/usr/share/perl5/Data/FormValidator.pm is in libdata-formvalidator-perl 4.81-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 | # FormValidator.pm - Object that validates form input data.
#
# This file is part of Data::FormValidator.
#
# Author: Francis J. Lacoste
# Maintainer: Mark Stosberg <mark@stosberg.com>
#
# Copyright (C) 1999 Francis J. Lacoste, iNsu Innovations
# Parts Copyright 1996-1999 by Michael J. Heins
# Parts Copyright 1996-1999 by Bruce Albrecht
# Parts Copyright 2001-2005 by Mark Stosberg
#
# Parts of this module are based on work by
# Bruce Albrecht, contributed to
# MiniVend.
#
# Parts also based on work by Michael J. Heins
#
# This program is free software; you can redistribute it and/or modify
# it under the terms same terms as perl itself.
package Data::FormValidator;
use Exporter 'import';
use 5.008;
use Perl6::Junction qw(any none);
use Data::FormValidator::Results;
*_arrayify = \&Data::FormValidator::Results::_arrayify;
use Data::FormValidator::Filters ':filters';
use Data::FormValidator::Constraints qw(:validators :matchers);
our $VERSION = '4.81';
our %EXPORT_TAGS = (
filters => [qw/
filter_alphanum
filter_decimal
filter_digit
filter_dollars
filter_integer
filter_lc
filter_neg_decimal
filter_neg_integer
filter_phone
filter_pos_decimal
filter_pos_integer
filter_quotemeta
filter_sql_wildcard
filter_strip
filter_trim
filter_uc
filter_ucfirst
/],
validators => [qw/
valid_american_phone
valid_cc_exp
valid_cc_number
valid_cc_type
valid_email
valid_ip_address
valid_phone
valid_postcode
valid_province
valid_state
valid_state_or_province
valid_zip
valid_zip_or_postcode
/],
matchers => [qw/
match_american_phone
match_cc_exp
match_cc_number
match_cc_type
match_email
match_ip_address
match_phone
match_postcode
match_province
match_state
match_state_or_province
match_zip
match_zip_or_postcode
/],
);
our @EXPORT_OK = (@{ $EXPORT_TAGS{filters} }, @{ $EXPORT_TAGS{validators} }, @{ $EXPORT_TAGS{matchers} });
use strict;
use Symbol;
sub DESTROY {}
=pod
=head1 NAME
Data::FormValidator - Validates user input (usually from an HTML form) based
on input profile.
=head1 SYNOPSIS
use Data::FormValidator;
my $results = Data::FormValidator->check(\%input_hash, \%dfv_profile);
if ($results->has_invalid or $results->has_missing) {
# do something with $results->invalid, $results->missing
# or $results->msgs
}
else {
# do something with $results->valid
}
=head1 DESCRIPTION
Data::FormValidator's main aim is to make input validation expressible in a
simple format.
Data::FormValidator lets you define profiles which declare the
required and optional fields and any constraints they might have.
The results are provided as an object which makes it easy to handle
missing and invalid results, return error messages about which constraints
failed, or process the resulting valid data.
=cut
sub new {
my $proto = shift;
my $profiles_or_file = shift;
my $defaults = shift;
my $class = ref $proto || $proto;
if ($defaults) {
ref $defaults eq 'HASH' or
die 'second argument to new must be a hash ref';
}
my ($file, $profiles);
if (ref $profiles_or_file) {
$profiles = $profiles_or_file;
}
else {
$file = $profiles_or_file;
}
bless {
profile_file => $file,
profiles => $profiles,
defaults => $defaults,
}, $class;
}
=head1 VALIDATING INPUT
=head2 check()
my $results = Data::FormValidator->check(\%input_hash, \%dfv_profile);
C<check> is the recommended method to use to validate forms. It returns its results as a
L<Data::FormValidator::Results|Data::FormValidator::Results> object. A
deprecated method C<validate> is also available, returning its results as an
array described below.
use Data::FormValidator;
my $results = Data::FormValidator->check(\%input_hash, \%dfv_profile);
Here, C<check()> is used as a class method, and takes two required parameters.
The first a reference to the data to be be validated. This can either be a hash
reference, or a CGI.pm-like object. In particular, the object must have a param()
method that works like the one in CGI.pm does. CGI::Simple and Apache::Request
objects are known to work in particular. Note that if you use a hash reference,
multiple values for a single key should be presented as an array reference.
The second argument is a reference to the profile you are validating.
=head2 validate()
my( $valids, $missings, $invalids, $unknowns ) =
Data::FormValidator->validate( \%input_hash, \%dfv_profile);
C<validate()> provides a deprecated alternative to C<check()>. It has the same input
syntax, but returns a four element array, described as follows
=over
=item valids
This is a hash reference to the valid fields which were submitted in
the data. The data may have been modified by the various filters specified.
=item missings
This is a reference to an array which contains the name of the missing
fields. Those are the fields that the user forget to fill or filled
with spaces. These fields may comes from the I<required> list or the
I<dependencies> list.
=item invalids
This is a reference to an array which contains the name of the fields which
failed one or more of their constraint checks. If there are no invalid fields,
an empty arrayref will be returned.
Fields defined with multiple constraints will have an array ref returned in the
@invalids array instead of a string. The first element in this array is the
name of the field, and the remaining fields are the names of the failed
constraints.
=item unknowns
This is a list of fields which are unknown to the profile. Whether or
not this indicates an error in the user input is application
dependent.
=back
=head2 new()
Using C<new()> is only needed for advanced usage, including these cases:
=over
=item o
Loading more than one profile at a time. Then you can select the profile you
want by name later with C<check()>. Here's an example:
my $dfv = Data::FormValidator->new({
profile_1 => { # usual profile definition here },
profile_2 => { # another profile definition },
});
As illustrated, multiple profiles are defined through a hash ref whose keys point
to profile definitions.
You can also load several profiles from a file, by defining several profiles as shown above
in an external file. Then just pass in the name of the file:
my $dfv = Data::FormValidator->new('/path/to/profiles.pl');
If the input profile is specified as a file name, the profiles will be reread
each time that the disk copy is modified.
Now when calling C<check()>, you just need to supply the profile name:
my $results = $dfv->check(\%input_hash,'profile_1');
=item o
Applying defaults to more than one input profile. There are some parts
of the validation profile that you might like to re-use for many form
validations.
To facilitate this, C<new()> takes a second argument, a hash reference. Here
the usual input profile definitions can be made. These will act as defaults for
any subsequent calls to C<check()> on this object.
Currently the logic for this is very simple. Any definition of a key in your
validation profile will completely overwrite your default value.
This means you can't define two keys for C<constraint_regexp_map> and expect
they will always be there. This kind of feature may be added in the future.
The exception here is definitions for your C<msgs> key. You will safely be
able to define some defaults for the top level keys within C<msgs> and not have
them clobbered just because C<msgs> was defined in a validation profile.
One way to use this feature is to create your own sub-class that always provides
your defaults to C<new()>.
Another option is to create your own wrapper routine which provides these defaults to
C<new()>. Here's an example of a routine you might put in a
L<CGI::Application|CGI::Application> super-class to make use of this feature:
# Always use the built-in CGI object as the form data
# and provide some defaults to new constructor
sub check_form {
my $self = shift;
my $profile = shift
|| die 'check_form: missing required profile';
require Data::FormValidator;
my $dfv = Data::FormValidator->new({},{
# your defaults here
});
return $dfv->check($self->query,$profile);
}
=back
=cut
sub validate {
my ($self,$data,$name) = @_;
my $data_set = $self->check( $data,$name );
my $valid = $data_set->valid();
my $missing = $data_set->missing();
my $invalid = $data_set->{validate_invalid} || [];
my $unknown = [ $data_set->unknown ];
return ( $valid, $missing, $invalid, $unknown );
}
sub check {
my ( $self, $data, $name ) = @_;
# check can be used as a class method for simple cases
if (not ref $self) {
my $class = $self;
$self = {};
bless $self, $class;
}
my $profile;
if ( ref $name ) {
$profile = $name;
} else {
$self->load_profiles;
$profile = $self->{profiles}{$name};
die "No such profile $name\n" unless $profile;
}
die "input profile must be a hash ref" unless ref $profile eq "HASH";
# add in defaults from new(), if any
if ($self->{defaults}) {
$profile = { %{$self->{defaults}}, %$profile };
}
# check the profile syntax or die with an error.
_check_profile_syntax($profile);
my $results = Data::FormValidator::Results->new( $profile, $data );
# As a special case, pass through any defaults for the 'msgs' key.
$results->msgs($self->{defaults}->{msgs}) if $self->{defaults}->{msgs};
return $results;
}
=head1 INPUT PROFILE SPECIFICATION
An input profile is a hash reference containing one or more of the following
keys.
Here is a very simple input profile. Examples of more advanced options are
described below.
use Data::FormValidator::Constraints qw(:closures);
my $profile = {
optional => [qw( company
fax
country )],
required => [qw( fullname
phone
email
address )],
constraint_methods => {
email => email(),
}
};
That defines some fields as optional, some as required, and defines that the
field named 'email' must pass the constraint named 'email'.
Here is a complete list of the keys available in the input profile, with
examples of each.
=head2 required
This is an array reference which contains the name of the fields which are
required. Any fields in this list which are not present or contain only
spaces will be reported as missing.
=head2 required_regexp
required_regexp => qr/city|state|zipcode/,
This is a regular expression used to specify additional field names for which values
will be required.
=head2 require_some
require_some => {
# require any two fields from this group
city_or_state_or_zipcode => [ 2, qw/city state zipcode/ ],
}
This is a reference to a hash which defines groups of fields where 1 or more
fields from the group should be required, but exactly which fields doesn't
matter. The keys in the hash are the group names. These are returned as
"missing" unless the required number of fields from the group has been filled
in. The values in this hash are array references. The first element in this
array should be the number of fields in the group that is required. If the
first field in the array is not an a digit, a default of "1" will be used.
=head2 optional
optional => [qw/meat coffee chocolate/],
This is an array reference which contains the name of optional fields.
These are fields which MAY be present and if they are, they will be
checked for valid input. Any fields not in optional or required list
will be reported as unknown.
=head2 optional_regexp
optional_regexp => qr/_province$/,
This is a regular expression used to specify additional fields which are
optional. For example, if you wanted all fields names that begin with I<user_>
to be optional, you could use the regular expression, /^user_/
=head2 dependencies
dependencies => {
# If cc_no is entered, make cc_type and cc_exp required
"cc_no" => [ qw( cc_type cc_exp ) ],
# if pay_type eq 'check', require check_no
"pay_type" => {
check => [ qw( check_no ) ],
}
# if cc_type is VISA or MASTERCARD require CVV
"cc_type" => sub {
my $dfv = shift;
my $type = shift;
return [ 'cc_cvv' ] if ($type eq "VISA" || $type eq "MASTERCARD");
return [ ];
},
},
This is for the case where an optional field has other requirements. The
dependent fields can be specified with an array reference.
If the dependencies are specified with a hash reference then the additional
constraint is added that the optional field must equal a key for the
dependencies to be added.
If the dependencies are specified as a code reference then the code will be
executed to determine the dependent fields. It is passed two parameters,
the object and the value of the field, and it should return an array reference
containing the list of dependent fields.
Any fields in the dependencies list that are missing when the target is present
will be reported as missing.
=head2 dependency_groups
dependency_groups => {
# if either field is filled in, they all become required
password_group => [qw/password password_confirmation/],
}
This is a hash reference which contains information about groups of
interdependent fields. The keys are arbitrary names that you create and
the values are references to arrays of the field names in each group.
=head2 defaults
defaults => {
country => "USA",
},
This is a hash reference where keys are field names and
values are defaults to use if input for the field is missing.
The values can be code refs which will be used to calculate the
value if needed. These code refs will be passed in the DFV::Results
object as the only parameter.
The defaults are set shortly before the constraints are applied, and
will be returned with the other valid data.
=head2 defaults_regexp_map
defaults_regexp_map => {
qr/^opt_/ => 1,
},
This is a hash reference that maps regular expressions to default values to
use for matching optional or required fields.
It's useful if you have generated many checkbox fields with the similar names.
Since checkbox fields submit nothing at all when they are not checked, it's
useful to set defaults for them.
Note that it doesn't make sense to use a default for a field handled by
C<optional_regexp> or C<required_regexp>. When the field is not submitted,
there is no way to know that it should be optional or required, and thus there's
no way to know that a default should be set for it.
=head2 filters
# trim leading and trailing whitespace on all fields
filters => ['trim'],
This is a reference to an array of filters that will be applied to ALL optional
and required fields, B<before> any constraints are applied.
This can be the name of a built-in filter
(trim,digit,etc) or an anonymous subroutine which should take one parameter,
the field value and return the (possibly) modified value.
Filters modify the data returned through the results object, so use them carefully.
See L<Data::FormValidator::Filters> for details on the built-in filters.
=head2 field_filters
field_filters => {
cc_no => ['digit'],
},
A hash ref with field names as keys. Values are array references of built-in
filters to apply (trim,digit,etc) or an anonymous subroutine which should take
one parameter, the field value and return the (possibly) modified value.
Filters are applied B<before> any constraints are applied.
See L<Data::FormValidator::Filters> for details on the built-in filters.
=head2 field_filter_regexp_map
field_filter_regexp_map => {
# Upper-case the first letter of all fields that end in "_name"
qr/_name$/ => ['ucfirst'],
},
'field_filter_regexp_map' is used to apply filters to fields that match a
regular expression. This is a hash reference where the keys are the regular
expressions to use and the values are references to arrays of filters which
will be applied to specific input fields. Just as with 'field_filters', you
can you use a built-in filter or use a coderef to supply your own.
=head2 constraint_methods
use Data::FormValidator::Constraints qw(:closures);
constraint_methods => {
cc_no => cc_number({fields => ['cc_type']}),
cc_type => cc_type(),
cc_exp => cc_exp(),
},
A hash ref which contains the constraints that will be used to check whether or
not the field contains valid data.
B<Note:> To use the built-in constraints, they need to first be loaded into your
name space using the syntax above. (Unless you are using the old C<constraints> key,
documented in L<BACKWARDS COMPATIBILITY>).
The keys in this hash are field names. The values can be any of the following:
=over
=item o
A named constraint.
B<Example>:
my_zipcode_field => zip(),
See L<Data::FormValidator::Constraints> for the details of which
built-in constraints that are available.
=item o
A perl regular expression
B<Example>:
my_zipcode_field => qr/^\d{5}$/, # match exactly 5 digits
If this field is named in C<untaint_constraint_fields> or C<untaint_regexp_map>,
or C<untaint_all_constraints> is effective, be aware of the following: If you
write your own regular expressions and only match part of the string then
you'll only get part of the string in the valid hash. It is a good idea to
write you own constraints like /^regex$/. That way you match the whole string.
=item o
a subroutine reference, to supply custom code
This will check the input and return true or false depending on the input's validity.
By default, the constraint function receives a L<Data::FormValidator::Results>
object as its first argument, and the value to be validated as the second. To
validate a field based on more inputs than just the field itself, see
L<VALIDATING INPUT BASED ON MULTIPLE FIELDS>.
B<Examples>:
# Notice the use of 'pop'--
# the object is the first arg passed to the method
# while the value is the second, and last arg.
my_zipcode_field => sub { my $val = pop; return $val =~ '/^\d{5}$/' },
# OR you can reference a subroutine, which should work like the one above
my_zipcode_field => \&my_validation_routine,
# An example of setting the constraint name.
my_zipcode_field => sub {
my ($dfv, $val) = @_;
$dfv->set_current_constraint_name('my_constraint_name');
return $val =~ '/^\d{5}$/'
},
=item o
an array reference
An array reference is used to apply multiple constraints to a single
field. Any of the above options are valid entries the array.
See L<MULTIPLE CONSTRAINTS> below.
For more details see L<VALIDATING INPUT BASED ON MULTIPLE FIELDS>.
=back
=head2 constraint_method_regexp_map
use Data::FormValidator::Constraints qw(:closures);
# In your profile.
constraint_method_regexp_map => {
# All fields that end in _postcode have the 'postcode' constraint applied.
qr/_postcode$/ => postcode(),
},
A hash ref where the keys are the regular expressions to
use and the values are the constraints to apply.
If one or more constraints have already been defined for a given field using
C<constraint_methods>, C<constraint_method_regexp_map> will add an additional
constraint for that field for each regular expression that matches.
=head2 untaint_all_constraints
untaint_all_constraints => 1,
If this field is set, all form data that passes a constraint will be untainted.
The untainted data will be returned in the valid hash. Untainting is based on
the pattern match used by the constraint. Note that some constraint routines
may not provide untainting.
See L<Writing your own constraint routines|Data::FormValidator::Constraints/"WRITING YOUR OWN CONSTRAINT ROUTINES"> for more information.
This is overridden by C<untaint_constraint_fields> and C<untaint_regexp_map>.
=head2 untaint_constraint_fields
untaint_constraint_fields => [qw(zipcode state)],
Specifies that one or more fields will be untainted if they pass their
constraint(s). This can be set to a single field name or an array reference of
field names. The untainted data will be returned in the valid hash.
This overrides the untaint_all_constraints flag.
=head2 untaint_regexp_map
untaint_regexp_map => [qr/some_field_\d/],
Specifies that certain fields will be untainted if they pass their constraints
and match one of the regular expressions supplied. This can be set to a single
regex, or an array reference of regexes. The untainted data will be returned
in the valid hash.
The above example would untaint the fields named C<some_field_1>, and C<some_field_2>
but not C<some_field>.
This overrides the untaint_all_constraints flag.
=head2 missing_optional_valid
missing_optional_valid => 1
This can be set to a true value to cause optional fields with empty values to
be included in the valid hash. By default they are not included-- this is the
historical behavior.
This is an important flag if you are using the contents of an "update" form to
update a record in a database. Without using the option, fields that have been
set back to "blank" may fail to get updated.
=head2 validator_packages
# load all the constraints and filters from these modules
validator_packages => [qw(Data::FormValidator::Constraints::Upload)],
This key is used to define other packages which contain constraint routines or
filters. Set this key to a single package name, or an arrayref of several. All
of its constraint and filter routines beginning with 'match_', 'valid_' and
'filter_' will be imported into Data::FormValidator. This lets you reference
them in a constraint with just their name, just like built-in routines. You
can even override the provided validators.
See L<Writing your own constraint routines|Data::FormValidator::Constraints/"WRITING YOUR OWN CONSTRAINT ROUTINES">
documentation for more information
=head2 msgs
This key is used to define parameters related to formatting error messages
returned to the user.
By default, invalid fields have the message "Invalid" associated with them
while missing fields have the message "Missing" associated with them.
In the simplest case, nothing needs to be defined here, and the default values
will be used.
The default formatting applied is designed for display in an XHTML web page.
That formatting is as followings:
<span style="color:red;font-weight:bold" class="dfv_errors">* %s</span>
The C<%s> will be replaced with the message. The effect is that the message
will appear in bold red with an asterisk before it. This style can be overridden by simply
defining "dfv_errors" appropriately in a style sheet, or by providing a new format string.
Here's a more complex example that shows how to provide your own default message strings, as well
as providing custom messages per field, and handling multiple constraints:
msgs => {
# set a custom error prefix, defaults to none
prefix=> 'error_',
# Set your own "Missing" message, defaults to "Missing"
missing => 'Not Here!',
# Default invalid message, default's to "Invalid"
invalid => 'Problematic!',
# message separator for multiple messages
# Defaults to ' '
invalid_separator => ' <br /> ',
# formatting string, default given above.
format => 'ERROR: %s',
# Error messages, keyed by constraint name
# Your constraints must be named to use this.
constraints => {
'date_and_time' => 'Not a valid time format',
# ...
},
# This token will be included in the hash if there are
# any errors returned. This can be useful with templating
# systems like HTML::Template
# The 'prefix' setting does not apply here.
# defaults to undefined
any_errors => 'some_errors',
}
The hash that's prepared can be retrieved through the C<msgs> method
described in the L<Data::FormValidator::Results> documentation.
=head2 msgs - callback
I<This is a new feature. While it expected to be forward-compatible, it hasn't
yet received the testing the rest of the API has.>
If the built-in message generation doesn't suit you, it is also possible to
provide your own by specifying a code reference:
msgs => \&my_msgs_callback
This will be called as a L<Data::FormValidator::Results> method. It may
receive as arguments an additional hash reference of control parameters,
corresponding to the key names usually used in the C<msgs> area of the
profile. You can ignore this information if you'd like.
If you have an alternative error message handler you'd like to share, stick in
the C<Data::FormValidator::ErrMsgs> name space and upload it to CPAN.
=head2 debug
This method is used to print details about what is going on to STDERR.
Currently only level '1' is used. It provides information about which
fields matched constraint_regexp_map.
=head2 A shortcut for array refs
A number of parts of the input profile specification include array references
as their values. In any of these places, you can simply use a string if you
only need to specify one value. For example, instead of
filters => [ 'trim' ]
you can simply say
filters => 'trim'
=head2 A note on regular expression formats
In addition to using the preferred method of defining regular expressions
using C<qr>, a deprecated style of defining them as strings is also supported.
Preferred:
qr/this is great/
Deprecated, but supported
'm/this still works/'
=head1 VALIDATING INPUT BASED ON MULTIPLE FIELDS
You can pass more than one value into a constraint routine. For that, the
value of the constraint should be a hash reference. If you are creating your
own routines, be sure to read the section labeled
L<WRITING YOUR OWN CONSTRAINT ROUTINES>,
in the Data::FormValidator::Constraints documentation. It describes
a newer and more flexible syntax.
Using the original syntax, one key should be named C<constraint> and should
have a value set to the reference of the subroutine or the name of a built-in
validator. Another required key is C<params>. The value of the C<params> key
is a reference to an array of the other elements to use in the validation. If
the element is a scalar, it is assumed to be a field name. The field is known
to Data::FormValidator, the value will be filtered through any defined filters
before it is passed in. If the value is a reference, the reference is passed
directly to the routine. Don't forget to include the name of the field to
check in that list, if you are using this syntax.
B<Example>:
cc_no => {
constraint => "cc_number",
params => [ qw( cc_no cc_type ) ],
},
=head1 MULTIPLE CONSTRAINTS
Multiple constraints can be applied to a single field by defining the value of
the constraint to be an array reference. Each of the values in this array can
be any of the constraint types defined above.
When using multiple constraints it is important to return the name of the
constraint that failed so you can distinguish between them. To do that,
either use a named constraint, or use the hash ref method of defining a
constraint and include a C<name> key with a value set to the name of your
constraint. Here's an example:
my_zipcode_field => [
'zip',
{
constraint => '/^406/',
name => 'starts_with_406',
}
],
You can use an array reference with a single constraint in it if you just want
to have the name of your failed constraint returned in the above fashion.
Read about the C<validate()> function above to see how multiple constraints
are returned differently with that method.
=cut
sub load_profiles {
my $self = shift;
my $file = $self->{profile_file};
return unless $file;
die "No such file: $file\n" unless -f $file;
die "Can't read $file\n" unless -r _;
my $mtime = (stat _)[9];
return if $self->{profiles} and $self->{profiles_mtime} <= $mtime;
$self->{profiles} = do $file;
die "Input profiles didn't return a hash ref: $@\n"
unless ref $self->{profiles} eq "HASH";
$self->{profiles_mtime} = $mtime;
}
# check the profile syntax and die if we have an error
sub _check_profile_syntax {
my $profile = shift;
(ref $profile eq 'HASH') or
die "Invalid input profile: needs to be a hash reference\n";
my @invalid;
# check top level keys
{
my @valid_profile_keys = (qw/
constraint_methods
constraint_method_regexp_map
constraint_regexp_map
constraints
defaults
defaults_regexp_map
dependencies
dependency_groups
field_filter_regexp_map
field_filters
filters
missing_optional_valid
msgs
optional
optional_regexp
require_some
required
required_regexp
untaint_all_constraints
validator_packages
untaint_constraint_fields
untaint_regexp_map
debug
/);
# If any of the keys in the profile are not listed as
# valid keys here, we die with an error
for my $key (keys %$profile) {
push @invalid, $key unless ($key eq any(@valid_profile_keys));
}
local $" = ', ';
if (@invalid) {
die "Invalid input profile: keys not recognised [@invalid]\n";
}
}
# Check that constraint_methods are always code refs or REs
{
# Cases:
# 1. constraint_methods => { field => func() }
# 2. constraint_methods => { field => [ func() ] }
# 3. constraint_method_regex_map => { qr/^field/ => func() }
# 4. constraint_method_regex_map => { qr/^field/ => [ func() ] }
# 5. constraint_methods => { field => { constraint_method => func() } }
# Could be improved by also naming the associated key for the bad value.
for my $key (grep { $profile->{$_} } qw/constraint_methods constraint_method_regexp_map/) {
for my $val (map { _arrayify($_) } values %{ $profile->{$key} }) {
if ((ref $val eq 'HASH') and ref $val->{constraint_method} eq none('CODE','Regexp')) {
die "Value for constraint_method within hashref '$val->{constraint_method}' not a code reference or Regexp . Do you need func(), not 'func'?";
}
# Cases 1 through 4.
elsif (ref $val eq none('HASH','CODE','Regexp')) {
die "Value for constraint_method '$val' not a code reference or Regexp . Do you need func(), not 'func'?";
}
# Case 5.
else {
# We're cool. Nothing to do.
}
}
}
}
# Check constraint hash keys
{
my @valid_constraint_hash_keys = (qw/
constraint
constraint_method
name
params
/);
my @constraint_hashrefs = grep { ref $_ eq 'HASH' } values %{ $profile->{constraints} }
if $profile->{constraints};
push @constraint_hashrefs, grep { ref $_ eq 'HASH' } values %{ $profile->{constraint_regexp_map} }
if $profile->{constraint_regexp_map};
for my $href (@constraint_hashrefs) {
for my $key (keys %$href) {
push @invalid, $key unless ($key eq any(@valid_constraint_hash_keys));
}
}
if (@invalid) {
die "Invalid input profile: constraint hashref keys not recognised [@invalid]\n";
}
}
# Check msgs keys
{
my @valid_msgs_hash_keys = (qw/
prefix
missing
invalid
invalid_separator
invalid_seperator
format
constraints
any_errors
/);
if (ref $profile->{msgs} eq 'HASH') {
for my $key (keys %{ $profile->{msgs} }) {
push @invalid, $key unless ($key eq any(@valid_msgs_hash_keys));
}
}
if (@invalid) {
die "Invalid input profile: msgs keys not recognized: [@invalid]\n";
}
}
}
1;
__END__
=pod
=head1 ADVANCED VALIDATION
For even more advanced validation, you will likely want to read the
documentation for other modules in this distribution, linked below. Also keep
in mind that the Data::FormValidator profile structure is just another data
structure. There is no reason why it needs to be defined statically. The
profile could also be built on the fly with custom Perl code.
=head1 BACKWARDS COMPATIBILITY
=head2 validate()
my( $valids, $missings, $invalids, $unknowns ) =
Data::FormValidator->validate( \%input_hash, \%dfv_profile);
C<validate()> provides a deprecated alternative to C<check()>. It has the same input
syntax, but returns a four element array, described as follows
=over
=item valids
This is a hash reference to the valid fields which were submitted in
the data. The data may have been modified by the various filters specified.
=item missings
This is a reference to an array which contains the name of the missing
fields. Those are the fields that the user forget to fill or filled
with spaces. These fields may comes from the I<required> list or the
I<dependencies> list.
=item invalids
This is a reference to an array which contains the name of the fields
which failed one or more of their constraint checks.
Fields defined with multiple constraints will have an array ref returned in the
@invalids array instead of a string. The first element in this array is the
name of the field, and the remaining fields are the names of the failed
constraints.
=item unknowns
This is a list of fields which are unknown to the profile. Whether or
not this indicates an error in the user input is application
dependent.
=back
=head2 constraints (profile key)
This is a supported but deprecated profile key. Using C<constraint_methods> is
recommended instead, which provides a simpler, more versatile interface.
constraints => {
cc_no => {
constraint => "cc_number",
params => [ qw( cc_no cc_type ) ],
},
cc_type => "cc_type",
cc_exp => "cc_exp",
},
A hash ref which contains the constraints that
will be used to check whether or not the field contains valid data.
The keys in this hash are field names. The values can be any of the following:
=over
=item o
A named constraint.
B<Example>:
my_zipcode_field => 'zip',
See L<Data::FormValidator::Constraints> for the details of which
built-in constraints that are available.
=back
=head2 hashref style of specifying constraints
Using a hash reference to specify a constraint is an older technique
used to name a constraint or supply multiple parameters.
Both of these interface issues are now better addressed with C<constraint_methods>
and C<$self-\>name_this('foo')>.
# supply multiple parameters
cc_no => {
constraint => "cc_number",
params => [ qw( cc_no cc_type ) ],
},
# name a constraint, useful for returning error messages
last_name => {
name => "ends_in_name",
constraint => qr/_name$/,
},
Using a hash reference for a constraint permits the passing of multiple
arguments. Required arguments are C<constraint> or C<constraint_method>.
Optional arguments are C<name> and C<params>.
A C<name> on a constraints 'glues' the constraint to its error message
in the validator profile (refer C<msgs> section below). If no C<name> is
given then it will default to the value of C<constraint> or
C<constraint_method> IF they are NOT a CODE ref or a RegExp ref.
The C<params> value is a reference to an array of the parameters to pass
to the constraint method.
If an element of the C<params> list is a scalar, it is assumed to be naming
a key of the %input_hash and that value is passed to the routine.
If the parameter is a reference, then it is treated literally and passed
unchanged to the routine.
If you are using the older C<constraint> over
the new C<constraint_method> then don't forget to include the name of the
field to check in the C<params> list. C<constraint_method> provides access
to this value via the C<get_current_*> methods
(refer L<Data::FormValidator::Constraints>)
For more details see L<VALIDATING INPUT BASED ON MULTIPLE FIELDS>.
=head2 constraint_regexp_map (profile key)
This is a supported by deprecated profile key. Using
C<constraint_methods_regexp_map> is recommended instead.
constraint_regexp_map => {
# All fields that end in _postcode have the 'postcode' constraint applied.
qr/_postcode$/ => 'postcode',
},
A hash ref where the keys are the regular expressions to
use and the values are the constraints to apply.
If one or more constraints have already been defined for a given field using
"constraints", constraint_regexp_map will add an additional constraint for that
field for each regular expression that matches.
=head1 SEE ALSO
B<Other modules in this distribution:>
L<Data::FormValidator::Constraints|Data::FormValidator::Constraints>
L<Data::FormValidator::Constraints::Dates|Data::FormValidator::Constraints::Dates>
L<Data::FormValidator::Constraints::Upload|Data::FormValidator::Constraints::Upload>
L<Data::FormValidator::ConstraintsFactory|Data::FormValidator::ConstraintsFactory>
L<Data::FormValidator::Filters|Data::FormValidator::Filters>
L<Data::FormValidator::Results|Data::FormValidator::Results>
B<A sample application by the maintainer:>
Validating Web Forms with Perl, L<http://mark.stosberg.com/Tech/perl/form-validation/>
B<Related modules:>
L<Data::FormValidator::Tutorial|Data::FormValidator::Tutorial>
L<Data::FormValidator::Util::HTML|Data::FormValidator::Util::HTML>
L<CGI::Application::ValidateRM|CGI::Application::ValidateRM>, a
CGI::Application & Data::FormValidator glue module
L<HTML::Template::Associate::FormValidator|HTML::Template::Associate::FormValidator> is designed
to make some kinds of integration with HTML::Template easier.
L<Params::Validate|Params::Validate> is useful for validating function parameters.
L<Regexp::Common|Regexp::Common>,
L<Data::Types|Data::Types>,
L<Data::Verify|Data::Verify>,
L<Email::Valid|Email::Valid>,
L<String::Checker|String::Checker>,
L<CGI::ArgChecker|CGI::ArgChecker>,
L<CGI::FormMagick::Validator|CGI::FormMagick::Validator>,
L<CGI::Validate|CGI::Validate>
B<Document Translations:>
Japanese: L<http://perldoc.jp/docs/modules/>
B<Distributions which include Data::FormValidator>
FreeBSD includes a port named B<p5-Data-FormValidator>
Debian GNU/Linux includes a port named B<libdata-formvalidator-perl>
=head1 CREDITS
Some of those input validation functions have been taken from MiniVend
by Michael J. Heins.
The credit card checksum validation was taken from contribution by Bruce
Albrecht to the MiniVend program.
=head1 BUGS
Bug reports and patches are welcome. Reports which include a failing Test::More
style test are helpful will receive priority.
L<http://rt.cpan.org/NoAuth/Bugs.html?Dist=Data-FormValidator>
=head1 CONTRIBUTING
This project is managed using the darcs source control system (
http://www.darcs.net/ ). You can browse, pull and fork the repo here:
http://hub.darcs.net/markstos/Data--FormValidator
B<Support Mailing List>
If you have any questions, comments, or feature suggestions, post them to the
support mailing list! To join the mailing list, visit
L<http://lists.sourceforge.net/lists/listinfo/cascade-dataform>
Messages about DFV sent directly to the maintainer may be redirected here.
=head1 AUTHOR
Parts Copyright 2001-2006 by Mark Stosberg <mark at summersault.com>, (Current Maintainer)
Copyright (c) 1999 Francis J. Lacoste and iNsu Innovations Inc. All rights reserved.
(Original Author)
Parts Copyright 1996-1999 by Michael J. Heins <mike@heins.net>
Parts Copyright 1996-1999 by Bruce Albrecht <bruce.albrecht@seag.fingerhut.com>
=head1 LICENSE
This program is free software; you can redistribute it and/or modify
it under the terms as perl itself.
=cut
|