Backport fixes for comparison() and range() to 2.x

These fixes were released as a security update for 3.x, they also belong
in 2.x
This commit is contained in:
mark_story 2015-08-06 21:32:17 -04:00
parent 056f24a774
commit b7c9ac913d
2 changed files with 42 additions and 0 deletions

View file

@ -930,6 +930,25 @@ class ValidationTest extends CakeTestCase {
$this->assertFalse(Validation::comparison(7, '==', 6));
$this->assertFalse(Validation::comparison(7, 'not equal', 7));
$this->assertFalse(Validation::comparison(7, '!=', 7));
$this->assertTrue(Validation::comparison('6.5', '!=', 6));
$this->assertTrue(Validation::comparison('6.5', '<', 7));
}
/**
* Test comparison casting values before comparisons.
*
* @return void
*/
public function testComparisonTypeChecks() {
$this->assertFalse(Validation::comparison('\x028', '>=', 1), 'hexish encoding fails');
$this->assertFalse(Validation::comparison('0b010', '>=', 1), 'binary string data fails');
$this->assertFalse(Validation::comparison('0x01', '>=', 1), 'hex string data fails');
$this->assertFalse(Validation::comparison('0x1', '>=', 1), 'hex string data fails');
$this->assertFalse(Validation::comparison('\x028', '>=', 1.5), 'hexish encoding fails');
$this->assertFalse(Validation::comparison('0b010', '>=', 1.5), 'binary string data fails');
$this->assertFalse(Validation::comparison('0x02', '>=', 1.5), 'hex string data fails');
}
/**
@ -2004,6 +2023,22 @@ class ValidationTest extends CakeTestCase {
$this->assertFalse(Validation::range('word'));
}
/**
* Test range type checks
*
* @return void
*/
public function testRangeTypeChecks() {
$this->assertFalse(Validation::range('\x028', 1, 5), 'hexish encoding fails');
$this->assertFalse(Validation::range('0b010', 1, 5), 'binary string data fails');
$this->assertFalse(Validation::range('0x01', 1, 5), 'hex string data fails');
$this->assertFalse(Validation::range('0x1', 1, 5), 'hex string data fails');
$this->assertFalse(Validation::range('\x028', 1, 5), 'hexish encoding fails');
$this->assertFalse(Validation::range('0b010', 1, 5), 'binary string data fails');
$this->assertFalse(Validation::range('0x02', 1, 5), 'hex string data fails');
}
/**
* testExtension method
*

View file

@ -242,6 +242,10 @@ class Validation {
if (is_array($check1)) {
extract($check1, EXTR_OVERWRITE);
}
if ((float)$check1 != $check1) {
return false;
}
$operator = str_replace(array(' ', "\t", "\n", "\r", "\0", "\x0B"), '', strtolower($operator));
switch ($operator) {
@ -757,6 +761,9 @@ class Validation {
if (!is_numeric($check)) {
return false;
}
if ((float)$check != $check) {
return false;
}
if (isset($lower) && isset($upper)) {
return ($check > $lower && $check < $upper);
}