From cfe782b3f5adfcdb369e13a1dd3e376e8d53b9f0 Mon Sep 17 00:00:00 2001 From: Bizley Date: Wed, 10 Mar 2021 22:40:34 +0100 Subject: [PATCH] Fix #18544: Fix `yii\validators\NumberValidator` to disallow values with whitespaces --- framework/CHANGELOG.md | 1 + framework/UPGRADE.md | 7 +++++++ framework/validators/NumberValidator.php | 6 +++--- tests/framework/validators/NumberValidatorTest.php | 24 +++++++++++++++++++++- 4 files changed, 34 insertions(+), 4 deletions(-) diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index 32ec0bc..e4e1466 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -4,6 +4,7 @@ Yii Framework 2 Change Log 2.0.42 under development ------------------------ +- Bug #18544: Fix `yii\validators\NumberValidator` to disallow values with whitespaces (bizley) - Bug #18552: Fix bug with `yii\data\SqlDataProvider` not properly handling SQL with `ORDER BY` clause (bizley) diff --git a/framework/UPGRADE.md b/framework/UPGRADE.md index b5352ab..5a35880 100644 --- a/framework/UPGRADE.md +++ b/framework/UPGRADE.md @@ -51,6 +51,13 @@ if you want to upgrade from version A to version C and there is version B between A and C, you need to follow the instructions for both A and B. +Upgrade from Yii 2.0.41 +----------------------- + +* `NumberValidator` (`number`, `double`, `integer`) does not allow values with leading or terminating (non-trimmed) + white spaces anymore. If your application expects non-trimmed values provided to this validator make sure to trim + them first (i.e. by using `trim` / `filter` "validators"). + Upgrade from Yii 2.0.40 ----------------------- diff --git a/framework/validators/NumberValidator.php b/framework/validators/NumberValidator.php index e6fca0f..77ce53d 100644 --- a/framework/validators/NumberValidator.php +++ b/framework/validators/NumberValidator.php @@ -49,12 +49,12 @@ class NumberValidator extends Validator /** * @var string the regular expression for matching integers. */ - public $integerPattern = '/^\s*[+-]?\d+\s*$/'; + public $integerPattern = '/^[+-]?\d+$/'; /** * @var string the regular expression for matching numbers. It defaults to a pattern * that matches floating numbers with optional exponential part (e.g. -1.23e-10). */ - public $numberPattern = '/^\s*[-+]?[0-9]*\.?[0-9]+([eE][-+]?[0-9]+)?\s*$/'; + public $numberPattern = '/^[-+]?[0-9]*\.?[0-9]+([eE][-+]?[0-9]+)?$/'; /** @@ -118,7 +118,7 @@ class NumberValidator extends Validator return null; } - /* + /** * @param mixed $value the data value to be checked. */ private function isNotNumber($value) diff --git a/tests/framework/validators/NumberValidatorTest.php b/tests/framework/validators/NumberValidatorTest.php index 443cba9..a277313 100644 --- a/tests/framework/validators/NumberValidatorTest.php +++ b/tests/framework/validators/NumberValidatorTest.php @@ -313,7 +313,7 @@ class NumberValidatorTest extends TestCase $model->attr_number = $fp; $val->validateAttribute($model, 'attr_number'); $this->assertTrue($model->hasErrors('attr_number')); - + // the check is here for HHVM that // was losing handler for unknown reason if (is_resource($fp)) { @@ -332,6 +332,28 @@ class NumberValidatorTest extends TestCase $val->validateAttribute($model, 'attr_number'); $this->assertFalse($model->hasErrors('attr_number')); } + + /** + * @see https://github.com/yiisoft/yii2/issues/18544 + */ + public function testNotTrimmedStrings() + { + $val = new NumberValidator(['integerOnly' => true]); + $this->assertFalse($val->validate(' 1 ')); + $this->assertFalse($val->validate(' 1')); + $this->assertFalse($val->validate('1 ')); + $this->assertFalse($val->validate("\t1\t")); + $this->assertFalse($val->validate("\t1")); + $this->assertFalse($val->validate("1\t")); + + $val = new NumberValidator(); + $this->assertFalse($val->validate(' 1.1 ')); + $this->assertFalse($val->validate(' 1.1')); + $this->assertFalse($val->validate('1.1 ')); + $this->assertFalse($val->validate("\t1.1\t")); + $this->assertFalse($val->validate("\t1.1")); + $this->assertFalse($val->validate("1.1\t")); + } } class TestClass