ID: 40947 Updated by: [EMAIL PROTECTED] Reported By: exaton at free dot fr -Status: Bogus +Status: Assigned -Bug Type: Filter related +Bug Type: Compile Warning Operating System: WinXP SP2, Debian PHP Version: 5.2.1 -Assigned To: pajoye +Assigned To: derick
Previous Comments: ------------------------------------------------------------------------ [2007-03-29 12:45:19] [EMAIL PROTECTED] "filter_var_array() certainly does work on an argument => definition basis, but as the manual states (re. my quote)," There is a mistake in the manual. It was not thought and implemented to follow this definition. The common function is used to filter an array of value with one or many filters but it is not related to the public API (filter_var and filter_var_array). "filter_var_array() certainly does work on an argument => definition basis, but as the manual states (re. my quote)," There is BC reason here. The initial code allows or not array of values (of same type). "Lines 818-820, within PHP_FUNCTION(filter_var_array), the test Z_TYPE_PP(op) == IS_LONG && !PHP_FILTER_ID_EXISTS(Z_LVAL_PP(op)) clearly states that op, in essence the second parameter, may be an integer (that test is next to || Z_TYPE_PP(op) != IS_ARRAY, which allows...." "IS_LONG && EXISTS" means: The filter ID must be an integer and the ID must exist. It accpepts array as the filter options/flags/id can be given as an array, in this case the ID validation is done later. In any case, if you provide an invalid filter ID, the complete call is invalid as your code obviously has a (critical) bug. "Hey I've found the bug ^^" Sorry, this is not a bug but the expected behavior :) If you like to filter an array of values using one filter, please use filter_var or provide a one definition. ------------------------------------------------------------------------ [2007-03-29 12:39:35] [EMAIL PROTECTED] Pierre, I believe the function that filters array should return array by default without any additional flags. The documentation agrees with me, so something definitely should be fixed - either the docs or the function. I prefer fixing the function and Derick said he'll take a look at it. ------------------------------------------------------------------------ [2007-03-29 12:28:32] exaton at free dot fr Hi Tony, Derick, Pierre-Alain, Thank you for your extremely speedy feedback on this issue. I believe that it does still remain, however. Regarding filter_var($a, FILTER_VALIDATE_INT, FILTER_REQUIRE_ARRAY) : that is indeed the second piece of code that I presented, to illustrate the expected result. I had placed the FILTER_REQUIRE_ARRAY flag in an option array, superfluously but to the same effect, I agree. filter_var_array() certainly does work on an argument => definition basis, but as the manual states (re. my quote), "This [second parameter to the filter_var_array() function] can be also an integer holding a filter constant. Then all values in the input array are filtered by this filter.". A good look at the underlying code in CVS confirms this. I am looking at .../php-src/ext/filter/filter.c?revision=1.52.2.38&view=markup and I see : Lines 818-820, within PHP_FUNCTION(filter_var_array), the test Z_TYPE_PP(op) == IS_LONG && !PHP_FILTER_ID_EXISTS(Z_LVAL_PP(op)) clearly states that op, in essence the second parameter, may be an integer (that test is next to || Z_TYPE_PP(op) != IS_ARRAY, which allows.... Hey I've found the bug ^^ OK, so those lines say "if the second parameter (op) is a number but does not refer to an existing filter ID, ***or*** if op is not an array, then RETURN_FALSE". That should be *and*, not or ! If the second parameter is not an existing filter ID constant *and* if it is not an array, then it is not valid. I was going to follow the rest of the trail, through to php_filter_array_handler() (called on line 823) and then php_filter_call() (called on line 649 with FILTER_REQUIRE_ARRAY, hence the equivalence of the two pieces of PHP code, they converge here)... but I think that the problem is on line 819, where there should be && and not ||. Thanks again :) ------------------------------------------------------------------------ [2007-03-29 12:02:18] [EMAIL PROTECTED] What you are looking for is: $c = filter_var($a, FILTER_VALIDATE_INT,FILTER_REQUIRE_ARRAY ); (Use FILTER_FORCE_ARRAY if you like to always get an array in return, no matter if $a is an array or not). filter_var_array works on a argument => definition basis, not to apply the same filter to all input. ------------------------------------------------------------------------ [2007-03-29 10:25:53] exaton at free dot fr Description: ------------ [Tested on Windows XP SP2 / Apache 2.0.55 and on a Debian with kernel 2.6.16 / Apache 2.0.54 / PHP having the Suhosin-Patch applied]. Hello, While reading http://phpro.org/tutorials/Filtering-Data-with-PHP.html, a tutorial on using the new PHP Filter extension, I came across a simple test case that fails unexpectedly. $a = array(10, "109", "", "-1234", "some text", "asdf234asdfgs", array()); var_dump(filter_var_array($a, FILTER_VALIDATE_INT)); Produces bool(false). I would have expected it to produce the same result at : var_dump(filter_var($a, FILTER_VALIDATE_INT, array( 'flags' => FILTER_REQUIRE_ARRAY ))); which displays array(7) { [0]=> int(10) [1]=> int(109) [2]=> bool(false) [3]=> int(-1234) [4]=> bool(false) [5]=> bool(false) [6]=> array(0) { } } (int values for valid int entries, bool(false) for invalid entries, as shown in the tutorial). The manual entry for filter_var_array() indicates, regarding the second parameter : "This parameter can be also an integer holding a filter constant. Then all values in the input array are filtered by this filter.". I looked at the code of ext/filter in CVS and saw that this behavior seems to be applied, boiling everything down to a single function. I could not follow the code precisely enough (for lack of experience with PHP internals) to locate a significant divergence, however. On another note, the manual entry for filter_var_array() provides a code sample containing some constants which do not appear on the manual entry for the Filter extension ; namely, FILTER_FLAG_ARRAY and FILTER_FLAG_SCALAR. In the manual entry for filter_input_array(), which gives the same code sample, these constants have been changed to the existing FILTER_REQUIRE_ARRAY and FILTER_REQUIRE_SCALAR. Thanks in advance ! ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=40947&edit=1
