Piwik_Common::sanitizeInputValues (and by extension getRequestVar) treats values like "1%6" or "3ab4" as integers #962
Comments
|
Since $_GET and $_POST values are strings, don't is_int() and is_float() always fail? Could we simplify this? Is there a preference in terms of readability and/or performance? |
|
scratch my example What about this? |
|
Ok, the is_numeric() appears to be redundant and a waste of CPU cycles... |
|
In [1452], fix detection of malformed 'integer' and 'float' values |
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The following type of comparison in sanitizeInputValues() is used to ascertain if a string value is actually a string:
However, the following comparisons are true at least in PHP 5.2.10:
"3ab4" == 3```
Apparently the typecasting engine always returns the first "number" part of the string, regardless of the rest; if the first character is not a number, the return will be 0.
I suggest the following modification to solve the issue:
This will assure that the comparisons will not be made between a string and an integer directly, thus avoiding the bug.
Keywords: sanitizeInputValues, getRequestVar, sanitize, int, string
The text was updated successfully, but these errors were encountered: