ZF-12308: Zend Filter Input => wildcard-check in _filter is not complete



today I found some strange behavior in the _filter function of the class Zend_Input_Filter. If I define the following wrong filter-rule: $_filter = array ( '*' => 'StringTrim', 'StripTags');

The real array-structure is like this: $_filter = array ( '*' => 'StringTrim', 0 => 'StripTags');

The bug in my eyes is, that in den _filter function the following check against the wildcard isn't complete:

if ($ruleName == self::RULE_WILDCARD) {

$rulename will be the keyvalues of $_filter, so they will be '*' or 0. For the given condition both Values will return true. So both rules will be used for the all inputs.

But in the case, when I copy the first example, in the belief that the rules work correctly and expand them with an additional third rule:

$_filter = array ( '*' => 'StringTrim', 'StripTags','Alpha');

Here the third filter-rule won't be used to filter the inputfields.

I think the condition have to be change to following:

if ( self::RULE_WILDCARD === $ruleName) {

So you ensure that the wildcard-key only is a '*' of typ string.

Best regards, Steffen Probst


No comments to display