Numeric validation should use strlen() to check for value. [#1663098]

Currently, the numeric validation uses $this->value != '' to determine if the field has a value. However, PHP will convert '' to 0 when comparing against a numeric value. As a result, if $this->value is set to 0 then the condition will fail. I want a validation for a commerce price field to ensure that the value is greater than zero (I'm using 0.01 for the minimum) but it passes when zero is used. A simple solution would be to use strlen($this->value) to check for a value.

Comment	File	Size	Author
#6	strlen-for-numeric-1663098-6.patch	808 bytes	BassistJimmyJam
#1	strlen-for-numeric-1663098-1.patch	783 bytes	BassistJimmyJam

Comments

Comment #1

BassistJimmyJam commented 27 June 2012 at 17:48

Status:

Active

» Needs review

Status	File	Size
new	strlen-for-numeric-1663098-1.patch	783 bytes

Patch attached.

Comment #2

g089h515r806 commented 27 June 2012 at 23:19

Do you mean that you set 0.01 as the minimum value, but 0 is still could pass the validation?

Comment #3

BassistJimmyJam commented 28 June 2012 at 10:05

That is correct. Since 0 was considered an empty value, the validation would not actually run and would therefore pass.

Comment #4

g089h515r806 commented 28 June 2012 at 10:57

I have test it on my local site, add a test field,
add numeric validator to it, set minimum value = 3,

I enter 0 to test it, i get the error message. It works.

The value that post by a form is always a string. If you enter 0,
the actually value of "$this->value" is '0', not 0.

maybe you have converted '0' to 0 before validation.

Comment #5

g089h515r806 commented 28 June 2012 at 11:29

I have read the code of commerce, and find that it convert the price from string to numeric in its validate function which is called before field validation.

Maybe we could change the code to:

$this->value !== ''

It is more meaning full than using strlen at here.

Comment #6

BassistJimmyJam commented 28 June 2012 at 12:35

Status	File	Size
new	strlen-for-numeric-1663098-6.patch	808 bytes

That doesn't handle NULL values. While form submit should not include NULL values, a field type may change empty values similar to how commerce price converted the value to an integer. $this->value !== '' && !is_null($this->value) should handle that and I have updated my patch accordingly and verified that it still works as expected.

Comment #7

g089h515r806 commented 28 June 2012 at 14:09

patch commited.
Other validators still use :

$this->value != ''

Maybe we could change them later.

It is not a good idea to change the value of user input in validate function, however commece is a popular module, we need make this module compatable with it.

Comment #8

g089h515r806 commented 3 August 2012 at 10:59

Status:

Needs review

» Fixed

Comment #9

17 August 2012 at 11:01

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Numeric validation should use strlen() to check for value.

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

Comment #7

Comment #8

Comment #9

News items

Our community

Documentation

Drupal code base

Governance of community