Zend\Validator\InArray allows you to validate if a given value is contained within an array. It is also able to validate multidimensional arrays.
Supported options for Zend\Validator\InArray
The following options are supported for
haystack: Sets the haystack for the validation.
recursive: Defines if the validation should be done recursive. This option defaults to
strict: Three modes of comparison are offered owing to an often overlooked, and potentially dangerous security issue when validating string input from user input.
This is a normal in_array strict comparison that checks value and type.
This is a normal in_array non-strict comparison that checks value only.
This mode may give false positives when strings are compared against ints or floats owing to in_array's behaviour of converting strings to int in such cases. Therefore, "foo" would become 0, "43foo" would become 43, while "foo43" would also become 0.
To remedy the above warning, this mode offers a middle-ground which allows string representations of numbers to be successfully matched against either their string or int counterpart and vice versa. For example: "0" will successfully match against 0, but "foo" would not match against 0 as would be true in the
*COMPARE_NOT_STRICT*mode. This is the safest option to use when validating web input, and is the default.
Defines if the validation should be done strict. This option defaults to
Simple array validation
The simplest way, is just to give the array which should be searched against at initiation:
This will behave exactly like PHP's
Per default this validation is not strict nor can it validate multidimensional arrays.
Alternatively, you can define the array to validate against after object construction by using the
getHaystack() returns the actual set haystack array.
Array validation modes
As previously mentioned, there are possible security issues when using the default non-strict comparison mode, so rather than restricting the developer, we've chosen to offer both strict and non-strict comparisons and adding a safer middle-ground.
It's possible to set the strict mode at initialisation and afterwards with the
InArray::COMPARE_STRICT equates to
InArray::COMPARE_NOT_STRICT_AND_PREVENT_STR_TO_INT_VULNERABILITY equates to false.
Note that the strict setting is per default
Recursive array validation
In addition to PHP's
in_array() method this validator can also be used to validate multidimensional arrays.
To validate multidimensional arrays you have to set the recursive option.
Your array will then be validated recursively to see if the given value is contained. Additionally you could use
setRecursive() to set this option afterwards and
getRecursive() to retrieve it.
Default setting for recursion
Per default the recursive validation is turned off.
Option keys within the haystack
When you are using the keys '
strict' or '
recursive' within your haystack, then you must