Type inconsistency between the filter_var function and it's callback on the $value parameter. #18760
Comments
|
As far as I understand, this doesn't actually affect the execution, it's just that this is wrong in the documentation. Correct? |
nielsdos
added
Extension: filter
Status: Needs Feedback
and removed
Status: Needs Triage
labels
|
No, the current "callback signature" is accurately described in the documentation. [The sample code generates a type error in execution.] The solution would require updates to execution and documentation. |
|
Thanks for getting back. <?php
$array = [
'test' => 1234,
'test2' => 'test',
'array' => ['A','B','C'],
];
unset($json);
$json=filter_var(
value:$array,
filter:FILTER_CALLBACK,
options:[
'options'=>function(
mixed $value,
):mixed{
return json_encode($value);
},
],
);
print_r($json);Results in: |
|
The use of I apologize for any confusion. And thank you for your debugging assistance and patience. Instead please refer to this updated sample code: <?php
unset($array);
$array=[
'test'=>1234,
'test2'=>'test',
];
echo gettype($array)."\n";
unset($json);
$json=filter_var(
value:$array,
filter:FILTER_CALLBACK,
options:[
'options'=>function(
mixed $value,
):mixed{
echo gettype($value)."\n";
return json_encode(array_values($value));
},
],
);
print_r($json);Results in: The following fatal error is then emitted:
|
|
Upon further investigation, I see that I overlooked a warning in the parameters documentation for the
Also the documentation on the use of arrays with FILTER_CALLBACK is lacking in clarity on how the function behaves. After analysis, I found that the user-defined function is applied recursively to all elements in the array, similar to
I'll also note that using the FILTER_FORCE_ARRAY flag with the Sample code: <?php
unset($array);
$array=filter_var(
value:[
'int'=>1234,
'float'=>0.123,
'string'=>'test',
'array'=>[
'A',
'B',
'C',
],
],
filter:FILTER_CALLBACK,
options:[
'options'=>function(
mixed $value,
):mixed{
return [
gettype($value),
$value,
];
},
],
);
print_r($array);Results in: This behavior was not aligned with my expectations. But with this new knowledge, I would like to propose the documentation be improved to better describe the above. [That would technically resolve the issue.] Separately, I would suggest improving the Side thoughts: I wonder if recasting the $value parameter as a string during filtering is historical cruft from PHP 5. Given the actual returned result from the function is mixed type, and there are flags like FILTER_REQUIRE_SCALAR and FILTER_REQUIRE_ARRAY for the validation filters. I apologize this turned out to not be a "hard" bug, and more of a misunderstanding/documentation issue. I thought I researched the topic well enough to make an informed bug report, but the subject proved deeper upon revisiting it. |
Uh oh!
There was an error while loading. Please reload this page.
Description
The filter_var function has the following description:
filter_var(mixed $value, int $filter = FILTER_DEFAULT, array|int $options = 0): mixedThe "callback signature" [description] of the User Defined Filter of the FILTER_CALLBACK filter is:
callback(string $value): mixedProblem:
This inconsistency prevents FILTER_CALLBACK from being used to sanitize arrays, such as those set in the predefined variables after an HTTP POST request.
e.g.: The following code generates a type error.[EDIT 2025-06-09:] The code sample in this post does not demonstrate the reported problem, see updated sample here: #18760 (comment)Solution:
The type of the $value parameter in the "callback signature" [description] should be changed to match its filter_var calling function. i.e.:
callback(mixed $value): mixedPHP Version
Operating System
Debian 6.1.140-1
The text was updated successfully, but these errors were encountered: