ZF-3563: Zend_Form_Element_Multi, when validating, do not confirm that the value is a valid selection
It seems that the Zend_Form_Element_Multi can validate even though the data presented by the user does not match a valid option.
Example case: Create a form with a select box, such as "Title" with the options "Mr" and "Mrs". If a user POSTs results that contain "foo", it will still validate. While there are cases where you may wish to skip this kind of check, it strikes me as a serious hole in the validation strategy, specifically from a security standpoint.
I'm very much a newbie to Zend_Form, but I've attached a patch that seems to fix the problem for single and multi-selects.