Hi Lester, On Fri, Aug 12, 2016 at 7:13 PM, Lester Caine <les...@lsces.co.uk> wrote: >> That said, I generally think that built-in methods that accept Callables >> are a great way to go. It encourages reuse through modular composition - >> and could likely be a neater way around the throw exception/return error >> code issue. It's obviously doable from userland, but could probably be >> improved if implemented in the language. > > It was the fact that Yasuo was adding these rules into his array > validation stuff that just grates so badly with what is actually needed ...
I think you've mentioned this RFC https://wiki.php.net/rfc/add_validate_functions_to_filter In secure coding, input data validation has clear task. It varies what input data validation should do. i.e. It depends on what sender should send. The new validation feature in filter module will do the job it should. Anyway, input validation spec is simple array. You can do $my_date_spec = array( // New filter module allows multiple filters and options as follows. // Array elements are evaluated in order. Non array spec is evaluated last. // Older implementation ignores this kind of spec silently. array( // This is evaluated first. 'filter' => FILTER_VALIDATE_STRING, 'options' => array('min_bytes' => 10, 'max_bytes' => 10, 'encoding' => FILTER_STRING_ENCODING_PASS) ), array( 'filter' => FILTER_VALIDATE_REGEXP, 'options' => array('regexp' => '/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/') ), array( 'filter' => FILTER_VALIDATE_CALLBAK, 'options' => array('callback' => 'check_date_and_raise_exception_for_invalid()'), ), 'filter' => FILTER_UNSAFE_RAW, // Evaluated last. Does nothing. It's here for an example. ); $get_def_for_an_api = array( 'date' => $my_date_spec ); filter_require_var_array($_GET, $get_def_for_an_api); Input validation definition is manageable. Since it uses a simple array, it is much more efficient than object based API. i.e. setting spec via method is a lot slower than simple assignment. There is spec validation filter_check_definition() function also. What makes you feel missing some or designed badly? Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
