Issues

ZF-12403: Cannot validate Date if end-user uses custom HTTP_ACCEPT_LANGUAGE

Issue Type: Bug Created: 2012-09-04T07:34:08.000+0000 Last Updated: 2013-04-05T16:07:21.000+0000 Status: Closed Fix version(s): Reporter: Adrien Crivelli (powerkiki) Assignee: Thomas Weidner (thomas) Tags: - Zend_Date

  • Zend_Locale
  • Zend_Validate

Related issues: Attachments:

Description

Date validation throw exception if the end-user enter custom values for HTTP_ACCEPT_LANGUAGE which are used internally in Zend_Locale. Those values are 'root', 'auto' and 'browser'.

I believe those internal values should never be accepted from end-user. However I can't wrap my mind around Zend_Locale well enough to provide a patch for that.

Here is a test script to be used via CLI (so we can manually set HTTP_ACCEPT_LANGUAGE):

<pre class="highlight"><?php
require_once('Zend/Version.php');
require_once('Zend/Locale.php');
require_once('Zend/Registry.php');
require_once('Zend/Validate/Date.php');

if (php_sapi_name() != 'cli')
    die('must run as CLI script');

// Extends Zend_Locale, so we can reset its state between tests
class Zend_LocaleReset extends Zend_Locale {
    public static function reset() {
        self::$_auto = null;
        self::$_browser = null;
        self::$_environment = null;
    }
}

function test($accept) 
{
    Zend_LocaleReset::reset();
    $_SERVER['HTTP_ACCEPT_LANGUAGE'] = $accept;

    $locale = new Zend_Locale();
    Zend_Registry::set('Zend_Locale', $locale);
    
    echo $accept . "\t=>\t" . $locale->getLanguage() . ': ';
    try {
        $validator = new Zend_Validate_Date(array('format' => 'Y-m-d'));
        $validator->isValid('2012-08-08');
        echo 'OK';
    } catch (Exception $exc) {
        echo $exc->getMessage();
    }
    echo PHP_EOL;
    
}

echo 'Zend Version: ' . Zend_Version::VERSION . PHP_EOL . PHP_EOL;
test(null);
test('');
test('en');
test('en-US,en;q=0.8,ko;q=0.6');
test('fr');
test('non valid string');
test('root');
test('auto');
test('browser');
test('environment');

It will output the following:

<pre class="highlight">$ php test.php 
Zend Version: 1.11.0dev

    =>  en: OK
    =>  en: OK
en  =>  en: OK
en-US,en;q=0.8,ko;q=0.6 =>  en: OK
fr  =>  fr: OK
non valid string    =>  en: OK
root    =>  root: The locale '' is no known locale
auto    =>  root: The locale '' is no known locale
browser =>  root: The locale '' is no known locale
environment =>  en: OK

Comments

Posted by fgibaux (fgibaux) on 2012-10-22T16:34:19.000+0000

In fact if the value of HTTP_ACCEPT_LANGUAGE is any word of letter up to 8 chars that is not a language or a country, it fails :

<pre class="highlight"> 
test('null');
test('top');

will output

<pre class="highlight"> 
null    =>      root: The locale '' is no known locale
top     =>      root: The locale '' is no known locale

A solution could be to validate input in static function getBrowser() of Zend_Locale :

something like this ??

<pre class="highlight">
if (!isset(self::$_localeData[$region]) && !isset(self::$_territoryData[$region])) {
    continue;
}
foreach ($countrys as $country) {

Posted by Ralph Schindler (ralph) on 2013-04-05T16:07:21.000+0000

This issue has been closed on Jira and moved to GitHub for issue tracking. To continue following the resolution of this issues, please visit: https://github.com/zendframework/zf1/issues/10

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts