[BUG]: Validator\Numericality If not continuous, many letters and symbols will slip through

phalcon / cphalcon

High performance, full-stack PHP framework delivered as a C extension.

https://phalcon.io

BSD 3-Clause "New" or "Revised" License

10.78k stars 1.97k forks source link

[BUG]: Validator\Numericality If not continuous, many letters and symbols will slip through #16070

Closed s-ohnishi closed 2 years ago

s-ohnishi commented 2 years ago

Validator\Numericality::validate() uses this regular expression according to .zep. pattern = "/((^[-]?[0-9,]+(.[0-9]+)?$)|(^[-]?[0-9.]+(,[0-9]+)?$))/";

But isn't (.[0-9]+)? a mistake for (\.[0-9]+)??

Details

Phalcon version: 5.0.0 RC4
PHP Version: 8.1.9
Operating System: Debian on Docker (WSL2)
Installation type: Compiling from source
Zephir version (if any):
Server: Nginx/1.22.0

niden commented 2 years ago

Can you give an example of a string that would fail this?

s-ohnishi commented 2 years ago

define form

class SampleForm extends \Phalcon\Forms\Form
    public function initialize($entity = null, $options = [])
    {
        $elm = new Element\Text('foo');
        $elm->addValidator(
            new Validator\Numericality([
                'message'=>'enter numeric value, please',
                'allowEmpty'=>true
            ]),
        );
        $this->add($elm);
    }
}

in the controller

        $SampleForm = new \App\Forms\SampleForm();
        $ret = $SampleForm ->isValid($_POST);

results

$_POST['foo']   $res
'-12,000'       true
'-12,0@0'       true
'-12,0@@0'      false

Would you like a sample like this?

niden commented 2 years ago

Yes. Thank you. I will fix this shortly

niden commented 2 years ago

Resolved in https://github.com/phalcon/cphalcon/pull/16071

Thank you @s-ohnishi