[Agavi-Tickets] [Agavi] #1130: AgaviNumberValidator manipulates user input, following validators have the risk to operate with manipulated data

Agavi Sat, 01 Aug 2009 14:13:27 -0700

#1130: AgaviNumberValidator manipulates user input, following validators have 
the
risk to operate with manipulated data
---------------------------+------------------------------------------------
 Reporter:  Dennis Meckel  |       Owner:  dominik  
     Type:  defect         |      Status:  new      
 Priority:  high           |   Milestone:  1.0.2    
Component:  validation     |     Version:  1.0.1    
 Severity:  normal         |    Keywords:  hardening
Has_patch:  0              |  
---------------------------+------------------------------------------------
 AgaviNumberValidator loads the input by reference. while validation the
 input gets converted to (integer) or (float).


 an example: if the user submits "Hello World" to the validator, the value
 will be converted to int(0). the next validator which tries to grab the
 value will retrieve int(0) instead of string('Hello World').

-- 
Ticket URL: <http://trac.agavi.org/ticket/1130>
Agavi <http://www.agavi.org/>
An MVC Framework for PHP5



_______________________________________________
Agavi Tickets Mailing List
[email protected]
http://lists.agavi.org/mailman/listinfo/tickets

[Agavi-Tickets] [Agavi] #1130: AgaviNumberValidator manipulates user input, following validators have the risk to operate with manipulated data

Reply via email to