History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
Issue Details (XML | Word | Printable)

Key: ZF-123
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Darby Felton
Reporter: Zend Framework
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Google issue summary
Zend Framework

Zend_Filter_Input doesn't check if requested key exists (TRAC#142)

Created: 21/Jun/06 10:35 PM   Updated: 05/Jul/07 02:44 PM
Component/s: Zend_Filter
Affects Version/s: 0.1.4
Fix Version/s: 0.1.5

Time Tracking:
Not Specified

File Attachments: 1. Text File zfi_zf-123.patch.txt (7 kb)


 Description  « Hide
http://framework.zend.com/developer/ticket/142

When we work in a STRICT mode and put a $_POST array to constructor and we have no longer access to those data then it is not possible to check if the key was send in request. When we work in a non-STRICT mode we could first check if the key was send (eg. if (array_key_exists('my_key', $_POST){...}) and then filter this data through Zend_Filter_Input but then we keep data in 2 copies ($_POST and Zend_Filter_Input::_source). I suggest checking if requested key exists in each method or adding new method eg. existsKey().

 All   Comments   Work Log   Change History   FishEye   Crucible      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Zend Framework - 21/Jun/06 10:36 PM

06/14/06 17:47:39: Modified by gavin

http://framework.zend.com/developer/browser/trunk/incubator/library/Zend/Controller

The new router (in version 0.1.4) will cleanly distinguish between:

?foo=bar ?foo= ?

Although not exactly the same issue, the final solution for both Zend_Controller_Action and Zend_Input_Filter should have consistent semantics. For example, null indicates parameter not available/given, an empty string indicates the parameter was supplied / is available, and a non-empty string would contain the value of the parameter.

References:

06/14/06 18:15:43: Modified by gavin

We should be able to distinguish between the absense or presence of an input parameter.

If Zend_Input_Filter is altered, the rationale in the documentation might also need updating: http://framework.zend.com/manual/en/zend.inputfilter.html


[ Permlink | « Hide ]
Kevin McArthur - 29/Jun/06 05:01 PM
Patch to resolve most problems.

Adds the keyExists function as well as ensures that no notices are thrown in strict mode by using array_key_exists first.


[ Permlink | « Hide ]
Kevin McArthur - 29/Jun/06 05:04 PM
Patch attached. Would prefer this makes 0.1.4.

[ Permlink | « Hide ]
Kevin McArthur - 30/Jun/06 02:41 PM
Updated fix version/affects version as it may have gotten into scm too late to make the 0.1.4 rls. Original patch was submitted june 14. I dont have karma on this component so can't commit it if the patch is approved.

[ Permlink | « Hide ]
Jayson Minard - 05/Jul/06 06:52 AM
Check and apply patch

[ Permlink | « Hide ]
Darby Felton - 05/Jul/06 01:22 PM
fixed by SVN revision 807

[ Permlink | « Hide ]
Jayson Minard - 11/Jul/06 11:54 AM
0.1.5 released


Powered by a free Atlassian JIRA open source license for Zend Framework. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.12.2-#300) - Bug/feature request - Atlassian news - Contact Administrators