Bug #62633 [Nab]: strcasecmp does not warn user if both params are not strings

Mon, 23 Jul 2012 10:20:18 -0700 

Edit report at https://bugs.php.net/bug.php?id=62633&edit=1

 ID:                 62633
 User updated by:    iam4webwork at hotmail dot com
 Reported by:        iam4webwork at hotmail dot com
 Summary:            strcasecmp does not warn user if both params are not
                     strings
 Status:             Not a bug
 Type:               Bug
 Package:            Scripting Engine problem
 PHP Version:        Irrelevant
 Block user comment: N
 Private report:     N

 New Comment:

If the PHP version of strcasecmp were to behave like the PHP version of strcmp 
in terms of handling a Boolean as input wouldn't that be more intelligent than 
allowing the C version of STRCASECMP to accept a parameter that is not 
terminated with a null string (see https://buildsecurityin.us-cert.gov/bsi-
rules/home/g1/847-BSI.html re security issues: DOS)?

Also, whereas weakly-typed is a design feature, it should not become a mantra 
in 
its own right.  If a built-in function is expecting parameters of a certain 
type 
and an event occurs where the wrong parameters are provided shouldn't the user 
be alerted? Or, is the onus that of the programmer?


Previous Comments:
------------------------------------------------------------------------
[2012-07-23 01:08:46] ahar...@php.net

PHP is a weakly typed language by design: if a scalar can be coerced into the 
type that a function expects, it will be.

Expected behaviour → not a bug.

------------------------------------------------------------------------
[2012-07-22 21:23:23] iam4webwork at hotmail dot com

I believe that somewhere the underlying C source code is converting the PHP 
TRUE, 
i.e. 1 to "1"

------------------------------------------------------------------------
[2012-07-22 21:19:42] iam4webwork at hotmail dot com

Description:
------------
When I provide strcasecmp with two parameters where one is TRUE and the other 
is a 
string, php does not generate a warning to say that the first parameter needs 
to 
be a string and silently converts TRUE to "1" and executes.



Test script:
---------------
<?php

var_dump(strcasecmp(TRUE, "bob"));

// -49



Expected result:
----------------
I expected a parser error message.

Actual result:
--------------
-49


------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=62633&edit=1

Reply via email to