ZF-6953: Identical should allow empty strings as valid token

Issue Type:
Improvement
Created:
2009-06-08T05:07:06.000+0000
Last Updated:
2009-06-25T12:50:44.000+0000
Status:
Resolved
Fix version(s):
  • 1.9.0 (31/Jul/09)
Reporter:
Sebastian Krebs (kingcrunch)
Assignee:
Thomas Weidner (thomas)
Tags:
  • Zend_Validate
Related issues:
Attachments:

Description

Currently Zend_Validate_Identical use empty() to test, if there is a "MISSING_TOKEN" error, but this means, that an empty string would also be a "missing token". I think an empty string should be a valid token, because if i test an empty string against an empty string-token it is valid in my opinion.

I use this validator for password confirmation, but when i edit a user an empty password is allowed as it means "no change". At the other hand there is the NotEmpty-validator which will validate the case, that its not allowed to be empty. It seems confusing, that two identical (empty) strings are not compareable this way.

Comments

Posted by Sebastian Krebs (kingcrunch) on 2009-06-08T05:34:53.000+0000

A possible solution:

class Zend_Validate_Identical extends Zend_Validate_Abstract
{
    // line 60
    protected $_token = null;

    // line 106
    public function isValid($value)
    {
        $this->_setValue($value);
        $token = $this->getToken();

        if (is_null($token)) {   // <----
            $this->_error(self::MISSING_TOKEN);
            return false;
        }

        if ($value !== $token)  {
            $this->_error(self::NOT_SAME);
            return false;
        }

        return true;
    }
}

or more simple (as setToken() cast to string anyway)

    // line 106
    public function isValid($value)
    {
        $this->_setValue($value);
        $token = $this->getToken();

        if (!is_string($token)) {   // <----
            $this->_error(self::MISSING_TOKEN);
            return false;
        }

        if ($value !== $token)  {
            $this->_error(self::NOT_SAME);
            return false;
        }

        return true;
    }

Posted by Thomas Weidner (thomas) on 2009-06-25T12:50:35.000+0000

Implemented with r16289