Is This Considered Secure?

Yii 1.1 General Discussion
1

Hi all,

Could this be considered a safe practice?

I have a ‘match’ base64 regex validation rule written for this specific model row but i don’t know if it’s used in this case:


public function actionValidate()

	{


        $model = User::model()->findByAttributes( array( 'activation_key'=>$_GET['hash'] ) );

rules


array(

  'activation_key',

  'match',

  'pattern'=>"/^#?([a-f0-9]{6}|[a-f0-9]{3})$/ ",					 

),

Thanks!

2

No, it’s not used. Also you can have ‘hash’ key undefined, so you’ll get a notice.

But I don’t see any security issues here, because passed data is binded as param, so in worst case you’ll find nothing.

Btw Yii version 2 has cool ad-hoc data validation. Join the dark side :)