Hi Lester, On Thu, Sep 8, 2016 at 8:08 PM, Lester Caine <les...@lsces.co.uk> wrote: > On 08/09/16 10:02, Rowan Collins wrote: >> No, I'm suggesting something like: >> >> if ( >> ! validate_int($var, $min, $max) >> || ! validate_bool($var, $allowed_bool_types) >> || ! validate_string($var, $min_len, $max_len) >> || ! validate_string_encoding($var, $encoding) >> || ! validate_string_chars($var, $allowed_chars) >> || ! validate_string_regex($var, $regex) >> || ! validate_string_degit($var, $min_len, $max_len) >> || ! $callback($var) // Note: no need to wrap this callback, it's >> just a boolean-returning function > > And I am looking for some way of packaging that into something I can > read and write dynamically for each $var ...
This could be done by convention rather than configuration. You need some rule for variable names. If var name is ID, it must be numeric string always for example. Convention is developer defined rule, so this is left to developer how to do it. > $var->set_validation_rules($rules); And $rules is going to be an array > of items which can then be used for related parallel activities such as > populating the browser validation. > > So the above script is replaced by $var->is_valid(); or if you prefer it > throws an exception when you try and set the variable with an invalid > input ( or one that does not match a 'strict' rule ). I think convention rather than configuration works. However, not all checks should/can be done by model because model treats data related to the model leave other vars behind. Leftover could be cause of vulnerabilities. IIRC, Magento had vulnerability that allows malicious access due to internal redirects. This kind of problem can be mitigated by strict input validation at the time inputs are accepted. Anyway, your way would work with autoboxing. https://wiki.php.net/rfc/autoboxing and this proposal. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
