Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: Escaper fails to escape string "0" #16202

Closed
zacek opened this issue Nov 10, 2022 · 2 comments · Fixed by #16204
Closed

[BUG]: Escaper fails to escape string "0" #16202

zacek opened this issue Nov 10, 2022 · 2 comments · Fixed by #16204
Assignees
@niden
Labels
5.0 The issues we want to solve in the 5.0 release bug A bug report status: medium Medium

Comments

@zacek
Copy link

zacek commented Nov 10, 2022

In Phalcon\Html\Escaper::html(string input = null) the validation of the input string is not correct:

if !input {
    return "";
}

In PHP, the implicit conversion of string "0" to bool results to false. Therefore, string "0" is escaped to an empty string.
The correct validation should read

if input === null {
    return "";
}

How to reproduce:

php -r "var_export((new \Phalcon\Html\Escaper())->html('0'));"

Expected result is "0" and not an empty string.

Details

  • Phalcon version: 5.0.2 (Build Date Sep 28 2022 09:09:44)
  • PHP Version: 8.1.11
  • Operating System: CentOS Stream release 8
  • Installation type: via package manager
  • Zephir version (if any): Version 0.16.3
@zacek zacek added bug A bug report status: unverified Unverified labels Nov 10, 2022
@niden niden mentioned this issue Nov 11, 2022
Merged
5 tasks
@niden niden linked a pull request Nov 11, 2022 that will close this issue
T16202 - Escape::html zero string #16204
Merged
5 tasks
@niden niden self-assigned this Nov 11, 2022
@niden niden added status: medium Medium 5.0 The issues we want to solve in the 5.0 release and removed status: unverified Unverified labels Nov 11, 2022
@niden niden added this to Phalcon v5 Nov 11, 2022
@niden niden moved this to Backlog in Phalcon v5 Nov 11, 2022
@niden niden moved this from Backlog to In Progress in Phalcon v5 Nov 11, 2022
@Jeckerson
Copy link
Member

Fixed in #16204

Repository owner moved this from In Progress to Implemented in Phalcon v5 Nov 11, 2022
@niden
Copy link
Member

niden commented Nov 11, 2022

Thank you @zacek

@niden niden moved this from Implemented to Released in Phalcon v5 Jan 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@niden niden

Labels
5.0 The issues we want to solve in the 5.0 release bug A bug report status: medium Medium
Projects
Phalcon v5
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

T16202 - Escape::html zero string
3 participants
@niden @zacek @Jeckerson