public static function HeaderSecurity::isValid in Zircon Profile 8
Same name and namespace in other branches
- 8.0 vendor/zendframework/zend-diactoros/src/HeaderSecurity.php \Zend\Diactoros\HeaderSecurity::isValid()
Validate a header value.
Per RFC 7230, only VISIBLE ASCII characters, spaces, and horizontal tabs are allowed in values; header continuations MUST consist of a single CRLF sequence followed by a space or horizontal tab.
Parameters
string $value:
Return value
bool
See also
http://en.wikipedia.org/wiki/HTTP_response_splitting
1 call to HeaderSecurity::isValid()
- HeaderSecurity::assertValid in vendor/
zendframework/ zend-diactoros/ src/ HeaderSecurity.php - Assert a header value is valid.
File
- vendor/
zendframework/ zend-diactoros/ src/ HeaderSecurity.php, line 97
Class
- HeaderSecurity
- Provide security tools around HTTP headers to prevent common injection vectors.
Namespace
Zend\DiactorosCode
public static function isValid($value) {
$value = (string) $value;
// Look for:
// \n not preceded by \r, OR
// \r not followed by \n, OR
// \r\n not followed by space or horizontal tab; these are all CRLF attacks
if (preg_match("#(?:(?:(?<!\r)\n)|(?:\r(?!\n))|(?:\r\n(?![ \t])))#", $value)) {
return false;
}
// Non-visible, non-whitespace characters
// 9 === horizontal tab
// 10 === line feed
// 13 === carriage return
// 32-126, 128-254 === visible
// 127 === DEL (disallowed)
// 255 === null byte (disallowed)
if (preg_match('/[^\\x09\\x0a\\x0d\\x20-\\x7E\\x80-\\xFE]/', $value)) {
return false;
}
return true;
}