Skip to content
Permalink
Browse files

Backport fixes for comparison() and range() to 2.x

These fixes were released as a security update for 3.x, they also belong
in 2.x
  • Loading branch information...
markstory committed Aug 7, 2015
1 parent 056f24a commit b7c9ac913d05f7530784af8fb34166d33cb10af4
Showing with 42 additions and 0 deletions.
  1. +35 −0 lib/Cake/Test/Case/Utility/ValidationTest.php
  2. +7 −0 lib/Cake/Utility/Validation.php
@@ -930,6 +930,25 @@ public function testComparison() {
$this->assertFalse(Validation::comparison(7, '==', 6));
$this->assertFalse(Validation::comparison(7, 'not equal', 7));
$this->assertFalse(Validation::comparison(7, '!=', 7));
$this->assertTrue(Validation::comparison('6.5', '!=', 6));
$this->assertTrue(Validation::comparison('6.5', '<', 7));
}
/**
* Test comparison casting values before comparisons.
*
* @return void
*/
public function testComparisonTypeChecks() {
$this->assertFalse(Validation::comparison('\x028', '>=', 1), 'hexish encoding fails');
$this->assertFalse(Validation::comparison('0b010', '>=', 1), 'binary string data fails');
$this->assertFalse(Validation::comparison('0x01', '>=', 1), 'hex string data fails');
$this->assertFalse(Validation::comparison('0x1', '>=', 1), 'hex string data fails');
$this->assertFalse(Validation::comparison('\x028', '>=', 1.5), 'hexish encoding fails');
$this->assertFalse(Validation::comparison('0b010', '>=', 1.5), 'binary string data fails');
$this->assertFalse(Validation::comparison('0x02', '>=', 1.5), 'hex string data fails');
}
/**
@@ -2004,6 +2023,22 @@ public function testRange() {
$this->assertFalse(Validation::range('word'));
}
/**
* Test range type checks
*
* @return void
*/
public function testRangeTypeChecks() {
$this->assertFalse(Validation::range('\x028', 1, 5), 'hexish encoding fails');
$this->assertFalse(Validation::range('0b010', 1, 5), 'binary string data fails');
$this->assertFalse(Validation::range('0x01', 1, 5), 'hex string data fails');
$this->assertFalse(Validation::range('0x1', 1, 5), 'hex string data fails');
$this->assertFalse(Validation::range('\x028', 1, 5), 'hexish encoding fails');
$this->assertFalse(Validation::range('0b010', 1, 5), 'binary string data fails');
$this->assertFalse(Validation::range('0x02', 1, 5), 'hex string data fails');
}
/**
* testExtension method
*
@@ -242,6 +242,10 @@ public static function comparison($check1, $operator = null, $check2 = null) {
if (is_array($check1)) {
extract($check1, EXTR_OVERWRITE);
}
if ((float)$check1 != $check1) {
return false;
}
$operator = str_replace(array(' ', "\t", "\n", "\r", "\0", "\x0B"), '', strtolower($operator));
switch ($operator) {
@@ -757,6 +761,9 @@ public static function range($check, $lower = null, $upper = null) {
if (!is_numeric($check)) {
return false;
}
if ((float)$check != $check) {
return false;
}
if (isset($lower) && isset($upper)) {
return ($check > $lower && $check < $upper);
}

0 comments on commit b7c9ac9

Please sign in to comment.
You can’t perform that action at this time.