phpsecurity icon indicating copy to clipboard operation
phpsecurity copied to clipboard
verified publisher icon padraic

checkIntegerRange seems bad

Open reductor opened this issue 10 years ago • 0 comments

Reading over: http://phpsecurity.readthedocs.org/en/latest/Input-Validation.html

The example of checkIntegerRange seems bad, if you pass an array the is_string fails and is_int passes because of the explicit conversion.

While this is safe, as I believe (array() <= int) is always false, the fact that it can reach this point is not ideal, someone could modify this function to instead just have the min which will pass.

(Have not tested on newer versions of PHP)

reductor avatar Dec 23 '15 11:12 reductor