Hello, Would you mind creating an issue in the JIRA issue tracker for this, please? Here is a link to create an issue:
http://framework.zend.com/issues/secure/CreateIssue!default.jspa If you do not yet have posting privileges, you can request posting privileges by mailing [EMAIL PROTECTED] Thank you for the report! Best regards, Darby Doctorrock wrote: > Hi , I see that Zend_Filter_Input is dead. Right. > I have an improvement to ask : > > While using Zend_Filter_StringToLower::filter() as well as > Zend_Filter_StringTrim::filter() as well as any filter function that > expects a string to be passed as param; you should cast the param to > String in the function : > > StringToLower.php before : > class Zend_Filter_StringToLower implements Zend_Filter_Interface > { > public function filter($value) > { > return strtolower($value); > } > } > > > StringToLower.php after (asked) : > class Zend_Filter_StringToLower implements Zend_Filter_Interface > { > public function filter($value) > { > return strtolower( (string)$value); > } > } > > > That is, think about that use case : > > GET /mypage.php?my_message='Hi' HTTP 1.1 > (...) > > Zend_Filter_StringToLower::filter($_GET['my_message']); > > will output 'hi' ; all right. > > > Now consider this use : > GET /mypage.php?my_message[]='Hi' HTTP 1.1 > (...) > > Zend_Filter_StringToLower::filter($_GET['my_message']); > > Note that my_message is passed as an array, anyone can modify the type > of params in the URL for a GET request, thus generating in that case a > *Notice *: Array to string conversion in *my\file\dot\php* on line my_line. > > Some of you would say that it's the programmer's job to cast the GET > variable manually type before passing it to the filter, by I personally > think that the filter function should do it by itself, as it expects a > string in all cases, and nothing else... >
