You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, the following comparisons are true at least in PHP 5.2.10:
"1%6" == 1```
"3ab4" == 3```
Apparently the typecasting engine always returns the first "number" part of the string, regardless of the rest; if the first character is not a number, the return will be 0.
I suggest the following modification to solve the issue:
The following type of comparison in sanitizeInputValues() is used to ascertain if a string value is actually a string:
However, the following comparisons are true at least in PHP 5.2.10:
"3ab4" == 3```
Apparently the typecasting engine always returns the first "number" part of the string, regardless of the rest; if the first character is not a number, the return will be 0.
I suggest the following modification to solve the issue:
This will assure that the comparisons will not be made between a string and an integer directly, thus avoiding the bug.
Keywords: sanitizeInputValues, getRequestVar, sanitize, int, string
The text was updated successfully, but these errors were encountered: