This repository was archived by the owner on May 1, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 117
Expand file tree
/
Copy pathValidator.php
More file actions
executable file
·274 lines (257 loc) · 13.5 KB
/
Validator.php
File metadata and controls
executable file
·274 lines (257 loc) · 13.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
<?php
/**
* OWASP Enterprise Security API (ESAPI)
*
* This file is part of the Open Web Application Security Project (OWASP)
* Enterprise Security API (ESAPI) project.
*
* PHP version 5.2
*
* LICENSE: This source file is subject to the New BSD license. You should read
* and accept the LICENSE before you use, modify, and/or redistribute this
* software.
*
* @category OWASP
* @package ESAPI
* @author Andrew van der Stock <vanderaj@owasp.org>
* @author Johannes B. Ullrich <jullrich@sans.edu>
* @author Mike Boberski <boberski_michael@bah.com>
* @author jah <jah@jahboite.co.uk>
* @copyright 2009-2010 The OWASP Foundation
* @license http://www.opensource.org/licenses/bsd-license.php New BSD license
* @version SVN: $Id$
* @link http://www.owasp.org/index.php/ESAPI
*/
/**
* Implementations require ValidationException and IntrusionException.
*/
require_once dirname(__FILE__).'/errors/IntrusionException.php';
require_once dirname(__FILE__).'/errors/ValidationException.php';
/**
* Use this ESAPI security control to wrap data validation functions.
*
* The idea behind this interface is to define a set of functions that
* perform a more complete set of checks than frameworks for example
* otherwise typically do, or make available for developers to use, such
* as checking for multiple encodings before validating.
*
* @category OWASP
* @package ESAPI
* @author Andrew van der Stock <vanderaj@owasp.org>
* @author Johannes B. Ullrich <jullrich@sans.edu>
* @author Mike Boberski <boberski_michael@bah.com>
* @author jah <jah@jahboite.co.uk>
* @copyright 2009-2010 The OWASP Foundation
* @license http://www.opensource.org/licenses/bsd-license.php New BSD license
* @version Release: @package_version@
* @link http://www.owasp.org/index.php/ESAPI
*/
interface Validator
{
/**
* Returns true if input is valid according to the specified type after
* canonicalization. The type parameter must be the name of a defined type
* in the ESAPI configuration or a valid regular expression pattern.
*
* @param string $context A descriptive name of the parameter that you are
* validating (e.g. LoginPage_UsernameField). This
* value is used by any logging or error handling
* that is done with respect to the value passed in.
* @param string $input The actual user input data to validate.
* @param string $type The regular expression name that maps to the actual
* regular expression from "ESAPI.xml" or an actual
* regular expression.
* @param int $maxLength The maximum post-canonicalized String length allowed.
* @param bool $allowNull If allowNull is true then an input that is NULL or an
* empty string will be legal. If allowNull is false
* then NULL or an empty String will throw a
* ValidationException.
*
* @return bool TRUE if the input is valid, FALSE otherwise.
*/
public function isValidInput($context, $input, $type, $maxLength, $allowNull);
/**
* Returns true if the canonicalized input is a valid date according to the
* specified date format string, or false otherwise.
*
* @param string $context A descriptive name of the parameter that you are
* validating (e.g. ProfilePage_DoB). This value is used
* by any logging or error handling that is done with
* respect to the value passed in.
* @param string $input The actual user input data to validate.
* @param string $format Required formatting of date inputted {@see date}.
* @param bool $allowNull If allowNull is true then an input that is NULL or
* an empty string will be legal. If allowNull is
* false then NULL or an empty String will throw a
* ValidationException.
*
* @return bool TRUE if the input is valid, FALSE otherwise.
*/
public function isValidDate($context, $input, $format, $allowNull);
/**
* Returns true if the canonicalized input is valid, "safe" HTML.
*
* Implementors should reference the OWASP AntiSamy project for ideas on how
* to do HTML validation in a whitelist way, as this is an extremely
* difficult problem. It is recommended that PHP implementations make use of
* HTMLPurifier {@link http://htmlpurifier.org}.
*
* @param string $context A descriptive name of the parameter that you are
* validating (e.g. ProfilePage_Sig). This value is
* used by any logging or error handling that is done
* with respect to the value passed in.
* @param string $input The actual user input data to validate.
* @param int $maxLength The maximum post-canonicalized String length
* allowed.
* @param bool $allowNull If allowNull is true then an input that is NULL or
* an empty string will be legal. If allowNull is false
* then NULL or an empty String will throw a
* ValidationException.
*
* @return bool TRUE if the input is valid, FALSE otherwise.
*/
public function isValidHTML($context, $input, $maxLength, $allowNull);
/**
* Returns true if the canonicalized input is a valid Credit Card Number.
*
* @param string $context A descriptive name of the parameter that you are
* validating (e.g. PurchasePage_CCNum). This value
* is used by any logging or error handling that is
* done with respect to the value passed in.
* @param string $input The actual user input data to validate.
* @param bool $allowNull If allowNull is true then an input that is NULL or
* an empty string will be legal. If allowNull is
* false then NULL or an empty String will throw a
* ValidationException.
*
* @return bool TRUE if the input is valid, FALSE otherwise.
*/
public function isValidCreditCard($context, $input, $allowNull);
/**
* Returns true if the canonicalized input is a valid directory path.
*
* @param string $context A descriptive name of the parameter that you are
* validating (e.g. IncludeFile). This value is used
* by any logging or error handling that is done with
* respect to the value passed in.
* @param string $input The actual user input data to validate.
* @param bool $allowNull If allowNull is true then an input that is NULL or
* an empty string will be legal. If allowNull is
* false then NULL or an empty String will throw a
* ValidationException.
*
* @return bool TRUE if the input is valid, FALSE otherwise.
*/
public function isValidDirectoryPath($context, $input, $allowNull);
/**
* Returns true if the canonicalized input is a valid, real number within
* the specified range minValue to maxValue.
*
* @param string $context A descriptive name of the parameter that you are
* validating (e.g. PurchasePage_Quantity). This value
* is used by any logging or error handling that is done
* with respect to the value passed in.
* @param string $input The actual user input data to validate.
* @param int $minValue The numeric lowest legal value for input.
* @param int $maxValue The numeric highest legal value for input.
* @param bool $allowNull If allowNull is true then an input that is NULL or
* an empty string will be legal. If allowNull is
* false then NULL or an empty String will throw a
* ValidationException.
*
* @return bool TRUE if the input is valid, FALSE otherwise.
*/
public function isValidNumber($context, $input, $minValue, $maxValue,
$allowNull
);
/**
* Returns true if the canonicalized input is a valid integer within the
* specified range minValue to maxValue.
*
* @param string $context A descriptive name of the parameter that you are
* validating (e.g. PurchasePage_Quantity). This value
* is used by any logging or error handling that is
* done with respect to the value passed in.
* @param string $input The actual user input data to validate.
* @param int $minValue The numeric lowest legal value for input.
* @param int $maxValue The numeric highest legal value for input.
* @param bool $allowNull If allowNull is true then an input that is NULL or
* an empty string will be legal. If allowNull is
* false then NULL or an empty String will throw a
* ValidationException.
*
* @return bool TRUE if the input is valid, FALSE otherwise.
*/
public function isValidInteger($context, $input, $minValue, $maxValue,
$allowNull
);
/**
* Returns true if the canonicalized input is a valid double within the
* specified range minValue to maxValue.
*
* @param string $context A descriptive name of the parameter that you are
* validating (e.g. PurchasePage_Quantity). This value
* is used by any logging or error handling that is
* done with respect to the value passed in.
* @param string $input The actual user input data to validate.
* @param int $minValue The numeric lowest legal value for input.
* @param int $maxValue The numeric highest legal value for input.
* @param bool $allowNull If allowNull is true then an input that is NULL or
* an empty string will be legal. If allowNull is false
* then NULL or an empty String will throw a
* ValidationException.
*
* @return bool TRUE if the input is valid, FALSE otherwise.
*/
public function isValidDouble($context, $input, $minValue, $maxValue,
$allowNull
);
/**
* Returns true if the canonicalized input exactly matches a list item.
*
* @param string $context A descriptive name of the parameter that you are
* validating (e.g. Contact_Recipient). This value
* is used by any logging or error handling that
* is done with respect to the value passed in.
* @param string $input The value to search for in the supplied list.
* @param array $list The list to search for the supplied input.
*
* @return bool TRUE if the input is valid, FALSE otherwise.
*/
public function isValidListItem($context, $input, $list);
/**
* Returns true if the canonicalized input contains no more than the number
* of valid printable ASCII characters specified.
*
* @param string $context A descriptive name of the parameter that you are
* validating (e.g. ASCIIArt_Submission). This value
* is used by any logging or error handling that is
* done with respect to the value passed in.
* @param string $input The actual user input data to validate.
* @param int $maxLength The maximum number of canonicalized ascii characters
* allowed in a legal input.
* @param bool $allowNull If allowNull is true then an input that is NULL or an
* empty string will be legal. If allowNull is false
* then NULL or an empty String will throw a
* ValidationException.
*
* @return bool TRUE if the input is valid, FALSE otherwise.
*/
public function isValidPrintable($context, $input, $maxLength, $allowNull);
/**
* Returns true if input is a valid redirect location.
*
* @param string $context A descriptive name of the parameter that you are
* validating (e.g. ASCIIArt_Submission). This value
* is used by any logging or error handling that is
* done with respect to the value passed in.
* @param string $input The actual user input data to validate.
* @param bool $allowNull If allowNull is true then an input that is NULL or an
* empty string will be legal. If allowNull is false
* then NULL or an empty String will throw a
* ValidationException.
*
* @return bool TRUE if the input is valid, FALSE otherwise.
*/
public function isValidRedirectLocation($context, $input, $allowNull);
}