PHP Classes

This class is unusable in the current form.

Recommend this page to a friend!

      Validate form elements  >  All threads  >  This class is unusable in the...  >  (Un) Subscribe thread alerts  
Subject:This class is unusable in the...
Summary:Package rating comment
Messages:2
Author:Artur Graniszewski
Date:2011-01-10 09:38:55
Update:2011-01-10 12:10:02
 

Artur Graniszewski rated this package as follows:

Utility: Bad
Consistency: Bad
Examples: Insufficient

  1. This class is unusable in the...   Reply   Report abuse  
Picture of Artur Graniszewski Artur Graniszewski - 2011-01-10 09:38:56
This class is unusable in the current form.

There are some major bugs:
1) IP validation is wrong: "/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$"
in this case your class will tell me that an IP 0.999.999.999 is valid!

2) String validation is wrong: ctype_alpha() function allows only [a-zA-Z] letters, in this case "i've got 99 dollars" will not be a valid string (but it should!)

3) URL validation is wrong: "@^(?:http://)?([^/]+)@i"
In this case URL: https://my-favourite-bank.com will be invalid, what's more URL: "http://<script>alert("XSS injection");</script>" will be valid!

4) Extension validation is wrong: file named "my.fake.jpg.exe" file will be validated as JPG image, not an exe file (which could contain a virus!)

5) What is the upload validator for?

I HIGHLY DISCOURAGE USING THIS CLASS. IT IS VERY INSECURE AND PROVIDES FALSE SENSE OF SAFETY.

  2. Re: This class is unusable in the...   Reply   Report abuse  
Picture of Artur Graniszewski Artur Graniszewski - 2011-01-10 12:10:02 - In reply to message 1 from Artur Graniszewski
Sorry, I haven't noticed one thing: "@^(?:http://)?([^/]+)@i", https://my-favourite-bank.com will be valid (because of question mark after http://) but so any other value, like "im not an URL!!!@#^*"

The same applies to email verification, there is virtually no problem to write "1212@121212" or "!!!!@#####" as a valid email.

Btw there is one mistake on my part, your extension validator works different than I've predicted from the source code, but there is much better solution to check file extension (see pathinfo() function)