GpsPoint validator needs a rewrite because it returns true for the input "foo, bar"
froschdesign opened this issue · 5 comments
I believe this validator should either be rewritten or removed entirely as it will return true for the input "foo, bar"
It expects a string as input in the form "latitude, longitude" :
public function isValid($value) { if (strpos($value, ',') === false) { $this->error(self::INCOMPLETE_COORDINATE, $value); return false; } [$lat, $long] = explode(',', $value);
but the
isValidCoordinate()
method blindly casts the supposed lat or long to a double:$doubleLatitude = (double) $value; if ($doubleLatitude <= $maxBoundary && $doubleLatitude >= $maxBoundary * -1) { return true; }
which results in a 0 value in the case of non-numerical strings, which then passes validation as a valid lat/long.
At the very least it should have explicit comments stating that the expected input is in a very particular format already.
Originally posted by @ajgale in #69 (comment)
Deprecation would be best then.
I have checked it in the unit tests and confirm the problem.
Another option would be to check if a number is included before conversion to double is done:
laminas-validator/src/GpsPoint.php
Lines 71 to 78 in ba665f5
Yah, using is_numeric
should be suitable here
Yah, using
is_numeric
should be suitable here
This will fail with the current test cases because coordinates like 63 47 24.691 N
are converted to 634724.691N
. The error for "out of bounds" is not set.
laminas-validator/test/GPSPointTest.php
Lines 79 to 86 in ba665f5