benedmunds / inspekt Goto Github PK
View Code? Open in Web Editor NEWInspekt is a PHP library that makes it easier to write secure web applications
Home Page: http://inspekt.org
License: Other
Inspekt is a PHP library that makes it easier to write secure web applications
Home Page: http://inspekt.org
License: Other
I'm curious where these references are actually pointing to..
Interestingly enough, I happen to have a 'vendor/autoload.php' from authorize.net sdk, but I somehow don't think this is what you're referring to?
html/inspekt/Examples# grep vendor *
config.php:require_once dirname(FILE) . "/../vendor/autoload.php";
db_escaping.php:require_once dirname(FILE) . "/../vendor/autoload.php";
extending.php:require_once dirname(FILE) . "/../vendor/autoload.php";
filter_array_cage.php:require_once dirname(FILE) . "/../vendor/autoload.php";
filter_form_input.php:require_once dirname(FILE) . "/../vendor/autoload.php";
filter_static_methods.php:require_once dirname(FILE) . "/../vendor/autoload.php";
filter_superglobals.php:require_once dirname(FILE) . "/../vendor/autoload.php";
formtest.php:require_once dirname(FILE) . "/../vendor/autoload.php";
get_or_post.php:require_once dirname(FILE) . "/../vendor/autoload.php";
htmlpurifier.php:require_once dirname(FILE) . "/../vendor/autoload.php";
iterate_cage.php:require_once dirname(FILE) . "/../vendor/autoload.php";
supercage.php:require_once dirname(FILE) . "/../vendor/autoload.php";
uri_tester.php:require_once dirname(FILE) . "/../vendor/autoload.php";
As title, it looks like this example code looks strange when printing some messages via echo
.
Here are the code snippets I mention:
......
echo 'Digits:' . $serverCage->getDigits('SERVER_SOFTWARE') . '<p/>';
echo 'Alpha:' . $serverCage->getAlpha('SERVER_SOFTWARE') . '<p/>';
echo 'Alnum:' . $serverCage->getAlnum('SERVER_SOFTWARE') . '<p/>';
echo 'Raw:' . $serverCage->getRaw('SERVER_SOFTWARE') . '<p/>';
......
And these code snippets should be changed into:
......
echo 'Digits:' . $serverCage->getDigits('SERVER_SOFTWARE') . '<br/>';
echo 'Alpha:' . $serverCage->getAlpha('SERVER_SOFTWARE') . '<br/>';
echo 'Alnum:' . $serverCage->getAlnum('SERVER_SOFTWARE') . '<br/>';
echo 'Raw:' . $serverCage->getRaw('SERVER_SOFTWARE') . '<br/>';
......
I think it means add end of line HTML tag when presenting the messages on the we page :).
preeeeety much what it says.
Seems to be some kind of 301 redirect looping and an issue with the SSL certificate.
When caging my own array and then checking an element of that array I get different result depending on whether I am using the version of Inspekt downloaded from github as opposed to the version from composer.
For example this works without errors:
<?php
require_once('inc/Inspekt.php');
$test = array();
$test['params'][] = "hello";
// cage the array
$params_cage = Inspekt_Cage::Factory($test);
$one = $params_cage->getAlnum('params/0');
$two = $params_cage->getInt('params/1');
?>
However, if I run the following:
<?php
require __DIR__ . '/vendor/autoload.php';
// Inspekt initialisation
use Inspekt\Inspekt;
use Inspekt\Cage;
$test = array();
$test['params'][] = "hello";
// cage the array
$params_cage = Cage::Factory($test);
$one = $params_cage->getAlnum('params/0');
$two = $params_cage->getInt('params/1');
?>
Gives the following error:
Fatal error: Uncaught exception 'Inspekt\Exception' with message 'Key '1' does not exist' in /home/ubuntu/workspace/vendor/funkatron/inspekt/src/Inspekt/Cage.php:992
Stack trace: #0 /home/ubuntu/workspace/vendor/funkatron/inspekt/src/Inspekt/Cage.php(985): Inspekt\Cage->getValueRecursive(Array, Object(ArrayObject), 1)
#1 /home/ubuntu/workspace/vendor/funkatron/inspekt/src/Inspekt/Cage.php(954): Inspekt\Cage->getValueRecursive(Array, Object(ArrayObject))
#2 /home/ubuntu/workspace/vendor/funkatron/inspekt/src/Inspekt/Cage.php(394): Inspekt\Cage->getValue('params/1')
#3 /home/ubuntu/workspace/it.php(15): Inspekt\Cage->getInt('params/1')
#4 {main} thrown in /home/ubuntu/workspace/vendor/funkatron/inspekt/src/Inspekt/Cage.php on line 992
Given that you cannot check for null on a caged array (I don't think) this latter functionality makes caging of your arrays less useful.
trying to use inspekt in combination with a validator library to ensure security in form input.
use case is, input field is 'full name'. so, it fails testAlnum.
maybe needs a testNoTagsOrSpecial.
also, testEmail fails on some new TLDs.
I'm trying to validate a form using Inspekt. One of the fields I'm trying to validate is a select box with values such as -1, 0, 1, 2, etc. I have set -1 as my invalid case, and all other cases are valid. However, when trying to get the value of the select, it works for any value except 0, which makes all of the above mentioned methods to fail (i.e.: return false).
I found it weird, so I thought I would mention it here. Any ideas?
Seems that strings with trailing Zero do not validate correctly
Inspekt::isFloat("1.60") === false
floatval() trims the trailing Zero
strval(1.6) !== "1.60"
The pattern for the isZip()
method could be shortened to: /^\d{5}(?:-\d{4})?$/
, ?:
isn't strictly necessary.
$_POST['b'] = '0';
$cage_POST = Inspekt::makePostCage();
var_dump( $cage_POST->testAlnum ('b') ) <--- this should be 0 but FALSE.
$_POST['b'] = '2009-12-25';
$cage_POST = Inspekt::makePostCage();
var_dump( $cage_POST->testGreaterThan ('b') , 25 ) <--- this should be FALSE but '2009-12-25'.
$_POST['b'] = '0';
$cage_POST = Inspekt::makePostCage();
var_dump( $cage_POST->testLessThan ('b') , 25 ) <--- this should be 0 but FALSE.
Using array_key_exists with Objects no longer works on PHP8.
I get this error: funkatron/inspekt/src/Inspekt/Cage.php(943) -- array_key_exists(): Argument #2 ($array) must be of type array, ArrayObject given
Can be resolved using:
return $exists = array_key_exists($key, (array) $this->source);
or
return $exists = property_exists($this->source, $key);
If you want i can create a PR with one of those changes.
Just a heads up really for isEmail($value):
The current list of subdomains (http://data.iana.org/TLD/tlds-alpha-by-domain.txt), many are over 6 chars in length.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.