-
Notifications
You must be signed in to change notification settings - Fork 7.9k
Type inconsistency between the filter_var function and it's callback on the $value parameter. #18760
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
As far as I understand, this doesn't actually affect the execution, it's just that this is wrong in the documentation. Correct? |
No, the current "callback signature" is accurately described in the documentation. [The sample code generates a type error in execution.] The solution would require updates to execution and documentation. |
Thanks for getting back. <?php
$array = [
'test' => 1234,
'test2' => 'test',
'array' => ['A','B','C'],
];
unset($json);
$json=filter_var(
value:$array,
filter:FILTER_CALLBACK,
options:[
'options'=>function(
mixed $value,
):mixed{
return json_encode($value);
},
],
);
print_r($json); Results in:
|
The use of I apologize for any confusion. And thank you for your debugging assistance and patience. Instead please refer to this updated sample code: <?php
unset($array);
$array=[
'test'=>1234,
'test2'=>'test',
];
echo gettype($array)."\n";
unset($json);
$json=filter_var(
value:$array,
filter:FILTER_CALLBACK,
options:[
'options'=>function(
mixed $value,
):mixed{
echo gettype($value)."\n";
return json_encode(array_values($value));
},
],
);
print_r($json); Results in:
The following fatal error is then emitted:
|
Upon further investigation, I see that I overlooked a warning in the parameters documentation for the
Also the documentation on the use of arrays with FILTER_CALLBACK is lacking in clarity on how the function behaves. After analysis, I found that the user-defined function is applied recursively to all elements in the array, similar to
I'll also note that using the FILTER_FORCE_ARRAY flag with the Sample code: <?php
unset($array);
$array=filter_var(
value:[
'int'=>1234,
'float'=>0.123,
'string'=>'test',
'array'=>[
'A',
'B',
'C',
],
],
filter:FILTER_CALLBACK,
options:[
'options'=>function(
mixed $value,
):mixed{
return [
gettype($value),
$value,
];
},
],
);
print_r($array); Results in:
This behavior was not aligned with my expectations. But with this new knowledge, I would like to propose the documentation be improved to better describe the above. [That would technically resolve the issue.] Separately, I would suggest improving the Side thoughts: I wonder if recasting the $value parameter as a string during filtering is historical cruft from PHP 5. Given the actual returned result from the function is mixed type, and there are flags like FILTER_REQUIRE_SCALAR and FILTER_REQUIRE_ARRAY for the validation filters. I apologize this turned out to not be a "hard" bug, and more of a misunderstanding/documentation issue. I thought I researched the topic well enough to make an informed bug report, but the subject proved deeper upon revisiting it. |
Uh oh!
There was an error while loading. Please reload this page.
Description
The filter_var function has the following description:
filter_var(mixed $value, int $filter = FILTER_DEFAULT, array|int $options = 0): mixed
The "callback signature" [description] of the User Defined Filter of the FILTER_CALLBACK filter is:
callback(string $value): mixed
Problem:
This inconsistency prevents FILTER_CALLBACK from being used to sanitize arrays, such as those set in the predefined variables after an HTTP POST request.
e.g.: The following code generates a type error.[EDIT 2025-06-09:] The code sample in this post does not demonstrate the reported problem, see updated sample here: #18760 (comment)Solution:
The type of the $value parameter in the "callback signature" [description] should be changed to match its filter_var calling function. i.e.:
callback(mixed $value): mixed
PHP Version
Operating System
Debian 6.1.140-1
The text was updated successfully, but these errors were encountered: