Laminas Validator 2.14.0 issue with strict and strings
cvigorsICBF opened this issue · 6 comments
Bug Report
Q | A |
---|---|
Version(s) | 2.14.0 |
Summary
InArray validator no longer validates strings correctly. This is only an issue with this latest version (2.14.0)
Current behavior
When checking the value against the haystack and strict is enabled, if the value is not in the haystack, the validator validates to true, when it should be false. The issue is occuring in PHP 7.3.23.
How to reproduce
$validator = new Laminas\Validator\InArray([
'haystack' => [
0 => 'Y',
1 => 'N',
],
'strict' => true,
]);
var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // true - **THIS SHOULD BE FALSE**;
$validator = new Laminas\Validator\InArray([
'haystack' => [
0 => 'Y',
1 => 'N',
],
'strict' => false,
]);
var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // false
Expected behavior
$validator = new Laminas\Validator\InArray([
'haystack' => [
0 => 'Y',
1 => 'N',
],
'strict' => true,
]);
var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // false
$validator = new Laminas\Validator\InArray([
'haystack' => [
0 => 'Y',
1 => 'N',
],
'strict' => false,
]);
var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // false
@cvigorsICBF
Please try the following like described in the documentation:
$validator = new Laminas\Validator\InArray([
'haystack' => [
0 => 'Y',
1 => 'N',
],
'strict' => Laminas\Validator\InArray::COMPARE_STRICT,
]);
var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // false
$validator = new Laminas\Validator\InArray([
'haystack' => [
0 => 'Y',
1 => 'N',
],
'strict' => Laminas\Validator\InArray::COMPARE_NOT_STRICT_AND_PREVENT_STR_TO_INT_VULNERABILITY,
]);
var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // false
$validator = new Laminas\Validator\InArray([
'haystack' => [
0 => 'Y',
1 => 'N',
],
'strict' => Laminas\Validator\InArray::COMPARE_NOT_STRICT,
]);
var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // true
@froschdesign As this worked with 2.13.x, its a BC break, even tho, it would be fixed by changing to the constant.
I'll create a hotfix for this. Thanks for reporting @cvigorsICBF.
You might still consider switching to the constant as I mark this functionality as deprecated and thus it will be removed with 3.x
As this worked with 2.13.x, its a BC break, even tho, it would be fixed by changing to the constant.
Did I say anything different? 😉
But there is another problem:
$validator = new Laminas\Validator\InArray([
'haystack' => ['Y', 'N'],
'strict' => Laminas\Validator\InArray::COMPARE_NOT_STRICT,
]);
var_dump($validator->isValid('X')); // true
var_dump(in_array('X', ['Y', 'N'], false)); // false
laminas-validator/src/InArray.php
Lines 234 to 240 in 23623b4
In 2.13.X
, false
was treated as 0
(which is COMPARE_NOT_STRICT_AND_PREVENT_STR_TO_INT_VULNERABILITY
).
I've created tests for this and converting boolean to the constant equivalents aswell as triggering E_USER_DEPRECATED
error when boolean is used.
PR incoming.
Fixed with #83
Thank you everyone for resolving this