The filter extension is not something I've ever used so I was interested in what people think of it. Whenever I've ever needed to do any filtering I've always been able to use an existing PHP function, regex, or combination to achieve what I want in PHP code that I can easily modify, test and examine. Additionally there is the concern of portability that any new extension implies although I think this is a minute issue in my case.
Comments?
What do people think about the filter extension?
Moderator: General Moderators
- Ollie Saunders
- DevNet Master
- Posts: 3179
- Joined: Tue May 24, 2005 6:01 pm
- Location: UK
- The Phoenix
- Forum Contributor
- Posts: 294
- Joined: Fri Oct 06, 2006 8:12 pm
Re: What do people think about the filter extension?
You can choose to use it, or not. For example, the email regex isn't 100% RFC compliant (turns out none seem to be), so perhaps you want to use a different regex that is more effective. You can easily write your own and use it instead. If I remember correctly, the filter extension even lets you substitute a different regex into it.ole wrote:Whenever I've ever needed to do any filtering I've always been able to use an existing PHP function, regex, or combination to achieve what I want in PHP code that I can easily modify, test and examine.
However, it does provide a relatively well-designed set of commonly used filters that will make it easier for a majority of users to add filtering. Thats a *very* good thing in general. Whether its a great thing for your project is for you to determine.
Keep in mind that in php-5.2 and above, it is included by default. That's far from a majority of sites out there, but if you make your requirements 5.2+, then you are guaranteed its availability.ole wrote:Additionally there is the concern of portability that any new extension implies although I think this is a minute issue in my case.
Personally, some of the filters are really useful for projects I work on. Unfortunately, so few sites run 5.2+ that its the equivalent of coding for projects years in the future. But if you control your deployment platform, its a real time-saver.
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
- Ollie Saunders
- DevNet Master
- Posts: 3179
- Joined: Tue May 24, 2005 6:01 pm
- Location: UK
Thanks guys. I think I'm going to use it because I have my own dedicated server. I think in general I should probably make more use of libraries et al. Today I've been through every single function reference section from .NET to Zlib deciding whether I want it or not and creating a really simple test case so that I can synchronize production and development server and test any new builds I do. Have a lookIt's not finished yet I'm going to go through the whole of appendix i and write attestations for the most secure PHP environment by default. You know having gone into this in detail I now think there is actually enough scope to write a book on PHP configuration alone. Not that I'm going to do I'm not really an expert in this field.
Code: Select all
<?php
ini_set('display_errors', true);
error_reporting(E_ALL | E_STRICT);
define('PRODUCTION', trim(`hostname`) === 'production');
$tests = $errors = $failures = 0;
function attest($actual, $expected, $strict = true)
{
static $file = null;
if (!$file) {
$file = file(__FILE__);
}
$GLOBALS['tests']++;
$result = $strict ? $actual === $expected : $actual == $expected;
if ($result === false) {
$GLOBALS['failures']++;
$bt = debug_backtrace();
do {
$current = array_pop($bt);
} while (is_array($current) && $current['function'] !== __FUNCTION__);
$line = $current['line'];
$code = array();
preg_match('~attest\((.*),.*\)~s', $file[$line - 1], $code);
$code = $code[1];
$expected = var_export($expected, true);
$actual = var_export($actual, true);
echo "Attestment failed [$line]: Expected $expected from $code but got $actual\n";
}
}
function errorHandle($errorCode, $str, $file, $line)
{
$GLOBALS['errors']++;
echo "Error occured [$line]: $str\n";
}
echo 'Server test, being performed by ' . __FILE__ . ':';
echo "\n-----------------------------------------------\n";
set_error_handler('errorHandle');
runTests();
restore_error_handler();
echo "\n$tests tests completed: $failures failures and $errors errors\n\n";
function runTests()
{
if (PRODUCTION) {
attest(version_compare(PHP_VERSION, "5.2.3"), 0);
} else {
attest(version_compare(PHP_VERSION, "5.1.2"), 0);
}
attest(ini_get('register_globals'), false, false);
attest(ini_get('apc.enabled'), PRODUCTION, false);
attest(ini_get('short_open_tag'), !PRODUCTION, false);
attest(ini_get('log_errors'), PRODUCTION, false);
attest(function_exists('spl_classes'), true);
attest(function_exists('bcadd'), true);
attest(function_exists('cal_days_in_month'), true);
attest(function_exists('ctype_alnum'), true);
attest(function_exists('curl_init'), true);
attest(function_exists('dio_open'), false);
attest(function_exists('dbx_connect'), false);
attest(function_exists('dbm_open'), false);
attest(function_exists('dbase_open'), false);
attest(function_exists('dba_open'), false);
attest(function_exists('dbplus_add'), false);
attest(function_exists('cyrus_query'), false);
attest(function_exists('cyrus_query'), false);
attest(function_exists('cybermut_testmac'), false);
attest(function_exists('cybercash_encr'), false);
attest(function_exists('crack_check'), false); // may add this later
attest(class_exists('DOMDocument'), true);
attest(function_exists('domxml_open_file'), false); // an old extension that shouldn't be kept arround
attest(function_exists('exif_imagetype'), true);
attest(function_exists('expect_expectl'), false); // possibly dangerous
attest(function_exists('expect_popen'), false);
attest(function_exists('fam_open'), false);
attest(function_exists('fdf_open'), false);
attest(function_exists('finfo_open'), false);
attest(function_exists('filepro'), false);
attest(function_exists('filter_var'), true); // useful
attest(function_exists('ibase_connect'), false);
attest(function_exists('fbsql_connect'), false);
attest(function_exists('ftp_connect'), true);
attest(function_exists('geoip_id_by_name'), false);
attest(function_exists('gettext'), true);
attest(function_exists('gmp_init'), false);
attest(function_exists('gnupg_encrypt'), false);
attest(function_exists('gopher_parsedir'), false);
attest(class_exists('HaruDoc'), false);
attest(function_exists('hash'), true); // does no harm, usually I'll use mhash though
attest(class_exists('HttpMessage'), false);
attest(function_exists('hw_Connect'), false);
attest(class_exists('HW_API'), false);
attest(function_exists('db2_connect'), false);
attest(function_exists('icap_open'), false);
attest(function_exists('iconv'), true);
attest(function_exists('id3_set_tag'), false);
attest(function_exists('iis_add_server'), false);
attest(function_exists('imagecreatetruecolor'), true);
attest(function_exists('imagegd2'), true);
attest(function_exists('imagegif'), true);
attest(function_exists('imagepng'), true);
attest(function_exists('imagejpeg'), true);
attest(function_exists('imagettftext'), true);
attest(function_exists('imagefilter'), true);
attest(class_exists('Imagick'), false);
attest(function_exists('imap_open'), false);
attest(function_exists('ifx_connect'), false);
attest(function_exists('ingres_connect'), false);
attest(function_exists('ircg_pconnect'), false);
attest(function_exists('json_encode'), PRODUCTION);
attest(function_exists('kadm5_init_with_password'), false);
attest(function_exists('ldap_connect'), true);
attest(function_exists('libxml_clear_errors'), false);
attest(function_exists('notes_body'), false);
attest(function_exists('lzf_compress'), false);
attest(function_exists('mail'), !PRODUCTION);
attest(function_exists('mailparse_msg_create'), false);
attest(function_exists('maxdb_character_set_name'), false);
attest(function_exists('mcal_open'), false); // could be useful later however
attest(function_exists('mcrypt_encrypt'), PRODUCTION);
attest(class_exists('Memcache'), PRODUCTION);
attest(function_exists('mhash'), PRODUCTION);
attest(function_exists('mime_content_type'), false);
attest(class_exists('SWFAction'), false); // could be useful later however
attest(function_exists('udm_add_search_limit'), false);
attest(function_exists('mssql_connect'), false);
attest(function_exists('msession_connect'), false);
attest(function_exists('msql_connect'), false);
attest(function_exists('mb_substr'), true);
attest(function_exists('muscat_get'), false);
attest(function_exists('mysql_connect'), true);
attest(class_exists('mysqli'), true);
attest(function_exists('ncurses_init'), false); // interesting though
attest(function_exists('newt_init'), false); // also interesting
attest(function_exists('nsapi_virtual'), false);
attest(function_exists('aggregate'), false);
attest(function_exists('overload'), false);
attest(function_exists('oci_connect'), false);
attest(function_exists('odbc_connect'), false);
attest(function_exists('openal_context_create'), false);
attest(function_exists('openssl_open'), true);
attest(function_exists('ora_exec'), false);
attest(function_exists('ovrimos_exec'), false);
attest(function_exists('px_create_fp'), false);
attest(function_exists('parsekit_compile_file'), false);
attest(function_exists('pcntl_exec'), false);
attest(function_exists('preg_match'), true);
attest(function_exists('PDF_activate_item'), false);
attest(class_exists('PDO'), true);
attest(class_exists('Phar'), true);
attest(function_exists('posix_access'), false); // dangerous
attest(function_exists('pg_connect'), false);
attest(function_exists('printer_open'), false);
attest(function_exists('recode'), false); // iconv and mbstring are better
attest(function_exists('ps_new'), false);
attest(function_exists('pspell_check'), false);
attest(function_exists('qdom_tree'), false);
attest(function_exists('radius_acct_open'), false);
attest(function_exists('rar_open'), false);
attest(function_exists('readline'), false);
attest(function_exists('rpm_open'), false);
attest(function_exists('runkit_lint'), false);
attest(class_exists('SAMConnection'), false);
attest(function_exists('satellite_object_to_string'), false);
attest(class_exists('SDO_DataFactory'), false);
attest(class_exists('SDO_DAS_XML'), false);
attest(class_exists('SDO_DAS_Relational'), false);
attest(function_exists('sem_acquire'), false);
attest(function_exists('sesam_connect'), false);
attest(function_exists('session_pgsql_get_field'), false);
attest(function_exists('shmop_open'), false);
attest(function_exists('simplexml_load_file'), true);
attest(class_exists('SoapServer'), false);
attest(function_exists('socket_accept'), false);
attest(function_exists('sqlite_exec'), true);
attest(function_exists('ssh2_connect'), false);
attest(function_exists('stats_variance'), false);
attest(function_exists('swf_viewport'), false);
attest(class_exists('Swish'), false);
attest(function_exists('sybase_query'), false);
attest(function_exists('tcpwrap_check'), false);
attest(class_exists('tidyNode'), false);
attest(function_exists('token_get_all'), true);
attest(function_exists('pfpro_init'), false);
attest(function_exists('vpopmail_alias_add'), false);
attest(function_exists('wddx_add_vars'), false);
attest(function_exists('xattr_set'), false);
attest(function_exists('xdiff_file_diff'), false);
attest(function_exists('xml_parse'), false);
attest(function_exists('xmlrpc_encode'), false);
attest(class_exists('XMLReader'), false);
attest(class_exists('XMLWriter'), false);
attest(class_exists('XSLTProcessor'), true);
attest(function_exists('xslt_create'), false);
attest(function_exists('yaz_connect'), false);
attest(function_exists('yp_all'), false);
attest(function_exists('zip_open'), true);
attest(function_exists('gzopen'), false);
// these function should be installed but disabled by default:
attest(function_exists('ereg_replace'), false);
attest(function_exists('ereg'), false);
attest(function_exists('eregi_replace'), false);
attest(function_exists('eregi'), false);
attest(function_exists('split'), false);
attest(function_exists('spliti'), false);
attest(function_exists('sql_regcase'), false);
attest(function_exists('escapeshellarg'), false);
attest(function_exists('escapeshellcmd'), false);
attest(function_exists('exec'), false);
attest(function_exists('passthru'), false);
attest(function_exists('proc_close'), false);
attest(function_exists('proc_get_status'), false);
attest(function_exists('proc_nice'), false);
attest(function_exists('proc_open'), false);
attest(function_exists('proc_terminate'), false);
attest(function_exists('shell_exec'), false);
attest(function_exists('system'), false);
$diff = array_diff(stream_get_filters(), array(
'string.toupper', 'string.tolower',
'string.base64', 'string.quoted-printable',
));
attest(empty($diff), true);
// probably need more gd attestations
}