Issues

ZF-6953: Identical should allow empty strings as valid token

Description

Currently Zend_Validate_Identical use empty() to test, if there is a "MISSING_TOKEN" error, but this means, that an empty string would also be a "missing token". I think an empty string should be a valid token, because if i test an empty string against an empty string-token it is valid in my opinion.

I use this validator for password confirmation, but when i edit a user an empty password is allowed as it means "no change". At the other hand there is the NotEmpty-validator which will validate the case, that its not allowed to be empty. It seems confusing, that two identical (empty) strings are not compareable this way.

Comments

A possible solution:

class Zend_Validate_Identical extends Zend_Validate_Abstract
{
    // line 60
    protected $_token = null;

    // line 106
    public function isValid($value)
    {
        $this->_setValue($value);
        $token = $this->getToken();

        if (is_null($token)) {   // <----
            $this->_error(self::MISSING_TOKEN);
            return false;
        }

        if ($value !== $token)  {
            $this->_error(self::NOT_SAME);
            return false;
        }

        return true;
    }
}

or more simple (as setToken() cast to string anyway)

    // line 106
    public function isValid($value)
    {
        $this->_setValue($value);
        $token = $this->getToken();

        if (!is_string($token)) {   // <----
            $this->_error(self::MISSING_TOKEN);
            return false;
        }

        if ($value !== $token)  {
            $this->_error(self::NOT_SAME);
            return false;
        }

        return true;
    }

Implemented with r16289