PHP :: Bug #67167 :: Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON

Bug #67167

Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE

Submitted:

2014-05-01 11:40 UTC

Modified:

2019-03-18 10:19 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

peter dot schultz at classmarkets dot com

Assigned:

cmb (profile)

Status:

Closed

Package:

Filter related

PHP Version:

5.5.12

OS:

Fedora 20

Private report:

CVE-ID:

None

View Developer Edit

[2014-05-01 11:40 UTC] peter dot schultz at classmarkets dot com

Description:
------------
---
From manual page: http://www.php.net/filter.filters.validate
---

FILTER_VALIDATE_BOOLEAN with the FILTER_NULL_ON_FAILURE flag return false if the first argument is an object. According to the documentation it should be null.

Test script:
---------------
<?php

var_dump(filter_var(new \StdClass(), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE));'


Expected result:
----------------
NULL

Actual result:
--------------
bool(false)

Patches

Pull Requests

Pull requests:

Bug 67167: Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE (php-src/666)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-05-04 02:07 UTC] infinitythe7th at gmx dot net

This bug seems to exists since version 5.4.8 as discussed here:

http://stackoverflow.com/questions/21469275/php-5-4-filter-var-filter-validate-boolean-bug-or-change-from-5-3

and being testable here:

http://3v4l.org/PB6sp

[2014-05-05 07:07 UTC] peter dot schultz at classmarkets dot com

Yes, passing null as the first argument seems to be broken too. Please note that there is a difference between passing null and an object though: http://3v4l.org/oFCpE
Passing an object never worked correctly.

[2014-05-07 15:14 UTC] levim@php.net

-Status: Open +Status: Assigned -Package: *General Issues +Package: Filter related -Assigned To: +Assigned To: levim

[2014-05-07 15:16 UTC] pajoye@php.net

Keep in mind that the problem (if you pass booleans as well) is the string conversion happening before the filter is called. Making all Boolean checks impossible.

[2014-05-07 16:09 UTC] levim@php.net

It appears that pajoye is correct; there is a convert_to_string call that messes all of this up. I'm not exactly sure what to do; it seems a rewrite is necessary to fix this behavior and that is beyond my current skill level. I could just bypass the convert_to_string call and special case this bug but that seems like a really bad idea.

[2014-05-08 05:06 UTC] levim@php.net

I have a fix pending for when an object that does not have a __toString method is passed. Based on existing code and bug reports, it seems that casting to a string is by-design; this means that passing null to filter_var would get cast to '' (empty string) which results in filter_var returning false, not NULL (see http://www.php.net/manual/en/filter.filters.validate.php)

[2014-05-08 05:18 UTC] levim@php.net

I have a PR open for this issue; hopefully it will get resolved soon.

[2014-05-08 05:18 UTC] infinitythe7th at gmx dot net

According to the Documentation here: http://www.php.net/manual/en/filter.filters.validate.php

The filter FILTER_VALIDATE_BOOLEAN with the flag FILTER_NULL_ON_FAILURE shall "[return] NULL [...] for all non-boolean values".

In my opinion "null" is clearly a non-boolean value, so i can't really understand why you would classify it returning false as being "by design".

[2014-05-08 05:22 UTC] levim@php.net

Here's the exact quote:

> If FILTER_NULL_ON_FAILURE is set, FALSE is returned only for "0", "false", "off", "no", and "", and NULL is returned for all non-boolean values.

It seems I misread; that does sound like it should return null for anything that fails `is_bool`.

[2014-05-08 05:56 UTC] levim@php.net

I think FILTER_VALIDATE_BOOLEAN with FILTER_NULL_ON_FAILURE should return null for an array, an object that doesn't have __toString(), null, and a resource. For objects with __toString it depends on the result of the cast; the same goes for floats and integers.

Sound good?

[2014-05-08 06:04 UTC] infinitythe7th at gmx dot net

Not 100% sure about it, but that sounds as close to the documentation we have as I can see.

[2014-05-08 07:32 UTC] pajoye@php.net

> It appears that pajoye is correct; there is a convert_to_string call that messes > all of this up. 

One solution, not very nice and hackish, is to add a test along:

if not (filter==boolean && type in (integer, boolean)) convert to string 
then call the filter

[2015-09-02 13:48 UTC] cmb@php.net

> It appears that pajoye is correct; there is a convert_to_string
> call that messes all of this up.

I wonder why the first argument of filter_var() isn't string
instead of mixed.

[2015-09-03 00:27 UTC] levim@php.net

Automatic comment on behalf of levim
Revision: http://git.php.net/?p=php-src.git;a=commit;h=432dc527adcbc3bf4809f6315350300d42c16c52
Log: Partially fix bug #67167 - Wrong return value...

[2015-09-03 00:27 UTC] levim@php.net

-Status: Assigned +Status: Closed

[2015-09-03 00:29 UTC] levim@php.net

-Status: Closed +Status: Re-Opened

[2015-09-03 00:29 UTC] levim@php.net

I have applied a partial fix that works applies when you pass an object that doesn't have a `__toString` method. This will fix the specific code noted in test script, but won't fix some other cases (such as passing `null`)

[2015-09-03 18:10 UTC] ab@php.net

Automatic comment on behalf of levim
Revision: http://git.php.net/?p=php-src.git;a=commit;h=432dc527adcbc3bf4809f6315350300d42c16c52
Log: Partially fix bug #67167 - Wrong return value...

[2015-09-03 18:10 UTC] ab@php.net

-Status: Re-Opened +Status: Closed

[2016-01-25 09:43 UTC] b-roeser at gmx dot net

Hi there,
Has this bugfix actually landed? If so, in which version, can't find it in the changelog.

I'm currently testing on PHP 5.6.11-1ubuntu3.1 and I can still reproduce the problem. Here is my test case:
<?php

class x {}

class y {
   public $m = 'n';

   function doStuff() {
      $this->m = 'l';
   }
}

$value = 'x';
var_dump(filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE));
// expected: NULL – works as expected

$value = new stdClass();
var_dump(filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE));
// expected: NULL – returns false

$value = new x();
var_dump(filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE));
// expected: NULL – returns false

$value = new y();
var_dump(filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE));
// expected: NULL – returns false


var_dump((string)$value);


This is the output I get:

NULL
bool(false)
bool(false)
bool(false)
PHP Catchable fatal error:  Object of class y could not be converted to string in /home/benedict/Repositories/wellid/testcase.php on line 30
PHP Stack trace:
PHP   1. {main}() /home/benedict/Repositories/wellid/testcase.php:0
benedict@minerva:~/Repositories/wellid$ vim testcase.php
benedict@minerva:~/Repositories/wellid$ php -f testcase.php 
NULL
bool(false)
bool(false)
bool(false)
PHP Catchable fatal error:  Object of class y could not be converted to string in /home/benedict/Repositories/wellid/testcase.php on line 30
PHP Stack trace:
PHP   1. {main}() /home/benedict/Repositories/wellid/testcase.php:0



As you can see, none of these have a __toString()-method.

Am I missing something?

[2016-01-25 09:46 UTC] b-roeser at gmx dot net

Sorry, when pasting the output from the console, I pasted a little bit too much, hope it is still clear.

[2016-07-20 11:36 UTC] davey@php.net

Automatic comment on behalf of levim
Revision: http://git.php.net/?p=php-src.git;a=commit;h=432dc527adcbc3bf4809f6315350300d42c16c52
Log: Partially fix bug #67167 - Wrong return value...

[2016-09-09 10:23 UTC] cmb@php.net

Related To: Bug #73054

[2016-09-09 10:26 UTC] cmb@php.net

-Status: Closed +Status: Re-Opened -Assigned To: levim +Assigned To: cmb

[2016-09-09 10:26 UTC] cmb@php.net

> Has this bugfix actually landed? If so, in which version, can't
> find it in the changelog.

The fix has only be applied to PHP 7.0.0+, and indeed, it's
missing in the changelog. I'm going to backport to PHP 5.6.

[2016-09-09 10:58 UTC] cmb@php.net

Automatic comment on behalf of levim
Revision: http://git.php.net/?p=php-src.git;a=commit;h=cb91a51b0052d512c0110ec934a23e263258e461
Log: Partially fix bug #67167 - Wrong return value...

[2016-09-09 10:58 UTC] cmb@php.net

-Status: Re-Opened +Status: Closed

[2016-10-17 10:08 UTC] bwoebi@php.net

Automatic comment on behalf of levim
Revision: http://git.php.net/?p=php-src.git;a=commit;h=cb91a51b0052d512c0110ec934a23e263258e461
Log: Partially fix bug #67167 - Wrong return value...

[2019-03-18 09:59 UTC] lebadap at gmail dot com

Hi guys,

Either this problem persist or i am doing something wrong here.I have PHP version 7.3.1 and the output of this:

filter_var(null, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE)

is false, when it should be null according to the docs

Any ideas?

[2019-03-18 10:19 UTC] cmb@php.net

> is false, when it should be null according to the docs

No.  The filter_var() docs[1] state:

| Note that scalar values are converted to string internally
| before they are filtered.

So basically you're calling:

  filter_var('', FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE)

However, FILTER_VALIDATE_BOOLEAN is documented[2] to:

| If FILTER_NULL_ON_FAILURE is set, FALSE is returned only for
| "0", "false", "off", "no", and "" […]

So the behavior complies to the documentation.

[1] <http://php.net/manual/en/function.filter-var.php>
[2] <http://de2.php.net/manual/en/filter.filters.validate.php>

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 11:01:29 2024 UTC