cphalcon icon indicating copy to clipboard operation
cphalcon copied to clipboard
verified publisher icon phalcon

[BUG]: bool filter getQuery() returned always true

Open Drummi42 opened this issue 2 years ago • 5 comments

$request->getQuery('boolParam', 'bool', true) always return true.

In Request on 1415

if filters !== null {
    let filterService = this->getFilterService(),
    value = filterService->sanitize(value, filters, noRecursive);

    /**
    * @todo Leave this here for PHP 7.4/8.0. Remove when appropriate.
    * Some filters use filter_var which can return `false`
    */
    if value === false {
         return defaultValue;
    }
}

The boolVal filter returns false or true, but this condition breaks the logic

if value === false {
    return defaultValue;
}

Details

  • Phalcon version: 8.1.22
  • PHP Version: 5.1.3

Drummi42 avatar Sep 26 '23 09:09 Drummi42

I think it's because you have specified true for defaultValue. This is a setting that returns true in the following cases where filtering fails. ・Specified key does not exist in $_GET ・The value corresponds to false

Other than these, there are only cases that are equivalent to true (including values cast to true), so I think that always returning true is not a bug but an incorrect usage.

If you use bool for filter, you should not specify defaultValue or specify false.

s-ohnishi avatar Nov 24 '23 00:11 s-ohnishi

@s-ohnishi Substitute any value instead of true and it will always return this value if the parameter is false.

If I want to get always true, except for the case when I obviously didn't get false - is this a misuse? By passing false to the filter, I want to get false, not the default value of the filter. I still think it's a bug.

Drummi42 avatar Nov 24 '23 14:11 Drummi42

@Drummi42

except for the case when I obviously didn't get false

You want something different from normal behavior, right?

For example, if a checkbox is not checked, it will not even be sent. In other words, you can receive true only if you specify it intentionally.

Shouldn't you do it like this in your case?

$bParam = $request->getQuery('boolParam', 'bool');
if ($bParam === false) {
    // when `false` is specified explicitly
} else {
    // other case
}

s-ohnishi avatar Nov 24 '23 14:11 s-ohnishi

In fact, we use it this way :) But in that case, why then this bool filter?

Drummi42 avatar Nov 24 '23 14:11 Drummi42

why then this bool filter?

I think it's because you chose it. However, without using bool filter, wouldn't it have been necessary to have an implementation that would distinguish between explicit false and non-existence? Since it cannot be determined with empty($_GET['boolParam']), I think it was necessary to take a more complicated step.

s-ohnishi avatar Nov 24 '23 14:11 s-ohnishi