#1128: Loose comparison makes AgaviEqualsValidator vulnerable
---------------------------+------------------------------------------------
Reporter: Dennis Meckel | Owner: dominik
Type: defect | Status: new
Priority: normal | Milestone: 1.0.2
Component: validation | Version: 1.0.1
Severity: normal | Keywords: hardening
Has_patch: 1 |
---------------------------+------------------------------------------------
when comparing numeric or similar (scientific notations, hex, numbers with
accidentally added whitespace) input, or comparing a float with an
integer, it is possible that AgaviEqualsValidator verifies different
values as equal.
to fix this behavior i would recommend to introduce a strict comparison
(value and type validation) mode (which should be enabled by default) to
be backwards compatible.
--
Ticket URL: <http://trac.agavi.org/ticket/1128>
Agavi <http://www.agavi.org/>
An MVC Framework for PHP5
_______________________________________________
Agavi Tickets Mailing List
[email protected]
http://lists.agavi.org/mailman/listinfo/tickets
