search

codeigniter4 / CodeIgniter4

Open Source PHP Framework (originally from EllisLab)
https://codeigniter.com/
MIT License
5.3k stars 1.89k forks source link

Bug: "integer" validation rule 500 error #6489

Closed shishamo closed 10 months ago

shishamo commented 2 years ago

PHP Version

8.1

CodeIgniter4 Version

4.2.5

CodeIgniter4 Installation Method

Manual (zip or tar.gz)

Which operating systems have you tested for this bug?

Linux

Which server did you use?

apache

Database

No response

What happened?

The validation rule "integer" fail as 500 error as below

{
    "title": "TypeError",
    "type": "TypeError",
    "code": 500,
    "message": "CodeIgniter\\Validation\\FormatRules::integer(): Argument #1 ($str) must be of type ?string, array given, called in /var/www/src/system/Validation/Validation.php on line 314",
    "file": "/var/www/src/system/Validation/FormatRules.php",
    "line": 132,
    "trace": [
        {
            "file": "/var/www/src/system/Validation/Validation.php",
            "line": 314,
            "function": "integer",
            "class": "CodeIgniter\\Validation\\FormatRules",
            "type": "->",
            "args": [
                [],
                null
            ]
        },
        {
            "file": "/var/www/src/system/Validation/Validation.php",
            "line": 163,
            "function": "processRules",
            "class": "CodeIgniter\\Validation\\Validation",
            "type": "->",
...

That validation allows string numeric (not integer) as well

Steps to Reproduce

Validation rule used

protected $validationRules = [
        'integerAcceptsStringNumeric' => 'integer',
        'integerArrayError' => 'integer',
];

Data to validate

$data = [
        'integerAcceptsStringNumeric' => '1',
        'integerArrayError' => [],
];

Expected Output

Validation fail and return 400 if the value is not an integer

Anything else?

No response

ddevsr commented 2 years ago

image

No error in my environment, i think this bug of behavior

iRedds commented 2 years ago

@ddevsr you missed the rule 'integerArrayError' => 'integer',

ddevsr commented 2 years ago

@iRedds Okay i updated

image

kenjis commented 2 years ago

@shishamo If you validate non string data, I recommend you use Strict Rules. See https://codeigniter4.github.io/CodeIgniter4/libraries/validation.html#traditional-and-strict-rules Traditional Rules may pass invalid type data.

kenjis commented 2 years ago

That validation allows string numeric (not integer) as well

You want strict typed validation, so this is not a bug. You must use Strict Rules.

shishamo commented 2 years ago

@kenjis I see thank you for the support

I set the strict rules and i have 

'integerGreaterThan1' => 'is_int|greater_than_equal_to[1]

and i have an error as below

{
    "title": "TypeError",
    "type": "TypeError",
    "code": 500,
    "message": "CodeIgniter\\Validation\\Rules::greater_than_equal_to(): Argument #1 ($str) must be of type ?string, int given, called in /var/www/src/system/Validation/StrictRules/Rules.php on line 88",
    "file": "/var/www/src/system/Validation/Rules.php",
    "line": 72,
    "trace": [
        {
            "file": "/var/www/src/system/Validation/StrictRules/Rules.php",
            "line": 88,
            "function": "greater_than_equal_to",
            "class": "CodeIgniter\\Validation\\Rules",
            "type": "->",
            "args": [
                5,
                "0"
            ]
        },
        {
            "file": "/var/www/src/system/Validation/Validation.php",
            "line": 315,
            "function": "greater_than_equal_to",
            "class": "CodeIgniter\\Validation\\StrictRules\\Rules",
shishamo commented 2 years ago

If i set the strict rules, does it mean than i cannot use the available rules in CI?

https://codeigniter4.github.io/CodeIgniter4/libraries/validation.html#available-rules

kenjis commented 2 years ago

If i set the strict rules, does it mean than i cannot use the available rules in CI?

No, all rules should be avaliable, and if not it is a bug.

CodeIgniter\Validation\Rules::greater_than_equal_to(): Argument #1 ($str) must be of type ?string, int given, called in /var/www/src/system/Validation/StrictRules/Rules.php on line 88",

It is a bug.

kenjis commented 2 years ago

@shishamo Should greater_than_equal_to[1] pass '1'?

shishamo commented 2 years ago

Sorry i didn't get the question well but

In case of the client as below

{
    "integerGreaterOrEqualTo1": 1,
}

Validation is true

{
    "integerGreaterOrEqualTo1": "1",
}

Validation is false

Accepts only strict integer type greater or equal to 1

kenjis commented 2 years ago

Thank you for your opinion.

Why "1" should be failed?

greater_than_equal_to Fails if field is less than the parameter value, or not numeric.

greater_than_equal_to does not seem to assume the value is int.

shishamo commented 2 years ago

I need to be sure in the process of my api than the parameter in an integer I can cast it in int by myself but it think it's better if i can validate the data directly when the client sent it to the api

Maybe better to create a custom rule for that validation then?

kenjis commented 2 years ago

I have a question. Is it ok if greater_than_equal_to can't handle numeric strings?

In that case, you can set the rule 'is_int|greater_than_equal_to[1]' if greater_than_equal_to[1] passes '1'.

shishamo commented 2 years ago

the problem in that case is if the client send

{
    "integerGreaterOrEqualTo1": "1",
}

there is no problem

but if he send

{
    "integerGreaterOrEqualTo1": 1,
}

a 500 error occurs now

if the value of integerGreaterOrEqualTo1 is automatically cast in string numeric when validate i can handle it and cast it in int after but i looks a bit strange i think?

because php is_int function check the strict type and validate only integer https://www.php.net/manual/en/function.is-int.php

kenjis commented 2 years ago

It is just a bug. 1 should be passed without errors.

kenjis commented 2 years ago

@shishamo I sent a PR: #6492

paulbalandan commented 1 year ago

What is the consensus here? Is this a bug or not? If not, then we can close this and the related PR.

kenjis commented 1 year ago

I think this is a bug, because Errors should not happen in validations.

If a user send unexpected value, an error will occur in the validation. If we switch to use declare(strict_types=1), type errors will occur.

However, the default Validation rule originally cannot properly validate JSON data.

kenjis commented 1 year ago

Since v4.3.0, Strict Validation Rules are used by default. See https://github.com/codeigniter4/CodeIgniter4/pull/6908

kenjis commented 1 year ago

Does anyone want to fix this?

Why don't we make the traditional rules deprecated?

neznaika0 commented 1 year ago

I switched to using strict rules. There are no problems yet

kenjis commented 10 months ago

Closed by #8078