Laminas Validator 2.14.0 issue with strict and strings

[cvigorsICBF]

Bug Report

Q	A
Version(s)	2.14.0

Summary

InArray validator no longer validates strings correctly. This is only an issue with this latest version (2.14.0)

Current behavior

When checking the value against the haystack and strict is enabled, if the value is not in the haystack, the validator validates to true, when it should be false. The issue is occuring in PHP 7.3.23.

How to reproduce

$validator = new Laminas\Validator\InArray([
    'haystack' => [
        0 => 'Y',
        1 => 'N',
    ],
    'strict'   => true,
]);

var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // true -  **THIS SHOULD BE FALSE**;

$validator = new Laminas\Validator\InArray([
    'haystack' => [
        0 => 'Y',
        1 => 'N',
    ],
    'strict'   => false,
]);

var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // false 

Expected behavior

$validator = new Laminas\Validator\InArray([
    'haystack' => [
        0 => 'Y',
        1 => 'N',
    ],
    'strict'   => true,
]);

var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // false

$validator = new Laminas\Validator\InArray([
    'haystack' => [
        0 => 'Y',
        1 => 'N',
    ],
    'strict'   => false,
]);

var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // false 

[froschdesign]

@cvigorsICBF
Please try the following like described in the documentation:

$validator = new Laminas\Validator\InArray([
    'haystack' => [
        0 => 'Y',
        1 => 'N',
    ],
    'strict'   => Laminas\Validator\InArray::COMPARE_STRICT,
]);

var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // false

$validator = new Laminas\Validator\InArray([
    'haystack' => [
        0 => 'Y',
        1 => 'N',
    ],
    'strict'   => Laminas\Validator\InArray::COMPARE_NOT_STRICT_AND_PREVENT_STR_TO_INT_VULNERABILITY,
]);

var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // false

$validator = new Laminas\Validator\InArray([
    'haystack' => [
        0 => 'Y',
        1 => 'N',
    ],
    'strict'   => Laminas\Validator\InArray::COMPARE_NOT_STRICT,
]);

var_dump($validator->isValid('Y')); // true
var_dump($validator->isValid('N')); // true
var_dump($validator->isValid('X')); // true

[boesing]

@froschdesign As this worked with 2.13.x, its a BC break, even tho, it would be fixed by changing to the constant.

I'll create a hotfix for this. Thanks for reporting @cvigorsICBF.
You might still consider switching to the constant as I mark this functionality as deprecated and thus it will be removed with 3.x

[froschdesign]

@boesing

As this worked with 2.13.x, its a BC break, even tho, it would be fixed by changing to the constant.

Did I say anything different? 😉

But there is another problem:

$validator = new Laminas\Validator\InArray([
    'haystack' => ['Y', 'N'],
    'strict'   => Laminas\Validator\InArray::COMPARE_NOT_STRICT,
]);

var_dump($validator->isValid('X')); // true

var_dump(in_array('X', ['Y', 'N'], false)); // false

laminas-validator/src/InArray.php

Lines 234 to 240 in 23623b4

	if (in_array($value, $haystack, self::COMPARE_STRICT == $this->strict)) {
	return true;
	}
	if (self::COMPARE_NOT_STRICT == $this->strict) {
	return true;
	}

[boesing]

In 2.13.X, false was treated as 0 (which is COMPARE_NOT_STRICT_AND_PREVENT_STR_TO_INT_VULNERABILITY).
I've created tests for this and converting boolean to the constant equivalents aswell as triggering E_USER_DEPRECATED error when boolean is used.

PR incoming.

[weierophinney]

Fixed with #83

[cvigorsICBF]

Thank you everyone for resolving this