Fr3nch13/CakePHP Utilities

HeaderSecurity
in package

FinalYes

Provide security tools around HTTP headers to prevent common injection vectors.

Table of Contents

Methods

assertValid()  : void
Assert a header value is valid.
assertValidName()  : void
Assert whether or not a header name is valid.
filter()  : string
Filter a header value
isValid()  : bool
Validate a header value.
__construct()  : mixed
Private constructor; non-instantiable.

Methods

assertValid()

Assert a header value is valid.

public static assertValid(mixed $value) : void
Parameters
$value : mixed

Value to be tested. This method asserts it is a string or number.

Tags
throws
InvalidArgumentException

For invalid values.

filter()

Filter a header value

public static filter(string $value) : string

Ensures CRLF header injection vectors are filtered.

Per RFC 7230, only VISIBLE ASCII characters, spaces, and horizontal tabs are allowed in values; header continuations MUST consist of a single CRLF sequence followed by a space or horizontal tab.

This method filters any values not allowed from the string, and is lossy.

Parameters
$value : string
Tags
see
http://en.wikipedia.org/wiki/HTTP_response_splitting
Return values
string

isValid()

Validate a header value.

public static isValid(string|int|float $value) : bool

Per RFC 7230, only VISIBLE ASCII characters, spaces, and horizontal tabs are allowed in values; header continuations MUST consist of a single CRLF sequence followed by a space or horizontal tab.

Parameters
$value : string|int|float
Tags
see
http://en.wikipedia.org/wiki/HTTP_response_splitting
Return values
bool

__construct()

Private constructor; non-instantiable.

private __construct() : mixed
Tags
codeCoverageIgnore 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results