It's almost always the case that you need to provide a meaningful feedback about what exactly went wrong, rather then to just say "Failed!" While simplicity is nice and you cannot overrate value of validation, this whole thing is pretty much useless to me personally without this ability. Also, I don't think it's a good idea to mix validation of scalar values, arrays and even multiple arrays, in a single function.
On Tue, Mar 27, 2018 at 11:43 AM Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > On Mon, Sep 4, 2017 at 3:33 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > > > Hi all, > > > > I spent a little time for a new input validation module. It's not totally > > new module, but is based on Filter module's validation filter improvement > > RFC in many ways. [1] > > > > As all of us knew already, input validation is the most important > practice > > in secure coding. [2][3] Yet, we don't provide usable feature out of box. > > Sadly, almost all apps do not have proper input validation at trust > > boundary. Unless we improve filter's validation, we need usable basic > > validator by default. IMO. > > > > Since I didn't get much feedbacks during the RFC discussion, I cannot > tell > > what part is disliked. I guess too much features in filter is one reason. > > Another is messed up codes/features by providing both "filter" and > > "validation". > > > > Validator for PHP7 (validate module) gets rid of unneeded features. It > > only has features for basic PHP data type validations. Validation > > rule(spec) array is flexible enough. Almost any types of inputs could be > > handled by multiple and nested validation rules. > > > > Except some minor features like overflow checks, most planned features > are > > implemented. > > > > https://github.com/yohgaki/validate-php > > > > Although the code is based on filter module's code, it's almost full > > rewrite except validation logic came from filter. Please consider this as > > under development module. > > Feedbacks are appreciated. > > > > Regards, > > > > [1] https://wiki.php.net/rfc/add_validate_functions_to_filter > > [2] https://www.securecoding.cert.org/confluence/display/ > > seccode/Top+10+Secure+Coding+Practices > > [3] https://www.owasp.org/index.php/OWASP_Secure_Coding_ > > Practices_-_Quick_Reference_Guide > > > > -- > > Yasuo Ohgaki > > yohg...@ohgaki.net > > > > > I thought it would be nice to have PHP script version for > Validate PHP. It a lot easier to modify API as needed. So > I spend few hours last weekend. > > https://github.com/yohgaki/validate-php-scr > > Caution, I just wrote it and didn't debug it yet. > However, it is good enough to play with, I suppose. > > API differs a little. This has more simplified parameter > structure. Suggestions and comments are appreciated. > > Regards, > > -- > Yasuo Ohgaki > yohg...@ohgaki.net > -- Best regards, Victor Bolshov
