[RFC]: StringLength validator handling of malformed multibyte input
Closed this issue · 2 comments
RFC
| Q | A |
|---|---|
| Proposed Version(s) | 3.0.0 |
| BC Break? | No |
Background
In #278 the string length validator is changed so that malformed multibyte input, rejected by the underlying string wrapper, will cause a predictable exception.
Previously, in the 2.x series, errors, warnings and exceptions would propagate directly from function calls such as mb_strlen and the string wrapper.
Questions
Before releasing 3.0, it's worth addressing whether it would be a better course of action for this type of issue to become a validation failure or not
If consesus is that this condition should be a validation failure instead of an exception, should errors and warnings from iconv/mbstring/intl be silenced?
Paging @laminas/technical-steering-committee for comment
I would say that rejecting invalid input is better than crashing or silently accepting something potentially malicious.
Validation failure > exception > other handling here.