Bug: "integer" validation rule 500 error

[shishamo]

PHP Version

8.1

CodeIgniter4 Version

4.2.5

CodeIgniter4 Installation Method

Manual (zip or tar.gz)

Which operating systems have you tested for this bug?

Linux

Which server did you use?

apache

Database

No response

What happened?

The validation rule "integer" fail as 500 error as below

{
    "title": "TypeError",
    "type": "TypeError",
    "code": 500,
    "message": "CodeIgniter\\Validation\\FormatRules::integer(): Argument #1 ($str) must be of type ?string, array given, called in /var/www/src/system/Validation/Validation.php on line 314",
    "file": "/var/www/src/system/Validation/FormatRules.php",
    "line": 132,
    "trace": [
        {
            "file": "/var/www/src/system/Validation/Validation.php",
            "line": 314,
            "function": "integer",
            "class": "CodeIgniter\\Validation\\FormatRules",
            "type": "->",
            "args": [
                [],
                null
            ]
        },
        {
            "file": "/var/www/src/system/Validation/Validation.php",
            "line": 163,
            "function": "processRules",
            "class": "CodeIgniter\\Validation\\Validation",
            "type": "->",
...

That validation allows string numeric (not integer) as well

Steps to Reproduce

Validation rule used

protected $validationRules = [
        'integerAcceptsStringNumeric' => 'integer',
        'integerArrayError' => 'integer',
];

Data to validate

$data = [
        'integerAcceptsStringNumeric' => '1',
        'integerArrayError' => [],
];

Expected Output

Validation fail and return 400 if the value is not an integer

Anything else?

No response

[ddevsr]

No error in my environment, i think this bug of behavior

[iRedds]

@ddevsr you missed the rule 'integerArrayError' => 'integer',

[ddevsr]

@iRedds Okay i updated

[kenjis]

@shishamo If you validate non string data, I recommend you use Strict Rules.
See https://codeigniter4.github.io/CodeIgniter4/libraries/validation.html#traditional-and-strict-rules
Traditional Rules may pass invalid type data.

[kenjis]

That validation allows string numeric (not integer) as well

You want strict typed validation, so this is not a bug. You must use Strict Rules.

[shishamo]

@kenjis
I see thank you for the support

I set the strict rules and i have

'integerGreaterThan1' => 'is_int|greater_than_equal_to[1]

and i have an error as below

{
    "title": "TypeError",
    "type": "TypeError",
    "code": 500,
    "message": "CodeIgniter\\Validation\\Rules::greater_than_equal_to(): Argument #1 ($str) must be of type ?string, int given, called in /var/www/src/system/Validation/StrictRules/Rules.php on line 88",
    "file": "/var/www/src/system/Validation/Rules.php",
    "line": 72,
    "trace": [
        {
            "file": "/var/www/src/system/Validation/StrictRules/Rules.php",
            "line": 88,
            "function": "greater_than_equal_to",
            "class": "CodeIgniter\\Validation\\Rules",
            "type": "->",
            "args": [
                5,
                "0"
            ]
        },
        {
            "file": "/var/www/src/system/Validation/Validation.php",
            "line": 315,
            "function": "greater_than_equal_to",
            "class": "CodeIgniter\\Validation\\StrictRules\\Rules",

[shishamo]

If i set the strict rules, does it mean than i cannot use the available rules in CI?

https://codeigniter4.github.io/CodeIgniter4/libraries/validation.html#available-rules

[kenjis]

If i set the strict rules, does it mean than i cannot use the available rules in CI?

No, all rules should be avaliable, and if not it is a bug.

CodeIgniter\Validation\Rules::greater_than_equal_to(): Argument #1 ($str) must be of type ?string, int given, called in /var/www/src/system/Validation/StrictRules/Rules.php on line 88",

It is a bug.

[kenjis]

@shishamo Should greater_than_equal_to[1] pass '1'?

[shishamo]

Sorry i didn't get the question well but

In case of the client as below

{
    "integerGreaterOrEqualTo1": 1,
}

Validation is true

{
    "integerGreaterOrEqualTo1": "1",
}

Validation is false

Accepts only strict integer type greater or equal to 1

[kenjis]

Thank you for your opinion.

Why "1" should be failed?

greater_than_equal_to
Fails if field is less than the parameter value, or not numeric.

greater_than_equal_to does not seem to assume the value is int.

[shishamo]

I need to be sure in the process of my api than the parameter in an integer
I can cast it in int by myself but it think it's better if i can validate the data directly when the client sent it to the api

Maybe better to create a custom rule for that validation then?

[kenjis]

I have a question. Is it ok if greater_than_equal_to can't handle numeric strings?

In that case, you can set the rule 'is_int|greater_than_equal_to[1]' if greater_than_equal_to[1] passes '1'.

[shishamo]

the problem in that case is if the client send

{
    "integerGreaterOrEqualTo1": "1",
}

there is no problem

but if he send

{
    "integerGreaterOrEqualTo1": 1,
}

a 500 error occurs now

if the value of integerGreaterOrEqualTo1 is automatically cast in string numeric when validate i can handle it and cast it in int after but i looks a bit strange i think?

because php is_int function check the strict type and validate only integer
https://www.php.net/manual/en/function.is-int.php

[kenjis]

It is just a bug. 1 should be passed without errors.

[kenjis]

@shishamo I sent a PR: #6492

[paulbalandan]

What is the consensus here? Is this a bug or not? If not, then we can close this and the related PR.

[kenjis]

I think this is a bug, because Errors should not happen in validations.

If a user send unexpected value, an error will occur in the validation.
If we switch to use declare(strict_types=1), type errors will occur.

However, the default Validation rule originally cannot properly validate JSON data.

[kenjis]

Since v4.3.0, Strict Validation Rules are used by default.
See #6908

[kenjis]

Does anyone want to fix this?

Why don't we make the traditional rules deprecated?

[neznaika0]

I switched to using strict rules. There are no problems yet

[kenjis]

Closed by #8078