adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-09-05 02:52:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Disallow hexadecimal input with inList.

Browse source 
Instead of turning on/off strict mode based on the user supplied input,
cast everything to strings and always use a strict check. This avoids
the potential issue of a bad user using hexadecimal when they should not
be allowed to do so. Thanks to 'Kurita Takashi' for pointing this out.
This commit is contained in:
mark_story 2014-07-03 22:10:49 -04:00
parent 1988e89e73
commit 3936cce4b8
2 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/Cake/Test/Case/Utility/ValidationTest.php
View file

@ -1979,6 +1979,10 @@ class ValidationTest extends CakeTestCase {
$this->assertFalse(Validation::inList(2, array('1', '2x', '3')));
$this->assertFalse(Validation::inList('One', array('one', 'two')));
// No hexadecimal for numbers.
$this->assertFalse(Validation::inList('0x7B', array('ABC', '123')));
$this->assertFalse(Validation::inList('0x7B', array('ABC', 123)));
// case insensitive
$this->assertTrue(Validation::inList('one', array('One', 'Two'), true));
$this->assertTrue(Validation::inList('Two', array('one', 'two'), true));