[OWASP_PHPSEC] Hi

Paulo Guerreiro paulocmguerreiro at gmail.com
Thu Oct 10 14:13:15 UTC 2013


Hi, Rahul


Thanks for the answer, I didn't notice the isDate()  was used that way.
Theres no need for a fix then, sorry my bad  :)


Cheers
Paulo Guerreiro



2013/10/10 rahul chaudhary <rahul300chaudhary400 at gmail.com>

> Hey Paulo,
>
> I read your question again, and your issue that 2013-02-31 is coming true
> is not really an issue.
>
> The isDate() function inside BasicPasswordManagement is used to check if
> the password contains date-like format in it. So, it doesn't matter if 31
> Feb is coming true. :)
>
>
> On Wed, Oct 9, 2013 at 10:04 PM, rahul chaudhary <
> rahul300chaudhary400 at gmail.com> wrote:
>
>> Hello Paulo,
>>
>> First of all, sorry for this late reply....
>>
>> Now, what you said about date is correct, but a correct date format was
>> not the goal of this project at that time since we were bounded by time.
>> So, this date issue is for next release. In ver 2, we will try to solve
>> this date problem..
>>
>>
>> What you said about 2013-02-31 is also true and I never thought of
>> this....since you pointed it out, I will make an issue about this in github
>> and then we will try to solve it. In the mean time, if you have a solution,
>> then please correct the code and push it to the github. Thanks buddy for
>> showing your interest in this project.
>>
>>
>> On Sun, Oct 6, 2013 at 4:35 PM, Paulo Guerreiro <
>> paulocmguerreiro at gmail.com> wrote:
>>
>>> Hi all,
>>> I'm Paulo from Portugal and have just joined this project with hope to
>>> contribute to the phpsec.
>>>
>>> I have been browsing the code to understand it's structure and found a
>>> set of function, that i think it deserves it's own class.
>>> I'm talking about:
>>>     phpsec\BasicPasswordManagement::isDate
>>>     phpsec\BasicPasswordManagement::containsDate
>>>
>>> Since the framework already has this functions built-in, why not exposed
>>> it to the end developers (checking for dates, convert between formats, date
>>> intervals and so on, it's a everyday task when dealing with dates).
>>>
>>> What do you guys think? this way we could provide a richer (better
>>> controlled by the framework) api to the end developer?
>>>
>>> Now onto something usefull: Specially this two function could accept an
>>> optional second parameter, something like an ENUN representing several
>>> date formats. This would allow the developer checks if a date is valid and
>>> has a preferred format.
>>>
>>> The syntax could be something like:
>>>     isDate($string) : test all of the implemented formats (as it is)
>>>     isDate($string, \phpsec\Date::DDMMYYYY) : test only this format
>>>
>>>
>>> Lasty, this function triggers a false positive, it accepts dates out of
>>> range such as 2013-02-31
>>>
>>>
>>> Sorry for my long first post ... and hope you can understand my english
>>> :)
>>>
>>> Thanks
>>> Paulo Guerreiro
>>>
>>>
>>> _______________________________________________
>>> OWASP_PHP_Security_Project mailing list
>>> OWASP_PHP_Security_Project at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>>
>>>
>>
>>
>> --
>> Regards,
>> Rahul Chaudhary
>> Ph - 412-519-9634
>>
>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20131010/78e2224c/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list