Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing Issue #234 #235

Merged
merged 3 commits into from
May 25, 2021
Merged

Fixing Issue #234 #235

merged 3 commits into from
May 25, 2021

Conversation

pathumhdes
Copy link
Contributor

Fixing Issue #234 - sfValidatorBoolean - clean method returns true if the tainted value is 0 (integer zero)

alquerci
alquerci suggested changes Jun 19, 2020
View reviewed changes
Copy link
Contributor

@alquerci alquerci left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch.

>>> in_array(0, ['true', 't', 'yes', 'y', 'on', '1'])
=> true
# Because of
>>> (int) 'foo'
=> 0

Turn the check strict introduce a BC break when the value is an instance of class that implements __toString().

I suggest to:

  • Add test without taken true_values or false_values.

    So the test to add is

    $t->is($v->clean(0), false)

  • Add test when the value is an instance of class that implements __toString()

  • The patch can be to cast the value to string

alquerci
alquerci suggested changes Jun 20, 2020
View reviewed changes
lib/validator/sfValidatorBoolean.class.php Outdated
@@ -45,12 +45,13 @@ protected function configure($options = array(), $messages = array())
*/
protected function doClean($value)
{
if (in_array($value, $this->getOption('true_values')))
$stringValue = $value !== false ? (string) $value : '0';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just think that to string conversion trigger more problem than it solve (when the given value is an array).

We have a bug with 0 then only handle this case to be strict, and this minimum patch is enough to make it pass added tests, is'nt it ?

$checkValue = $value;

// Zero is equals to any string as it is the result of string casting `int`.
if (0 === $checkValue) {
    $checkValue = '0';
}

Full brain storming is following

No need to check whether the $value is not false as a string casting of false is an empty string.

>>> (string) false
=> ""

Moreover this condition add an hard-coded configuration. Think when a child class add there own configuration.

So after checking the latest Symfony version validator which have another context.

I suggest this following logic

if (true === $value) {
    $stringValue = 'true';
} elseif (false === $value) {
    $stringValue = 'false';
} else {
    $stringValue = (string) $value;
}

But we must be BC compatible so as Boolean values are an edge case then it is better to skip the casting to string.

@thePanz thePanz merged commit 6f521e9 into FriendsOfSymfony1:master May 25, 2021
@thePanz
Copy link
Member

thePanz commented May 25, 2021

Thanks @pathumhdes , merged!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alquerci alquerci alquerci approved these changes

@thePanz thePanz thePanz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pathumhdes @thePanz @alquerci