@mgc8 opened this issue on September 2nd 2009

The following type of comparison in sanitizeInputValues() is used to ascertain if a string value is actually a string:

if(is_int($value) || $value==(int)$value) $ok = true;

However, the following comparisons are true at least in PHP 5.2.10:

"1%6" == 1```

"3ab4" == 3```

Apparently the typecasting engine always returns the first "number" part of the string, regardless of the rest; if the first character is not a number, the return will be 0.

I suggest the following modification to solve the issue:

if(is_int($value) || (string)$value==(string)((int)$value)) $ok = true;

This will assure that the comparisons will not be made between a string and an integer directly, thus avoiding the bug.

Keywords: sanitizeInputValues, getRequestVar, sanitize, int, string

@robocoder commented on September 2nd 2009

Since $_GET and $_POST values are strings, don't is_int() and is_float() always fail?

Could we simplify this? Is there a preference in terms of readability and/or performance?

if(is_numeric($value) && is_int((int)$value))  $ok = true;
if((string)$value == (string)(int)$value)  $ok = true;
@robocoder commented on September 2nd 2009

scratch my example

What about this?

if(is_numeric($value) && ($value == (string)(int)$value))  $ok = true;
@robocoder commented on September 2nd 2009

Ok, the is_numeric() appears to be redundant and a waste of CPU cycles...

@robocoder commented on September 2nd 2009

In [1452], fix detection of malformed 'integer' and 'float' values

This issue was closed on September 2nd 2009
Powered by GitHub Issue Mirror