Issues

ZF-6953: Identical should allow empty strings as valid token

Issue Type: Improvement Created: 2009-06-08T05:07:06.000+0000 Last Updated: 2009-06-25T12:50:44.000+0000 Status: Resolved Fix version(s): - 1.9.0 (31/Jul/09)

Reporter: Sebastian Krebs (kingcrunch) Assignee: Thomas Weidner (thomas) Tags: - Zend_Validate

Related issues: Attachments:

Description

Currently Zend_Validate_Identical use empty() to test, if there is a "MISSING_TOKEN" error, but this means, that an empty string would also be a "missing token". I think an empty string should be a valid token, because if i test an empty string against an empty string-token it is valid in my opinion.

I use this validator for password confirmation, but when i edit a user an empty password is allowed as it means "no change". At the other hand there is the NotEmpty-validator which will validate the case, that its not allowed to be empty. It seems confusing, that two identical (empty) strings are not compareable this way.

Comments

Posted by Sebastian Krebs (kingcrunch) on 2009-06-08T05:34:53.000+0000

A possible solution:

<pre class="highlight">class Zend_Validate_Identical extends Zend_Validate_Abstract
{
    // line 60
    protected $_token = null;

    // line 106
    public function isValid($value)
    {
        $this->_setValue($value);
        $token = $this->getToken();

        if (is_null($token)) {   // <----
            $this->_error(self::MISSING_TOKEN);
            return false;
        }

        if ($value !== $token)  {
            $this->_error(self::NOT_SAME);
            return false;
        }

        return true;
    }
}

or more simple (as setToken() cast to string anyway)

<pre class="highlight">    // line 106
    public function isValid($value)
    {
        $this->_setValue($value);
        $token = $this->getToken();

        if (!is_string($token)) {   // <----
            $this->_error(self::MISSING_TOKEN);
            return false;
        }

        if ($value !== $token)  {
            $this->_error(self::NOT_SAME);
            return false;
        }

        return true;
    }

Posted by Thomas Weidner (thomas) on 2009-06-25T12:50:35.000+0000

Implemented with r16289

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts