-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Form] 'NaN' string is mapped to a decimal field as a float(NaN) #3161
Comments
You shoud use validation for making sure it's a number: http://symfony.com/doc/current/book/validation.html This issue can be closed. |
@zerkms if you don't specify any validation rules, the validator will not complain about values. And your code does not have such constraints |
@stof: it is not about validation. Why does string maps to float(NaN)? It should be mapped at least to float(0), but float(NaN) is definitely not an expected result |
to what value will be mapped string 'NaN' with integer ORM model field? Right, to 0. So should be here! |
@stof: so if code doesn't have constraints - then it is good, that |
the issue is that the logger tries to json_encode the params to put the them in the log message, and it seems like it fails to do so. But anyway, why do you put NAN as a price ? |
@stof: so logger fails - it is wrong. Logger shouldn't rely on data, should it? Uhm, I just tried to put it. It doesn't matter. What does matter, that |
@zerkms how would you convert the params to a string in a way that keep things useful ? |
@stof: To keep things useful - logger shouldn't fail under any circumstance. Otherwise we wouldn't see the issue with model or user input, but only the issue with logger |
@stof: so? SF dev team doesn't care of logger that throws warnings on valid data? |
@zerkms : It's a Doctrine issue, address the issue to the Doctrine team. |
@alexandresalome: it is SF issue as well: logger shouldn't fail on any data, because it is logger and its work is to log anything passed to it |
@alexandresalome: and another question: you mentioned
how would I use validation rules if there is no built-in constraint for decimal? |
@zerkms there is built-in constraints. But you are not applying them on your class. |
@stof: there is no built-in constraint for decimal. Float constraint wouldn't help as well, because and what about:
|
You should use the "number" field type, which helps you in avoiding such problems. Also, there's the Type constraint for asserting that a variable has a specific type ("numeric" in your case). |
@bschussek: There is no |
@zerkms you are confusing the ORM mapping and the validator mapping. They are totally separate things |
@stof: Do I?
doesn't help as well, because And you still didn't mention if it is ok that logger cannot log valid values ;-) |
@zerkms: I was speaking about form field types, not Doctrine fields. Sure |
@bschussek: I've specified
Form is considered valid with |
Actually I've debug the code and found out that Doctrine has nothing to do with this transformation: Here is a tiny way to replicate the issue:
And the code itself is used by
So it is not doctrine issue. Symfony itself transforms any 'NaN' string to the |
@stof: guys, what do you think about the code above? |
@stof: just want to notice that the issue affects integers as well
this is what I see if pass |
@stoff it is the form validation that seems to be the issue. The form field 'number' validates non numbers to be type 'NaN' (Not a Number), which if tested in php's is_float() or is_numeric() method will pass instead of being invalidated. The field number type appears to have a bug i suspect, because if user input so happens to be the string (NaN) (and we cannot trust user input on the web) it could be passed and form validated successfully. Examples of nan failing in some numeric tests:
Example 2:
Run the above examples to see them fail in plain old PHP. A solution to ensuring the 'type' NaN (Not A Number) could be solved by in SF2's built in assert and form validators with a simple regular expression. |
Personally I'd go with implementation that doesn't differ the behaviour with string "omg" and string "nan". Obviously "omg" is not casted to number and left as is thus we get validation error. So "nan" should behave in absolutely the same way |
@bschussek: Guys, could anyone just give an answer: will some one ever open this bug? What else should I do to prove it is a bug?! Isn't that obvious for you that for now SF2 works with numbers in a wrong way? |
@zerkms i think the issue is people are mis-understanding the issue. For those who don't get it, write an entity, make one of the fields a float, add assert etc. build a form, and then in the numeric field, if you type anything that is not a number, the form invalidates, that is good, now type 'NaN' in the field, and it passes, though it should not! What it should do is invaidate that too. But it seems PHP treats the string NaN as a special case (Not A Number). You can never trust user input so even in these special cases this should not be allowed, and using a regular expression should help solve this issue to ensure the input is a valid float. This would just be a minor change to SF2s built in validators i think. This issue needs to be reopened. |
Not php, but SF2 does that. PHP passes the string as expected, but SF2 converts it to some terrible and unexpected float value (and I even referred to the lines that do that messy work) |
@zerkms do you have a proposed fix? If you correct the code in SF2 that is causing the issue perhaps one of the devs can merge your fix in if it provides enough clarity. |
@reecefowell, I haven't yet, because I just don't want to do the fix that will not be accepted in the future. It will be just the wasting of time if dev-team doesn't treat this bug as a bug |
Well, I tried it with an integer field. My observations:
So maybe int(NaN) is not possible, but only float(NaN). But simply ignoring NaN is also a bug because the form still uses the posted NaN for display but validation uses the entity default value. So entity state is not in synch with the form client data. So we have both a bug for float(number) and integer fields. @zerkms I'm sure it your PR would accepted if you also provide the unit tests that fail with the current code. |
Added test case in pull request: #3196 |
:edited The problem is in the way PHP does casting. We are casting too soon. |
Commits ------- 0533c1b [Form] Fixed: IntegerToLocalizedStringTransformer does not accept "NaN" as valid number anymore 8c63d6d [Form] Fixed: NumberToLocalizedStringTransformer does not accept "NaN" as valid number anymore aaa9de6 Added test case for checking that 'NaN' string converts into TransformationFailedException in NumberToLocalizedStringTransformer Discussion ---------- [Form] Disallowed "NaN" as input in number fields Bug fix: yes Feature addition: no Backwards compatibility break: no Symfony2 tests pass: yes Fixes the following tickets: #3161, #3196 Todo: nothing ![Travis Build Status](https://secure.travis-ci.org/bschussek/symfony.png?branch=issue3161)
I currently don't know how to fix this. Do you think this is a big issue?
Normal behaviour.
Can't reproduce. I get an "invalid" error.
Solved. |
Personally I think it is not a problem, but in some cases it could lead to unexpected application behaviour from user's point of view |
Well, seems like there is the similar issue if you pass single infinity UTF-8 character :-S |
Commits ------- 9a4e22e [Form] Disallowed infinity in NumberToLocalizedStringTransformer Discussion ---------- [Form] Disallowed infinity in NumberToLocalizedStringTransformer Bug fix: yes Feature addition: no Backwards compatibility break: no Symfony2 tests pass: yes Fixes the following tickets: #3161 Todo: - ![Travis Build Status](https://secure.travis-ci.org/bschussek/symfony.png?branch=issue3161)
I followed the tutorial at http://symfony.com/doc/current/book/doctrine.html and after that generated CRUD.
The
price
member looks like:If we specify
NaN
as a price form value - form is treated as valid and we get a warning from loggerI think that string
NaN
should be treated as invalid decimal value thus form should be treated as invalidPS: this is a dump of an object after validation and right before persisting (and logging)
The text was updated successfully, but these errors were encountered: