X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FUtils%2FRule.php;h=61a467451fd26e106c6fd8d59e6b5b001f0b2320;hb=165bc6f5cf05fbe0a06eaac087227e0557c266f0;hp=060967d8b917b2aaf559cbca8ec65ac51f475ef1;hpb=fee14197b427c1781e369e5bfd36816afad6d7ee;p=civicrm-core.git

diff --git a/CRM/Utils/Rule.php b/CRM/Utils/Rule.php
index 060967d8b9..61a467451f 100644
--- a/CRM/Utils/Rule.php
+++ b/CRM/Utils/Rule.php
@@ -505,6 +505,27 @@ class CRM_Utils_Rule {
     return preg_match('/(^-?\d\d*\.\d*$)|(^-?\d\d*$)|(^-?\.\d\d*$)/', $value) ? TRUE : FALSE;
   }
 
+  /**
+   * Test whether $value is alphanumeric.
+   *
+   * Underscores and dashes are also allowed!
+   *
+   * This is the type of string you could expect to see in URL parameters
+   * like `?mode=live` vs `?mode=test`. This function exists so that we can be
+   * strict about what we accept for such values, thus mitigating against
+   * potential security issues.
+   *
+   * @see \CRM_Utils_RuleTest::alphanumericData
+   *   for examples of vales that give TRUE/FALSE here
+   *
+   * @param $value
+   *
+   * @return bool
+   */
+  public static function alphanumeric($value) {
+    return preg_match('/^[a-zA-Z0-9_-]*$/', $value) ? TRUE : FALSE;
+  }
+
   /**
    * @param $value
    * @param $noOfDigit