Is This Considered Secure?

Hi all,

Could this be considered a safe practice?

I have a ‘match’ base64 regex validation rule written for this specific model row but i don’t know if it’s used in this case:

public function actionValidate()


        $model = User::model()->findByAttributes( array( 'activation_key'=>$_GET['hash'] ) );





  'pattern'=>"/^#?([a-f0-9]{6}|[a-f0-9]{3})$/ ",					 



No, it’s not used. Also you can have ‘hash’ key undefined, so you’ll get a notice.

But I don’t see any security issues here, because passed data is binded as param, so in worst case you’ll find nothing.

Btw Yii version 2 has cool ad-hoc data validation. Join the dark side :)