php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #67167 Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE
Submitted: 2014-05-01 11:40 UTC Modified: 2016-09-09 10:26 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: peter dot schultz at classmarkets dot com Assigned: cmb
Status: Closed Package: Filter related
PHP Version: 5.5.12 OS: Fedora 20
Private report: No CVE-ID:
 [2014-05-01 11:40 UTC] peter dot schultz at classmarkets dot com
Description:
------------
---
From manual page: http://www.php.net/filter.filters.validate
---

FILTER_VALIDATE_BOOLEAN with the FILTER_NULL_ON_FAILURE flag return false if the first argument is an object. According to the documentation it should be null.

Test script:
---------------
<?php

var_dump(filter_var(new \StdClass(), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE));'


Expected result:
----------------
NULL

Actual result:
--------------
bool(false)

Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-05-04 02:07 UTC] infinitythe7th at gmx dot net
This bug seems to exists since version 5.4.8 as discussed here:

http://stackoverflow.com/questions/21469275/php-5-4-filter-var-filter-validate-boolean-bug-or-change-from-5-3

and being testable here:

http://3v4l.org/PB6sp
 [2014-05-05 07:07 UTC] peter dot schultz at classmarkets dot com
Yes, passing null as the first argument seems to be broken too. Please note that there is a difference between passing null and an object though: http://3v4l.org/oFCpE
Passing an object never worked correctly.
 [2014-05-07 15:14 UTC] levim@php.net
-Status: Open +Status: Assigned -Package: *General Issues +Package: Filter related -Assigned To: +Assigned To: levim
 [2014-05-07 15:16 UTC] pajoye@php.net
Keep in mind that the problem (if you pass booleans as well) is the string conversion happening before the filter is called. Making all Boolean checks impossible.
 [2014-05-07 16:09 UTC] levim@php.net
It appears that pajoye is correct; there is a convert_to_string call that messes all of this up. I'm not exactly sure what to do; it seems a rewrite is necessary to fix this behavior and that is beyond my current skill level. I could just bypass the convert_to_string call and special case this bug but that seems like a really bad idea.
 [2014-05-08 05:06 UTC] levim@php.net
I have a fix pending for when an object that does not have a __toString method is passed. Based on existing code and bug reports, it seems that casting to a string is by-design; this means that passing null to filter_var would get cast to '' (empty string) which results in filter_var returning false, not NULL (see http://www.php.net/manual/en/filter.filters.validate.php)
 [2014-05-08 05:18 UTC] levim@php.net
I have a PR open for this issue; hopefully it will get resolved soon.
 [2014-05-08 05:18 UTC] infinitythe7th at gmx dot net
According to the Documentation here: http://www.php.net/manual/en/filter.filters.validate.php

The filter FILTER_VALIDATE_BOOLEAN with the flag FILTER_NULL_ON_FAILURE shall "[return] NULL [...] for all non-boolean values".

In my opinion "null" is clearly a non-boolean value, so i can't really understand why you would classify it returning false as being "by design".
 [2014-05-08 05:22 UTC] levim@php.net
Here's the exact quote:

> If FILTER_NULL_ON_FAILURE is set, FALSE is returned only for "0", "false", "off", "no", and "", and NULL is returned for all non-boolean values.

It seems I misread; that does sound like it should return null for anything that fails `is_bool`.
 [2014-05-08 05:56 UTC] levim@php.net
I think FILTER_VALIDATE_BOOLEAN with FILTER_NULL_ON_FAILURE should return null for an array, an object that doesn't have __toString(), null, and a resource. For objects with __toString it depends on the result of the cast; the same goes for floats and integers.

Sound good?
 [2014-05-08 06:04 UTC] infinitythe7th at gmx dot net
Not 100% sure about it, but that sounds as close to the documentation we have as I can see.
 [2014-05-08 07:32 UTC] pajoye@php.net
> It appears that pajoye is correct; there is a convert_to_string call that messes > all of this up. 

One solution, not very nice and hackish, is to add a test along:

if not (filter==boolean && type in (integer, boolean)) convert to string 
then call the filter
 [2015-09-02 13:48 UTC] cmb@php.net
> It appears that pajoye is correct; there is a convert_to_string
> call that messes all of this up.

I wonder why the first argument of filter_var() isn't string
instead of mixed.
 [2015-09-03 00:27 UTC] levim@php.net
Automatic comment on behalf of levim
Revision: http://git.php.net/?p=php-src.git;a=commit;h=432dc527adcbc3bf4809f6315350300d42c16c52
Log: Partially fix bug #67167 - Wrong return value...
 [2015-09-03 00:27 UTC] levim@php.net
-Status: Assigned +Status: Closed
 [2015-09-03 00:29 UTC] levim@php.net
-Status: Closed +Status: Re-Opened
 [2015-09-03 00:29 UTC] levim@php.net
I have applied a partial fix that works applies when you pass an object that doesn't have a `__toString` method. This will fix the specific code noted in test script, but won't fix some other cases (such as passing `null`)
 [2015-09-03 18:10 UTC] ab@php.net
Automatic comment on behalf of levim
Revision: http://git.php.net/?p=php-src.git;a=commit;h=432dc527adcbc3bf4809f6315350300d42c16c52
Log: Partially fix bug #67167 - Wrong return value...
 [2015-09-03 18:10 UTC] ab@php.net
-Status: Re-Opened +Status: Closed
 [2016-01-25 09:43 UTC] b-roeser at gmx dot net
Hi there,
Has this bugfix actually landed? If so, in which version, can't find it in the changelog.

I'm currently testing on PHP 5.6.11-1ubuntu3.1 and I can still reproduce the problem. Here is my test case:
<?php

class x {}

class y {
   public $m = 'n';

   function doStuff() {
      $this->m = 'l';
   }
}

$value = 'x';
var_dump(filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE));
// expected: NULL – works as expected

$value = new stdClass();
var_dump(filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE));
// expected: NULL – returns false

$value = new x();
var_dump(filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE));
// expected: NULL – returns false

$value = new y();
var_dump(filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE));
// expected: NULL – returns false


var_dump((string)$value);


This is the output I get:

NULL
bool(false)
bool(false)
bool(false)
PHP Catchable fatal error:  Object of class y could not be converted to string in /home/benedict/Repositories/wellid/testcase.php on line 30
PHP Stack trace:
PHP   1. {main}() /home/benedict/Repositories/wellid/testcase.php:0
benedict@minerva:~/Repositories/wellid$ vim testcase.php
benedict@minerva:~/Repositories/wellid$ php -f testcase.php 
NULL
bool(false)
bool(false)
bool(false)
PHP Catchable fatal error:  Object of class y could not be converted to string in /home/benedict/Repositories/wellid/testcase.php on line 30
PHP Stack trace:
PHP   1. {main}() /home/benedict/Repositories/wellid/testcase.php:0



As you can see, none of these have a __toString()-method.

Am I missing something?
 [2016-01-25 09:46 UTC] b-roeser at gmx dot net
Sorry, when pasting the output from the console, I pasted a little bit too much, hope it is still clear.
 [2016-07-20 11:36 UTC] davey@php.net
Automatic comment on behalf of levim
Revision: http://git.php.net/?p=php-src.git;a=commit;h=432dc527adcbc3bf4809f6315350300d42c16c52
Log: Partially fix bug #67167 - Wrong return value...
 [2016-09-09 10:26 UTC] cmb@php.net
-Status: Closed +Status: Re-Opened -Assigned To: levim +Assigned To: cmb
 [2016-09-09 10:26 UTC] cmb@php.net
> Has this bugfix actually landed? If so, in which version, can't
> find it in the changelog.

The fix has only be applied to PHP 7.0.0+, and indeed, it's
missing in the changelog. I'm going to backport to PHP 5.6.
 [2016-09-09 10:58 UTC] cmb@php.net
Automatic comment on behalf of levim
Revision: http://git.php.net/?p=php-src.git;a=commit;h=cb91a51b0052d512c0110ec934a23e263258e461
Log: Partially fix bug #67167 - Wrong return value...
 [2016-09-09 10:58 UTC] cmb@php.net
-Status: Re-Opened +Status: Closed
 [2016-10-17 10:08 UTC] bwoebi@php.net
Automatic comment on behalf of levim
Revision: http://git.php.net/?p=php-src.git;a=commit;h=cb91a51b0052d512c0110ec934a23e263258e461
Log: Partially fix bug #67167 - Wrong return value...
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Tue Aug 29 15:01:52 2017 UTC