CStringValidator fails on value = array #1955

Closed
Krizz opened this Issue Jan 11, 2013 · 10 comments

Comments

Projects
None yet
5 participants
@Krizz

Krizz commented Jan 11, 2013

PHP warning

mb_strlen() expects parameter 1 to be string, array given

yii/framework/validators/CStringValidator.php(85)

@samdark

This comment has been minimized.

Show comment Hide comment
@samdark

samdark Jan 11, 2013

Owner

How did you get an array inside of it?

Owner

samdark commented Jan 11, 2013

How did you get an array inside of it?

@ghost ghost assigned samdark Jan 11, 2013

@Krizz

This comment has been minimized.

Show comment Hide comment
@Krizz

Krizz Jan 11, 2013

I use CFormModel to validate user input from GET requests and if some user would change the URL string to contain an array then it will give this error.

Krizz commented Jan 11, 2013

I use CFormModel to validate user input from GET requests and if some user would change the URL string to contain an array then it will give this error.

@samdark

This comment has been minimized.

Show comment Hide comment
@samdark

samdark Jan 11, 2013

Owner

@yiisoft/core-developers I've already discussed this one with Qiang and he thinks it's not a problem. I think we should check for arrays in input. What do you think?

Owner

samdark commented Jan 11, 2013

@yiisoft/core-developers I've already discussed this one with Qiang and he thinks it's not a problem. I think we should check for arrays in input. What do you think?

@mdomba

This comment has been minimized.

Show comment Hide comment
@mdomba

mdomba Jan 11, 2013

Member

I agree that it's not a problem that should be checked in the core... The user could change any URL string in any part of the webapp... so by that we would need to sanitize every possible values in all core parts?

Member

mdomba commented Jan 11, 2013

I agree that it's not a problem that should be checked in the core... The user could change any URL string in any part of the webapp... so by that we would need to sanitize every possible values in all core parts?

@AnderoKoplus

This comment has been minimized.

Show comment Hide comment
@AnderoKoplus

AnderoKoplus Jan 11, 2013

no you should not validate all core parts for arrays, but you should make sure that the validator does not generate an error/warning on invalid user input. it is a validator :)

no you should not validate all core parts for arrays, but you should make sure that the validator does not generate an error/warning on invalid user input. it is a validator :)

@samdark

This comment has been minimized.

Show comment Hide comment
@samdark

samdark Jan 11, 2013

Owner

There's just one possibility that causes errors: something[]=xxx

Owner

samdark commented Jan 11, 2013

There's just one possibility that causes errors: something[]=xxx

@samdark

This comment has been minimized.

Show comment Hide comment
@samdark

samdark Jan 11, 2013

Owner

Makes sense. I think I'll handle this one by adding proper tests and checking for arrays.

Owner

samdark commented Jan 11, 2013

Makes sense. I think I'll handle this one by adding proper tests and checking for arrays.

@mdomba

This comment has been minimized.

Show comment Hide comment
@mdomba

mdomba Jan 11, 2013

Member

are you sure all other validators does not have the same issue if a user messes with the URL ?

Member

mdomba commented Jan 11, 2013

are you sure all other validators does not have the same issue if a user messes with the URL ?

@mlamp

This comment has been minimized.

Show comment Hide comment
@mlamp

mlamp Jan 11, 2013

It makes sense that Validator is input type proof (especially it should not give PHP warning). But as for other validators - it seems some of the tests are including array tests (like CTypeValidatorTest), which doesn't result PHP warning.

mlamp commented Jan 11, 2013

It makes sense that Validator is input type proof (especially it should not give PHP warning). But as for other validators - it seems some of the tests are including array tests (like CTypeValidatorTest), which doesn't result PHP warning.

@samdark

This comment has been minimized.

Show comment Hide comment
@samdark

samdark Jan 11, 2013

Owner

@mdomba some others are affected as well.

Owner

samdark commented Jan 11, 2013

@mdomba some others are affected as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment