Hi all, We have filter_var_array()/filter_input_array() currently. They are designed as filter functions. i.e. They convert offending elements to NULL/FALSE. Therefore, it's difficult to validate and see if inputs are valid with specified specifications.
https://github.com/php/php-src/pull/2048 This patch adds true validation functions - validate_var_array() - Almost the same as filter_var_array() except it returns scalar FALSE on validation failure(s), instead of filtered array. - validate_input_array() - Almost the same as filter_input_array() except it returns scalar FALSE on validation failure(s), instead of filtered array. These functions are handy for input validation that stops script execution upon invalid(attacker's) inputs. Question is which version should I target for? It's simple enough patch to be merged to 7.1. IMO. Comments are appreciated! Regards, P.S. It's possible to return array that contains offending values. It is not included since users can store whole offending input array. Whole input is more useful for attack analysis. -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
