | |
try | |
{ | |
$email = new EmailValue($_POST['Email']); | |
} | |
catch | |
{ | |
//tell user they entered an invalid email | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<? | |
//http://stackoverflow.com/questions/1336776/xss-filtering-function-in-php | |
function xss_clean($data) | |
{ | |
// Fix &entity\n; | |
$data = str_replace(array('&','<','>'), array('&amp;','&lt;','&gt;'), $data); | |
$data = preg_replace('/(&#*\w+)[\x00-\x20]+;/u', '$1;', $data); | |
$data = preg_replace('/(&#x*[0-9A-F]+);*/iu', '$1;', $data); | |
$data = html_entity_decode($data, ENT_COMPAT, 'UTF-8'); | |
// Remove any attribute starting with "on" or xmlns | |
$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data); | |
// Remove javascript: and vbscript: protocols | |
$data = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2nojavascript...', $data); | |
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2novbscript...', $data); | |
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#u', '$1=$2nomozbinding...', $data); | |
// Only works in IE: <span style="width: expression(alert('Ping!'));"></span> | |
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', '$1>', $data); | |
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i', '$1>', $data); | |
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#iu', '$1>', $data); | |
// Remove namespaced elements (we do not need them) | |
$data = preg_replace('#</*\w+:\w[^>]*+>#i', '', $data); | |
do | |
{ | |
// Remove really unwanted tags | |
$old_data = $data; | |
$data = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $data); | |
} | |
while ($old_data !== $data); | |
// we are done... | |
return $data; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment