1Data::FormValidator::CoUnssetrraCionnttsr(i3b)uted PerlDDaotcau:m:eFnotramtViaolnidator::Constraints(3)
2
3
4
6 Data::FormValidator::Constraints - Basic sets of constraints on input
7 profile.
8
10 use Data::FormValidator::Constraints qw(:closures);
11
12 In an Data::FormValidator profile:
13
14 constraint_methods => {
15 email => email(),
16 phone => american_phone(),
17 first_names => {
18 constraint_method => FV_max_length(3),
19 name => 'my_custom_name',
20 },
21 },
22 msgs => {
23 constraints => {
24 my_custom_name => 'My message',
25 },
26 },
27
29 These are the builtin constraints that can be specified by name in the
30 input profiles.
31
32 Be sure to check out the SEE ALSO section for even more pre-packaged
33 constraints you can use.
34
35 FV_length_between(1,23)
36 FV_max_length(23)
37 FV_min_length(1)
38 use Data::FormValidator::Constraints qw(
39 FV_length_between
40 FV_min_length
41 FV_max_length
42 );
43
44 constraint_methods => {
45
46 # specify a min and max, inclusive
47 last_name => FV_length_between(1,23),
48
49 }
50
51 Specify a length constraint for a field.
52
53 These constraints have a different naming convention because they are
54 higher-order functions. They take input and return a code reference to
55 a standard constraint method. A constraint name of "length_between",
56 "min_length", or "max_length" will be set, corresponding to the
57 function name you choose.
58
59 The checks are all inclusive, so a max length of '100' will allow the
60 length 100.
61
62 Length is measured in perl characters as opposed to bytes or anything
63 else.
64
65 This constraint will untaint your data if you have untainting turned
66 on. However, a length check alone may not be enough to insure the
67 safety of the data you are receiving. Using additional constraints to
68 check the data is encouraged.
69
70 FV_eq_with
71 use Data::FormValidator::Constraints qw( FV_eq_with );
72
73 constraint_methods => {
74 password => FV_eq_with('password_confirm'),
75 }
76
77 Compares the current field to another field. A constraint name of
78 "eq_with" will be set.
79
80 FV_num_values
81 use Data::FormValidator::Constraints qw ( FV_num_values );
82
83 constraint_methods => {
84 attachments => FV_num_values(4),
85 }
86
87 Checks the number of values in the array named by this param. Note
88 that this is useful for making sure that only one value was passed for
89 a given param (by supplying a size argument of 1). A constraint name
90 of "num_values" will be set.
91
92 FV_num_values_between
93 use Data::FormValidator::Constraints qw ( FV_num_values_between );
94
95 constraint_methods => {
96 attachments => FV_num_values_between(1,4),
97 }
98
99 Checks that the number of values in the array named by this param is
100 between the supplied bounds (inclusively). A constraint name of
101 "num_values_between" will be set.
102
103 email
104 Checks if the email LOOKS LIKE an email address. This should be
105 sufficient 99% of the time.
106
107 Look elsewhere if you want something super fancy that matches every
108 possible variation that is valid in the RFC, or runs out and checks
109 some MX records.
110
111 state_or_province
112 This one checks if the input correspond to an american state or a
113 canadian province.
114
115 state
116 This one checks if the input is a valid two letter abbreviation of an
117 American state.
118
119 province
120 This checks if the input is a two letter Canadian province
121 abbreviation.
122
123 zip_or_postcode
124 This constraints checks if the input is an American zipcode or a
125 Canadian postal code.
126
127 postcode
128 This constraints checks if the input is a valid Canadian postal code.
129
130 zip
131 This input validator checks if the input is a valid american zipcode :
132 5 digits followed by an optional mailbox number.
133
134 phone
135 This one checks if the input looks like a phone number, (if it contains
136 at least 6 digits.)
137
138 american_phone
139 This constraints checks if the number is a possible North American
140 style of phone number : (XXX) XXX-XXXX. It has to contains 7 or more
141 digits.
142
143 cc_number
144 This constraint references the value of a credit card type field.
145
146 constraint_methods => {
147 cc_no => cc_number({fields => ['cc_type']}),
148 }
149
150 The number is checked only for plausibility, it checks if the number
151 could be valid for a type of card by checking the checksum and looking
152 at the number of digits and the number of digits of the number.
153
154 This functions is only good at catching typos. IT DOESN'T CHECK IF
155 THERE IS AN ACCOUNT ASSOCIATED WITH THE NUMBER.
156
157 cc_exp
158 This one checks if the input is in the format MM/YY or MM/YYYY and if
159 the MM part is a valid month (1-12) and if that date is not in the
160 past.
161
162 cc_type
163 This one checks if the input field starts by M(asterCard), V(isa),
164 A(merican express) or D(iscovery).
165
166 ip_address
167 This checks if the input is formatted like a dotted decimal IP address
168 (v4). For other kinds of IP address method, See Regexp::Common::net
169 which provides several more options. "REGEXP::COMMON SUPPORT" explains
170 how we easily integrate with Regexp::Common.
171
173 If you'd like, you can rename any of the built-in constraints. Just
174 define the constraint_method and name in a hashref, like this:
175
176 constraint_methods => {
177 first_names => {
178 constraint_method => FV_max_length(3),
179 name => 'custom_length',
180 }
181 },
182
184 Data::FormValidator also includes built-in support for using any of
185 regular expressions in Regexp::Common as named constraints. Simply use
186 the name of regular expression you want. This works whether you want
187 to untaint the data or not. For example:
188
189 use Data::FormValidator::Constraints qw(:regexp_common);
190
191 constraint_methods => {
192 my_ip_address => FV_net_IPv4(),
193
194 # An example with parameters
195 other_ip => FV_net_IPv4(-sep=>' '),
196 }
197
198 Notice that the routines are named with the prefix "FV_" instead of
199 "RE_" now. This is simply a visual cue that these are slightly
200 modified versions. We've made a wrapper for each Regexp::Common routine
201 so that it can be used as a named constraint like this.
202
203 Be sure to check out the Regexp::Common syntax for how its syntax
204 works. It will make more sense to add future regular expressions to
205 Regexp::Common rather than to Data::FormValidator.
206
208 You may also call these functions directly through the procedural
209 interface by either importing them directly or importing the whole
210 :validators group. This is useful if you want to use the built-in
211 validators out of the usual profile specification interface.
212
213 For example, if you want to access the email validator directly, you
214 could either do:
215
216 use Data::FormValidator::Constraints (qw/valid_email/);
217 or
218 use Data::FormValidator::Constraints (:validators);
219
220 if (valid_email($email)) {
221 # do something with the email address
222 }
223
224 Notice that when you call validators directly, you'll need to prefix
225 the validator name with "valid_"
226
227 Each validator also has a version that returns the untainted value if
228 the validation succeeded. You may call these functions directly through
229 the procedural interface by either importing them directly or importing
230 the :matchers group. For example if you want to untaint a value with
231 the email validator directly you may:
232
233 if ($email = match_email($email)) {
234 system("echo $email");
235 }
236 else {
237 die "Unable to validate email";
238 }
239
240 Notice that when you call validators directly and want them to return
241 an untainted value, you'll need to prefix the validator name with
242 "match_"
243
245 New School Constraints Overview
246 This is the current recommended way to write constraints. See also "Old
247 School Constraints".
248
249 The most flexible way to create constraints to use closures-- a normal
250 seeming outer subroutine which returns a customized DFV method
251 subroutine as a result. It's easy to do. These "constraint methods"
252 can be named whatever you like, and imported normally into the name
253 space where the profile is located.
254
255 Let's look at an example.
256
257 # Near your profile
258 # Of course, you don't have to export/import if your constraints are in the same
259 # package as the profile.
260 use My::Constraints 'coolness';
261
262 # In your profile
263 constraint_methods => {
264 email => email(),
265 prospective_date => coolness( 40, 60,
266 {fields => [qw/personality smarts good_looks/]}
267 ),
268 }
269
270 Let's look at how this complex "coolness" constraint method works. The
271 interface asks for users to define minimum and maximum coolness values,
272 as well as declaring three data field names that we should peek into to
273 look their values.
274
275 Here's what the code might look like:
276
277 sub coolness {
278 my ($min_cool,$max_cool, $attrs) = @_;
279 my ($personality,$smarts,$looks) = @{ $attrs->{fields} } if $attrs->{fields};
280 return sub {
281 my $dfv = shift;
282
283 # Name it to refer to in the 'msgs' system.
284 $dfv->name_this('coolness');
285
286 # value of 'prospective_date' parameter
287 my $val = $dfv->get_current_constraint_value();
288
289 # get other data to refer to
290 my $data = $dfv->get_filtered_data;
291
292 my $has_all_three = ($data->{$personality} && $data->{$smarts} && $data->{$looks});
293 return ( ($val >= $min_cool) && ($val <= $max_cool) && $has_all_three );
294 }
295 }
296
297 Old School Constraints
298 Here is documentation on how old school constraints are created. These
299 are supported, but the new school style documented above is
300 recommended.
301
302 See also the "validator_packages" option in the input profile, for
303 loading sets of old school constraints from other packages.
304
305 Old school constraint routines are named two ways. Some are named with
306 the prefix "match_" while others start with "valid_". The difference is
307 that the "match_" routines are built to untaint the data and return a
308 safe version of it if it validates, while "valid_" routines simply
309 return a true value if the validation succeeds and false otherwise.
310
311 It is preferable to write "match_" routines that untaint data for the
312 extra security benefits. Plus, Data::FormValidator will AUTOLOAD a
313 "valid_" version if anyone tries to use it, so you only need to write
314 one routine to cover both cases.
315
316 Usually constraint routines only need one input, the value being
317 specified. However, sometimes more than one value is needed.
318
319 Example:
320
321 image_field => {
322 constraint_method => 'max_image_dimensions',
323 params => [\100,\200],
324 },
325
326 Using that syntax, the first parameter that will be passed to the
327 routine is the Data::FormValidator object. The remaining parameters
328 will come from the "params" array. Strings will be replaced by the
329 values of fields with the same names, and references will be passed
330 directly.
331
332 In addition to "constraint_method", there is also an even older
333 technique using the name "constraint" instead. Routines that are
334 designed to work with "constraint" don't have access to
335 Data::FormValidator object, which means users need to pass in the name
336 of the field being validated. Besides adding unnecessary syntax to the
337 user interface, it won't work in conjunction with
338 "constraint_regexp_map".
339
340 Methods available for use inside of constraints
341 A few useful methods to use on the Data::FormValidator::Results object
342 are available to you to use inside of your routine.
343
344 get_input_data()
345
346 Returns the raw input data. This may be a CGI object if that's what was
347 used in the constraint routine.
348
349 Examples:
350
351 # Raw and uncensored
352 my $data = $self->get_input_data;
353
354 # tamed to be a hashref, if it wasn't already
355 my $data = $self->get_input_data( as_hashref => 1 );
356
357 get_filtered_data()
358
359 my $data = $self->get_filtered_data;
360
361 Returns the valid filtered data as a hashref, regardless of whether it
362 started out as a CGI.pm compatible object. Multiple values are
363 expressed as array references.
364
365 get_current_constraint_field()
366
367 Returns the name of the current field being tested in the constraint.
368
369 Example:
370
371 my $field = $self->get_current_constraint_field;
372
373 This reduces the number of parameters that need to be passed into the
374 routine and allows multi-valued constraints to be used with
375 "constraint_regexp_map".
376
377 For complete examples of multi-valued constraints, see
378 Data::FormValidator::Constraints::Upload
379
380 get_current_constraint_value()
381
382 Returns the name of the current value being tested in the constraint.
383
384 Example:
385
386 my $value = $self->get_current_constraint_value;
387
388 This reduces the number of parameters that need to be passed into the
389 routine and allows multi-valued constraints to be used with
390 "constraint_regexp_map".
391
392 get_current_constraint_name()
393
394 Returns the name of the current constraint being applied
395
396 Example:
397
398 my $value = $self->get_current_constraint_name;
399
400 This is useful for building a constraint on the fly based on its name.
401 It's used internally as part of the interface to the Regexp::Commmon
402 regular expressions.
403
404 untainted_constraint_value()
405
406 return $dfv->untainted_constraint_value($match);
407
408 If you have written a constraint which untaints, use this method to
409 return the untainted result. It will prepare the right result whether
410 the user has requested untainting or not.
411
412 name_this()
413
414 set_current_constraint_name()
415
416 Sets the name of the current constraint being applied.
417
418 Example:
419
420 sub my_constraint {
421 my @outer_params = @_;
422 return sub {
423 my $dfv = shift;
424 $dfv->set_current_constraint_name('my_constraint');
425 my @params = @outer_params;
426 # do something constraining here...
427 }
428 }
429
430 By returning a closure which uses this method, you can build an
431 advanced named constraint in your profile, before you actually have
432 access to the DFV object that will be used later. See
433 Data::FormValidator::Constraints::Upload for an example.
434
435 "name_this" is a provided as a shorter synonym.
436
437 The "meta()" method may also be useful to communicate meta data that
438 may have been found. See Data::FormValidator::Results for documentation
439 of that method.
440
442 Prior to Data::FormValidator 4.00, constraints were specified a bit
443 differently. This older style is still supported.
444
445 It was not necessary to explicitly load some constraints into your name
446 space, and the names were given as strings, like this:
447
448 constraints => {
449 email => 'email',
450 fax => 'american_phone',
451 phone => 'american_phone',
452 state => 'state',
453 my_ip_address => 'RE_net_IPv4',
454 other_ip => {
455 constraint => 'RE_net_IPv4',
456 params => [ \'-sep'=> \' ' ],
457 },
458 my_cc_no => {
459 constraint => 'cc_number',
460 params => [qw/cc_no cc_type/],
461 }
462 },
463
465 Constraints available in other modules
466 Data::FormValidator::Constraints::Upload - validate the bytes, format
467 and dimensions of file uploads
468 Data::FormValidator::Constraints::DateTime - A newer DateTime
469 constraint module. May save you a step of transforming the date into a
470 more useful format after it's validated.
471 Data::FormValidator::Constraints::Dates - the original DFV date
472 constraint module. Try the newer one first!
473 Data::FormValidator::Constraints::Japanese - Japan-specific constraints
474 Data::FormValidator::Constraints::MethodsFactory - a useful collection
475 of tools generate more complex constraints. Recommended!
476
477 Related modules in this package
478 Data::FormValidator::Filters - transform data before constraints are
479 applied
480 Data::FormValidator::ConstraintsFactory - This is a historical
481 collection of constraints that suffer from cumbersome names. They are
482 worth reviewing though-- "make_and_constraint" will allow one to
483 validate against a list of constraints and shortcircuit if the first
484 one fails. That's perfect if the second constraint depends on the first
485 one having passed. For a modern version of this toolkit, see
486 Data::FormValidator::Constraints::MethodsFactory.
487 Data::FormValidator
488
490 Some of those input validation functions have been taken from MiniVend
491 by Michael J. Heins
492
493 The credit card checksum validation was taken from contribution by
494 Bruce Albrecht to the MiniVend program.
495
497 Francis J. Lacoste
498 Michael J. Heins
499 Bruce Albrecht
500 Mark Stosberg
501
503 Copyright (c) 1999 iNsu Innovations Inc. All rights reserved.
504
505 Parts Copyright 1996-1999 by Michael J. Heins Parts Copyright 1996-1999
506 by Bruce Albrecht Parts Copyright 2005-2009 by Mark Stosberg
507
508 This program is free software; you can redistribute it and/or modify it
509 under the terms as perl itself.
510
511
512
513perl v5.32.0 2020-07-28Data::FormValidator::Constraints(3)