Bug #60541 [Com]: FILTER_SANITIZE_NUMBER_INT fails to filter strings with plus and minus

Thu, 15 Dec 2011 16:18:04 -0800 

Edit report at https://bugs.php.net/bug.php?id=60541&edit=1

 ID:                 60541
 Comment by:         klaussilve...@php.net
 Reported by:        klaussilve...@php.net
 Summary:            FILTER_SANITIZE_NUMBER_INT fails to filter strings
                     with plus and minus
 Status:             Open
 Type:               Bug
 Package:            Filter related
 Operating System:   UNIX
 PHP Version:        5.3.8
 Block user comment: N
 Private report:     N

 New Comment:

The most elegant solution was to detect only + and - signs that are next to a 
number, and remove all others. For example:

filter_var("ad--td#$@++qsdh-3", FILTER_SANITIZE_NUMBER_INT); // returns -3

Right now, the filter behavior is: 

filter_var("ad--td#$@++qsdh-3", FILTER_SANITIZE_NUMBER_INT); // returns --++-3

Which is VERY bad and HORRIBLY wrong.


Previous Comments:
------------------------------------------------------------------------
[2011-12-16 00:07:42] klaussilve...@php.net

The following patch has been added/updated:

Patch Name: sanitize_integers
Revision:   1323994062
URL:        
https://bugs.php.net/patch-display.php?bug=60541&patch=sanitize_integers&revision=1323994062

------------------------------------------------------------------------
[2011-12-16 00:07:20] klaussilve...@php.net

Description:
------------
The filter_var FILTER_SANITIZE_NUMBER_INT filter fails to sanitize plus and 
minus 
signs in a string. This is the expected behavior, since + and - are accepted in 
an integer. However, the filter fails to recognize multiple + and -, returning 
an 
string instead of an integer.

For example: 

filter_var("I'm+captain4", FILTER_SANITIZE_NUMBER_INT; // returns +4, OK!
filter_var("I'm++captain4", FILTER_SANITIZE_NUMBER_INT; // returns ++4, FAILURE!

I wrote a small patch that makes the filter ignore + and - signs, which, i 
believe, it's the best behavior for this. 

Test script:
---------------
<?php

// Normal behavior
$a = filter_var("I'm+captainSp4rrow!", FILTER_SANITIZE_NUMBER_INT);
$b = filter_var("I'm+captain4", FILTER_SANITIZE_NUMBER_INT);

echo "$a and $b" . PHP_EOL;
echo $a + $b . PHP_EOL;

// Problems comes in when we have multiple minus or plus signs in the string
$a = filter_var("I'm++captainSp4rrow!", FILTER_SANITIZE_NUMBER_INT);
$b = filter_var("I'm++captain4", FILTER_SANITIZE_NUMBER_INT);

echo "$a and $b" . PHP_EOL;
echo $a + $b . PHP_EOL;

Expected result:
----------------
4 and 4
8
4 and 4
8



------------------------------------------------------------------------



-- 
Edit this bug report at https://bugs.php.net/bug.php?id=60541&edit=1

Reply via email to