ZF-11819: Zend_Filter_Input raises PHP Notice when validator metacommand value is empty array

Description

Upgrading from 1.11.10 to 1.11.11 I experienced some problems with Zend_Filter_Input. Seems to be a backwards compatibility issue.

The following code:


$filters = array(
    'html' => 'StringTrim',
);

$validators = array(
    'html' => array('NotEmpty', 'presence' => 'required'),
    'perms' => array('default' => array()),
);

$validate = new Zend_Filter_Input($filters, $validators, array('html' => '
')); $validate->isValid();

produces the following error in 1.11.11:

{quote} PHP Notice: Undefined index: Stack trace:

0 /usr/share/php/Zend/Filter/Input.php(854): My_Error_Catch->error(8, 'Undefined index...', '/usr/share/php/...', 854, Array)

1 /usr/share/php/Zend/Filter/Input.php(786): Zend_Filter_Input->_validate()

2 /usr/share/php/Zend/Filter/Input.php(442): Zend_Filter_Input->_process()

3 .......(48): Zend_Filter_Input->isValid()

{quote}

Seems like setting the default to "array()" is causing the notice, is there anything wrong with setting the default to an array?

If ZF doesn't have to be backwards compatible I guess this is a non-issue?

Comments

It would appear that the fix for ZF-9289 (this commit) is the source of this notice.

I've also noticed that the format you use to define {{$validators}} is not one of the approved formats from the manual (see here); in your example the 'perms' key is an array but the first element is not the name of a validator class.

As 'perms' in your example doesn't represent a valid validator entry, it should be silently ignored as was the case pre-ZF-9289. I suggest a fix like this, which short-circuits the code addition of ZF-9289 if $rule[$classkey] is undefined:


Index: library/Zend/Filter/Input.php
===================================================================
--- library/Zend/Filter/Input.php       (revision 24503)
+++ library/Zend/Filter/Input.php       (working copy)
@@ -851,11 +851,13 @@
                     if (is_array($rule)) {
                         $keys      = array_keys($rule);
                         $classKey  = array_shift($keys);
-                        $ruleClass = $rule[$classKey];
-                        if ($ruleClass === 'NotEmpty') {
-                            $foundNotEmptyValidator = true;
-                            // field may not be empty, we are ready
-                            break 1;
+                        if ( isset($rule[classKey]) ) {
+                            $ruleClass = $rule[$classKey];
+                            if ($ruleClass === 'NotEmpty') {
+                                $foundNotEmptyValidator = true;
+                                // field may not be empty, we are ready
+                                break 1;
+                            }
                         }
                     }

{quote} As 'perms' in your example doesn't represent a valid validator entry, it should be silently ignored as was the case pre-ZF-9289. I suggest a fix like this, which short-circuits the code addition of ZF-9289 if $rule[$classkey] is undefined: {quote}

Agreed, I checked the manual and it was definitely an incorrect definition for 'perms'. I've updated this in my app already.

The notice is thrown even if I define a validator for perms though, for example:


$validators = array(
    'html' => array('NotEmpty', 'presence' => 'required'),
    'perms' => array('Int', 'default' => array()),
);

Only if I set 'default' to a string/null/boolean does the notice disappear:


$validators = array(
    'html' => array('NotEmpty', 'presence' => 'required'),
    'perms' => array('Int', 'default' => 'foo'),
);

That is due to fact that the code added in ZF-9289 (spec. Line 851) only operates when {{$rule}} (the value part of any key-value pair) is an array, but fails to check whether that array contains the requested key before trying to use it, so when passed an empty array it emits a notice. The fix I suggested above should take care of that problem.

Fixed in trunk r24504 r24506. Merged to release-1.11 in r24505 r24507.

ZF2 pull request: https://github.com/zendframework/zf2/pull/500