1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
NAME
Data::Validate::URI - common url validation methods
SYNOPSIS
use Data::Validate::URI qw(is_uri);
if(is_uri($suspect)){
print "Looks like an URI\n";
} else {
print "Not a URI\n";
}
# or as an object
my $v = Data::Validate::URI->new();
die "not a URI" unless ($v->is_uri('foo'));
DESCRIPTION
This module collects common URI validation routines to make input
validation, and untainting easier and more readable.
All functions return an untainted value if the test passes, and undef if
it fails. This means that you should always check for a defined status
explicitly. Don't assume the return will be true.
The value to test is always the first (and often only) argument.
There are a number of other URI validation modules out there as well
(see below.) This one focuses on being fast, lightweight, and relatively
'real-world'. i.e. it's good if you want to check user input, and don't
need to parse out the URI/URL into chunks.
Right now the module focuses on HTTP URIs, since they're arguably the
most common. If you have a specialized scheme you'd like to have
supported, let me know.
FUNCTIONS
new - constructor for OO usage
new();
*Description*
Returns a Data::Validator::URI object. This lets you access all
the validator function calls as methods without importing them
into your namespace or using the clumsy
Data::Validate::URI::function_name() format.
*Arguments*
None
*Returns*
Returns a Data::Validate::URI object
is_uri - is the value a well-formed uri?
is_uri($value);
*Description*
Returns the untainted URI if the test value appears to be
well-formed. Note that you may really want one of the more
practical methods like is_http_uri or is_https_uri, since the
URI standard (RFC 3986) allows a lot of things you probably
don't want.
*Arguments*
$value
The potential URI to test.
*Returns*
Returns the untainted URI on success, undef on failure.
*Notes, Exceptions, & Bugs*
This function does not make any attempt to check whether the URI
is accessible or 'makes sense' in any meaningful way. It just
checks that it is formatted correctly.
is_http_uri - is the value a well-formed HTTP uri?
is_http_uri($value);
*Description*
Specialized version of is_uri() that only likes http:// urls. As
a result, it can also do a much more thorough job validating.
Also, unlike is_uri() it is more concerned with only allowing
real-world URIs through. Things like relative hostnames are
allowed by the standards, but probably aren't wise. Conversely,
null paths aren't allowed per RFC 2616 (should be '/' instead),
but are allowed by this function.
This function only works for fully-qualified URIs. /bob.html
won't work. See RFC 3986 for the appropriate method to turn a
relative URI into an absolute one given its context.
Returns the untainted URI if the test value appears to be
well-formed.
Note that you probably want to either call this in combo with
is_https_uri(). i.e.
print "Good" if(is_http_uri($uri) || is_https_uri($uri));
or use the convenience method is_web_uri which is equivalent.
*Arguments*
$value
The potential URI to test.
*Returns*
Returns the untainted URI on success, undef on failure.
*Notes, Exceptions, & Bugs*
This function does not make any attempt to check whether the URI
is accessible or 'makes sense' in any meaningful way. It just
checks that it is formatted correctly.
is_https_uri - is the value a well-formed HTTPS uri?
is_https_uri($value);
*Description*
See is_http_uri() for details. This version only likes the https
URI scheme. Otherwise it's identical to is_http_uri()
*Arguments*
$value
The potential URI to test.
*Returns*
Returns the untainted URI on success, undef on failure.
*Notes, Exceptions, & Bugs*
This function does not make any attempt to check whether the URI
is accessible or 'makes sense' in any meaningful way. It just
checks that it is formatted correctly.
is_web_uri - is the value a well-formed HTTP or HTTPS uri?
is_web_uri($value);
*Description*
This is just a convinience method that combines is_http_uri and
is_https_uri to accept most common real-world URLs.
*Arguments*
$value
The potential URI to test.
*Returns*
Returns the untainted URI on success, undef on failure.
*Notes, Exceptions, & Bugs*
This function does not make any attempt to check whether the URI
is accessible or 'makes sense' in any meaningful way. It just
checks that it is formatted correctly.
is_tel_uri - is the value a well-formed telephone uri?
is_tel_uri($value);
*Description*
Specialized version of is_uri() that only likes tel: urls. As a
result, it can also do a much more thorough job validating
according to RFC 3966.
Returns the untainted URI if the test value appears to be
well-formed.
*Arguments*
$value
The potential URI to test.
*Returns*
Returns the untainted URI on success, undef on failure.
*Notes, Exceptions, & Bugs*
This function does not make any attempt to check whether the URI
is accessible or 'makes sense' in any meaningful way. It just
checks that it is formatted correctly.
SEE ALSO
URI, RFC 3986, RFC 3966, RFC 4694, RFC 4759, RFC 4904
AUTHOR
Richard Sonnen <sonnen@richardsonnen.com>.
is_tel_uri by David Dick <ddick@cpan.org>.
COPYRIGHT
Copyright (c) 2005 Richard Sonnen. All rights reserved.
This program is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
|
