adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-19 02:56:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Disallow hexadecimal input with inList.

Browse source 
Instead of turning on/off strict mode based on the user supplied input,
cast everything to strings and always use a strict check. This avoids
the potential issue of a bad user using hexadecimal when they should not
be allowed to do so. Thanks to 'Kurita Takashi' for pointing this out.
This commit is contained in:
mark_story 2014-07-03 22:10:49 -04:00
parent 1988e89e73
commit 3936cce4b8
2 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/Cake/Test/Case/Utility/ValidationTest.php
View file

@ -1979,6 +1979,10 @@ class ValidationTest extends CakeTestCase {
$this->assertFalse(Validation::inList(2, array('1', '2x', '3')));
$this->assertFalse(Validation::inList('One', array('one', 'two')));
// No hexadecimal for numbers.
$this->assertFalse(Validation::inList('0x7B', array('ABC', '123')));
$this->assertFalse(Validation::inList('0x7B', array('ABC', 123)));
// case insensitive
$this->assertTrue(Validation::inList('one', array('One', 'Two'), true));
$this->assertTrue(Validation::inList('Two', array('one', 'two'), true));

7
lib/Cake/Utility/Validation.php
View file

@ -800,14 +800,13 @@ class Validation {
* @return bool Success.
*/
public static function inList($check, $list, $caseInsensitive = false) {
$strict = !is_numeric($check);
if ($caseInsensitive) {
$list = array_map('mb_strtolower', $list);
$check = mb_strtolower($check);
} else {
$list = array_map('strval', $list);
}
return in_array((string)$check, $list, $strict);
return in_array((string)$check, $list, true);
}
/**