Provide security tools around HTTP headers to prevent common injection vectors.
More...
|
| static | filter ($value) |
| | Filter a header value.
|
| |
| static | isValid ($value) |
| | Validate a header value.
|
| |
| static | assertValid ($value) |
| | Assert a header value is valid.
|
| |
| static | assertValidName ($name) |
| | Assert whether or not a header name is valid.
|
| |
Provide security tools around HTTP headers to prevent common injection vectors.
Code is largely lifted from the Zend implementation in Zend Framework, released with the copyright and license below.
- Copyright
- Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) http://framework.zend.com/license/new-bsd New BSD License
| static assertValid |
( |
|
$value | ) |
|
|
static |
Assert a header value is valid.
- Parameters
-
- Exceptions
-
| InvalidArgumentException | for invalid values |
| static assertValidName |
( |
|
$name | ) |
|
|
static |
Filter a header value.
Ensures CRLF header injection vectors are filtered.
Per RFC 7230, only VISIBLE ASCII characters, spaces, and horizontal tabs are allowed in values; header continuations MUST consist of a single CRLF sequence followed by a space or horizontal tab.
This method filters any values not allowed from the string, and is lossy.
- See Also
- http://en.wikipedia.org/wiki/HTTP_response_splitting
- Parameters
-
- Returns
- string
Validate a header value.
Per RFC 7230, only VISIBLE ASCII characters, spaces, and horizontal tabs are allowed in values; header continuations MUST consist of a single CRLF sequence followed by a space or horizontal tab.
- See Also
- http://en.wikipedia.org/wiki/HTTP_response_splitting
- Parameters
-
- Returns
- bool
