I’m currently working on an MVC Style framework for a company and for security reasons I need to make sure that the controller / method that’s passed via the Query String is valid chars to the RFC (which I can’t find).
I need to be able to validate / sanitize class names according to what’s allowed by the PHP interpreter
For Example:
class SomEFunk__YClAssName extends Controller{}I need some kind of regex that will validate SomEFunk__YClAssName and sanitize it if need be! This is also the same principles as methods.
There is a few things to take into consideration such as
- Numerics at the start
- Only underscores allowed
- Certain PHP Special Chars to be allowed.
Any information on this or possible expressions would be really helpful.
Here is some of my Router Code so you can see where I need to implement it:
private function prepareQueryString() { if(strlen($this->query_string) == 0) { return; } //Remove [ending|starting|multiple] slashes $this->query_string = preg_replace('/^/+|/+$|/(?=/)/', '', $this->query_string); foreach(explode('/',$this->query_string) as $Key => $Value) { if($Key == 0) { $Controller = $this->AssignController($Value); } if($Key == 1) { $this->AssignMethod($Value); }else { $this->AssignParam($Value); } } //Build RouterVar stdClass } public function AssignController(String $Controller) { if(!empty($Controller)) { //Sanitize } } public function AssignMethod(String $Method) { if(!empty($Method)) { //Sanitize } } public function AssignParam(String $Param) { $this->params[] = $Param; }You will see the comment “Sanitize” where the check is needed.
Advertisement
Answer
I believe the regex you’re looking for short class name, e.g. SomeClass is:
<?phppreg_match( '/^[a-zA-Z_x80-xff][a-zA-Z0-9_x80-xff]*$/', $input);According to: http://php.net/manual/en/language.oop5.basic.php
For namespaced class, e.g. AppSomeClass it is:
<?phppreg_match( '/^[a-zA-Z_x7f-xff][a-zA-Z0-9_x7f-xff]*(\[a-zA-Z_x7f-xff][a-zA-Z0-9_x7f-xff]*)*$/', $input);