[BUG]: bool filter getQuery() returned always true
$request->getQuery('boolParam', 'bool', true) always return true.
In Request on 1415
if filters !== null {
let filterService = this->getFilterService(),
value = filterService->sanitize(value, filters, noRecursive);
/**
* @todo Leave this here for PHP 7.4/8.0. Remove when appropriate.
* Some filters use filter_var which can return `false`
*/
if value === false {
return defaultValue;
}
}
The boolVal filter returns false or true, but this condition breaks the logic
if value === false {
return defaultValue;
}
Details
- Phalcon version: 8.1.22
- PHP Version: 5.1.3
I think it's because you have specified true for defaultValue.
This is a setting that returns true in the following cases where filtering fails.
・Specified key does not exist in $_GET
・The value corresponds to false
Other than these, there are only cases that are equivalent to true (including values cast to true), so I think that always returning true is not a bug but an incorrect usage.
If you use bool for filter, you should not specify defaultValue or specify false.
@s-ohnishi Substitute any value instead of true and it will always return this value if the parameter is false.
If I want to get always true, except for the case when I obviously didn't get false - is this a misuse? By passing false to the filter, I want to get false, not the default value of the filter. I still think it's a bug.
@Drummi42
except for the case when I obviously didn't get false
You want something different from normal behavior, right?
For example, if a checkbox is not checked, it will not even be sent.
In other words, you can receive true only if you specify it intentionally.
Shouldn't you do it like this in your case?
$bParam = $request->getQuery('boolParam', 'bool');
if ($bParam === false) {
// when `false` is specified explicitly
} else {
// other case
}
In fact, we use it this way :) But in that case, why then this bool filter?
why then this bool filter?
I think it's because you chose it.
However, without using bool filter, wouldn't it have been necessary to have an implementation that would distinguish between explicit false and non-existence?
Since it cannot be determined with empty($_GET['boolParam']), I think it was necessary to take a more complicated step.