Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/263.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
PHP:什么会导致FILTER_UNSAFE_RAW返回FALSE?_Php_Sanitization_Filter Var_Input Sanitization - Fatal编程技术网
Fatal编程技术网
  • php/
  • PHP:什么会导致FILTER_UNSAFE_RAW返回FALSE?

PHP:什么会导致FILTER_UNSAFE_RAW返回FALSE?

php

PHP:什么会导致FILTER_UNSAFE_RAW返回FALSE?,php,sanitization,filter-var,input-sanitization,Php,Sanitization,Filter Var,Input Sanitization,在长时间缺席之后,我回到了一个剧本中,我陷入了一个突然失败的净化过程中。 我在一个过滤器中发现问题,该过滤器意外返回false 下面是一个复制我的意外结果的示例: $test = [ 'apple', 'bananna', 'orange', 'lime', 'grape', ]; var_export( filter_var( $test, FILTER_UNSAFE_RAW )); // false 我认为FILTER\u UNSAFE\u RAW应该只返回未更改的输入(在本例中为数组)

在长时间缺席之后,我回到了一个剧本中,我陷入了一个突然失败的净化过程中。
我在一个过滤器中发现问题,该过滤器意外返回
false

下面是一个复制我的意外结果的示例:

$test = [ 'apple', 'bananna', 'orange', 'lime', 'grape', ];
var_export( filter_var( $test, FILTER_UNSAFE_RAW ));  // false
我认为
FILTER\u UNSAFE\u RAW
应该只返回未更改的输入(在本例中为数组)。
我的理解/方法错了吗

注意:
我的代码必须严格独立,并且尽可能轻量级,因此我没有加载第三方库/类,而是在需要的地方编写简单的帮助函数

示例:

$filters = [
    'sanitize' => [ 
        'foo' => FILTER_SANITIZE_EMAIL,
        'bar' => FILTER_UNSAFE_RAW,
    ],
    'validate' => [
        'foo' => FILTER_VALIDATE_EMAIL,
        'bar' => [
            'filter' => FILTER_VALIDATE_REGEXP,
            'flags' => FILTER_REQUIRE_ARRAY,
            'options' => [ 'regexp' => '/(apple|grape)/' ],
        ],
    ],
];

$test = [
    'malicious' => 'something bad',
    'foo' => 'test@ema.il',
    'bar' => [ 'apple', 'grape', 'orange', ],
];

// validate
$checked = sanitizeInput( $filters, $test );

// sanitizer
function sanitizeInput( $f, $input )
{
    // sanitize
    $sanitized  = filter_var_array( $input, $f['sanitize'] )

    // validate
    $validated  = filter_var_array( $sanitized, $f['validate'] );

    // if anything appears to have failed validation (was set to FALSE)
    if( FALSE !== strpos( json_encode($validated), 'false' ))
    {
        ...
如您所见,这种方法要求
bar
通过消毒,即使不需要消毒操作

我是否误解了
FILTER\u safe\u RAW

它返回false,因为
FILTER\u var()
无法验证数组。而
filter\u var\u array()
就像对每个主题数组的值运行
filter\u var()
。您可以尝试在
sanitize
数组中使用数组作为
bar
的值,将
FILTER\u UNSAFE\u RAW
作为筛选器,将
FILTER\u REQUIRE\u array
作为标志

'sanitize' => [ 
    'foo' => FILTER_SANITIZE_EMAIL,
    'bar' =>  [
            'filter' => FILTER_UNSAFE_RAW,
            'flags'  => FILTER_REQUIRE_ARRAY
            ],
],
另一件需要注意的事情是,由于您只使用
FILTER\u UNSAFE\u RAW
,而不指定标志,因此它将不起任何作用。所以不消毒也是一样的。虽然它不会对您的案例起作用,因为它不会传递给验证。

缺少筛选标志 看起来您没有为
过滤器\u var\u数组的清理部分添加正确的标志

无论何时处理数组,都必须包含标志
FILTER\u REQUIRE\u array

因此,如果没有该标志,您得到的响应为
false

注意:
过滤不安全的原始字符
只是选择性地对特殊字符进行条带或编码。这也是默认的过滤器

示例


$test['bar'] = array( 'apple', 'bananna', 'orange', 'lime', 'grape' );

$san['bar'] = [
  'filter' => FILTER_UNSAFE_RAW,
  'flags'  => FILTER_REQUIRE_ARRAY
];

print_r(filter_var_array( $test, $san ));



$filters = [
    'sanitize' => [ 
        'foo' => FILTER_SANITIZE_EMAIL,
        'bar' =>  [
            'filter' => FILTER_UNSAFE_RAW,
            'flags'  => FILTER_REQUIRE_ARRAY
        ],
    ],
    'validate' => [
        'foo' => FILTER_VALIDATE_EMAIL,
        'bar' => [
            'filter' => FILTER_VALIDATE_REGEXP,
            'flags' => FILTER_REQUIRE_ARRAY,
            'options' => [ 'regexp' => '/(apple|grape)/' ],
        ],
    ],
];

$test = [
    'malicious' => 'something bad',
    'foo' => 'test@ema.il',
    'bar' => [ 'apple', 'grape', 'orange', ],
];

// validate
$checked = sanitizeInput( $filters, $test );

// sanitizer
function sanitizeInput( $f, $input ) {
  
    // sanitize
    $sanitized  = filter_var_array( $input, $f['sanitize'] );

print_r($sanitized);

    // validate
    $validated  = filter_var_array( $sanitized, $f['validate'] );

    // if anything appears to have failed validation (was set to FALSE)
    if( FALSE !== strpos( json_encode($validated), 'false' )) {}

    return $validated;
}


输出


Array
(
    [bar] => Array
        (
            [0] => apple
            [1] => bananna
            [2] => orange
            [3] => lime
            [4] => grape
        )

)


编辑的工作代码


$test['bar'] = array( 'apple', 'bananna', 'orange', 'lime', 'grape' );

$san['bar'] = [
  'filter' => FILTER_UNSAFE_RAW,
  'flags'  => FILTER_REQUIRE_ARRAY
];

print_r(filter_var_array( $test, $san ));



$filters = [
    'sanitize' => [ 
        'foo' => FILTER_SANITIZE_EMAIL,
        'bar' =>  [
            'filter' => FILTER_UNSAFE_RAW,
            'flags'  => FILTER_REQUIRE_ARRAY
        ],
    ],
    'validate' => [
        'foo' => FILTER_VALIDATE_EMAIL,
        'bar' => [
            'filter' => FILTER_VALIDATE_REGEXP,
            'flags' => FILTER_REQUIRE_ARRAY,
            'options' => [ 'regexp' => '/(apple|grape)/' ],
        ],
    ],
];

$test = [
    'malicious' => 'something bad',
    'foo' => 'test@ema.il',
    'bar' => [ 'apple', 'grape', 'orange', ],
];

// validate
$checked = sanitizeInput( $filters, $test );

// sanitizer
function sanitizeInput( $f, $input ) {
  
    // sanitize
    $sanitized  = filter_var_array( $input, $f['sanitize'] );

print_r($sanitized);

    // validate
    $validated  = filter_var_array( $sanitized, $f['validate'] );

    // if anything appears to have failed validation (was set to FALSE)
    if( FALSE !== strpos( json_encode($validated), 'false' )) {}

    return $validated;
}