On Mon, Aug 1, 2016 at 5:23 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: > We have filter_var_array()/filter_input_array() currently. They are > designed as filter functions. i.e. They convert offending elements to > NULL/FALSE. Therefore, it's difficult to validate and see if inputs > are valid with specified specifications. > > https://github.com/php/php-src/pull/2048 > > This patch adds true validation functions > - validate_var_array() - Almost the same as filter_var_array() except > it returns scalar FALSE on validation failure(s), instead of filtered > array. > - validate_input_array() - Almost the same as filter_input_array() > except it returns scalar FALSE on validation failure(s), instead of > filtered array. > > > These functions are handy for input validation that stops script > execution upon invalid(attacker's) inputs. > > Question is which version should I target for? > It's simple enough patch to be merged to 7.1. IMO. > > Comments are appreciated! > > Regards,
Raising Exception would be prefered. Any comment raising exception? ExceptionFilterValidate wouldn't cause much BC, IMO. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
