Phly\Http\HeaderSecurity::isValid PHP Method

HeaderSecurity Class Documentation Usage Examples Of Phly\Http\HeaderSecurity::isValid 显示文件 Open project: phly/http

isValid() public static method

Per RFC 7230, only VISIBLE ASCII characters, spaces, and horizontal tabs are allowed in values; header continuations MUST consist of a single CRLF sequence followed by a space or horizontal tab.
See also: http://en.wikipedia.org/wiki/HTTP_response_splitting
public static isValid ( string $value ) : boolean
$value string
return boolean 
    public static function isValid($value)
    {
        $value = (string) $value;
        // Look for:
        // \n not preceded by \r, OR
        // \r not followed by \n, OR
        // \r\n not followed by space or horizontal tab; these are all CRLF attacks
        if (preg_match("#(?:(?:(?<!\r)\n)|(?:\r(?!\n))|(?:\r\n(?![ \t])))#", $value)) {
            return false;
        }
        $length = strlen($value);
        for ($i = 0; $i < $length; $i += 1) {
            $ascii = ord($value[$i]);
            // Non-visible, non-whitespace characters
            // 9 === horizontal tab
            // 10 === line feed
            // 13 === carriage return
            // 32-126, 128-254 === visible
            // 127 === DEL
            // 255 === null byte
            if ($ascii < 32 && !in_array($ascii, [9, 10, 13], true) || $ascii === 127 || $ascii > 254) {
                return false;
            }
        }
        return true;
    }

Usage Example

示例#1
0
 /**
  * @dataProvider validateValues
  * @group ZF2015-04
  */
 public function testValidatesValuesPerRfc7230($value, $assertion)
 {
     $this->{$assertion}(HeaderSecurity::isValid($value));
 }
HeaderSecurity
__construct
assertValid
assertValidName
filter
isValid