Hash and Crc32 validator issue if hash has only digits

[Orajo]

I've found an issue in Hash::isValid() as well as in Crc32::isValid() methods. If tested file's hash has only digits, then in

$hashes = array_unique(array_keys($this->getHash()));

$hashes array has value which is an integer. And because hash_file returns string then

if ($filehash === $hash) {

returns false.

This is example file, which has digits only crc32 hash 0284a0f98c9787df3302fd7c9e6fd47d.pdf

I think, that solution is simple - casting to string before comparison:

        foreach ($hashes as $hash) {
            if ((string)$filehash === $hash) {
                return true;
            }
        }

[michalbundyra]

@Orajo

What version of zend-validator are you using? I believe we have fixed this issue in https://github.com/zendframework/zend-validator/pull/231 and released with 2.12.1.

$filehash is always string (result of hash_file) and $hash is user provided expected $hash. Since version 2.12.1 it is not possible to provide non-string expected hash.

[Orajo]

In my project i'm using ZF2, but also has ZF3 version with exactly 2.12.1 release. The fix in #231 has wrong assumptions, because some files has hashes, that consists only digits, and attached file is one of them. That's why this fix does not fix the problem, because even if I set it as string, after setting hash like that as array key and get it again using array_keys we get an integer, not a string.

$filehash = hash_file('crc32', '0284a0f98c9787df3302fd7c9e6fd47d.pdf');
var_dump($filehash);
$dummyArray = [$filehash => 'crc32'];
var_dump(array_keys($dummyArray));

results:

string(8) "10713230"
array(1) {
  [0] =>
  int(10713230)
}

[michalbundyra]

@Orajo Thanks for the last example. I can confirm - it is a bug.