CodeIgniter4
CodeIgniter4 copied to clipboard
codeigniter4
Bug: "integer" validation rule 500 error
PHP Version
8.1
CodeIgniter4 Version
4.2.5
CodeIgniter4 Installation Method
Manual (zip or tar.gz)
Which operating systems have you tested for this bug?
Linux
Which server did you use?
apache
Database
No response
What happened?
The validation rule "integer" fail as 500 error as below
{
"title": "TypeError",
"type": "TypeError",
"code": 500,
"message": "CodeIgniter\\Validation\\FormatRules::integer(): Argument #1 ($str) must be of type ?string, array given, called in /var/www/src/system/Validation/Validation.php on line 314",
"file": "/var/www/src/system/Validation/FormatRules.php",
"line": 132,
"trace": [
{
"file": "/var/www/src/system/Validation/Validation.php",
"line": 314,
"function": "integer",
"class": "CodeIgniter\\Validation\\FormatRules",
"type": "->",
"args": [
[],
null
]
},
{
"file": "/var/www/src/system/Validation/Validation.php",
"line": 163,
"function": "processRules",
"class": "CodeIgniter\\Validation\\Validation",
"type": "->",
...
That validation allows string numeric (not integer) as well
Steps to Reproduce
Validation rule used
protected $validationRules = [
'integerAcceptsStringNumeric' => 'integer',
'integerArrayError' => 'integer',
];
Data to validate
$data = [
'integerAcceptsStringNumeric' => '1',
'integerArrayError' => [],
];
Expected Output
Validation fail and return 400 if the value is not an integer
Anything else?
No response
@shishamo If you validate non string data, I recommend you use Strict Rules. See https://codeigniter4.github.io/CodeIgniter4/libraries/validation.html#traditional-and-strict-rules Traditional Rules may pass invalid type data.
That validation allows string numeric (not integer) as well
You want strict typed validation, so this is not a bug. You must use Strict Rules.
@kenjis I see thank you for the support
I set the strict rules and i have
'integerGreaterThan1' => 'is_int|greater_than_equal_to[1]
and i have an error as below
{
"title": "TypeError",
"type": "TypeError",
"code": 500,
"message": "CodeIgniter\\Validation\\Rules::greater_than_equal_to(): Argument #1 ($str) must be of type ?string, int given, called in /var/www/src/system/Validation/StrictRules/Rules.php on line 88",
"file": "/var/www/src/system/Validation/Rules.php",
"line": 72,
"trace": [
{
"file": "/var/www/src/system/Validation/StrictRules/Rules.php",
"line": 88,
"function": "greater_than_equal_to",
"class": "CodeIgniter\\Validation\\Rules",
"type": "->",
"args": [
5,
"0"
]
},
{
"file": "/var/www/src/system/Validation/Validation.php",
"line": 315,
"function": "greater_than_equal_to",
"class": "CodeIgniter\\Validation\\StrictRules\\Rules",
If i set the strict rules, does it mean than i cannot use the available rules in CI?
https://codeigniter4.github.io/CodeIgniter4/libraries/validation.html#available-rules
If i set the strict rules, does it mean than i cannot use the available rules in CI?
No, all rules should be avaliable, and if not it is a bug.
CodeIgniter\Validation\Rules::greater_than_equal_to(): Argument #1 ($str) must be of type ?string, int given, called in /var/www/src/system/Validation/StrictRules/Rules.php on line 88",
It is a bug.
Sorry i didn't get the question well but
In case of the client as below
{
"integerGreaterOrEqualTo1": 1,
}
Validation is true
{
"integerGreaterOrEqualTo1": "1",
}
Validation is false
Accepts only strict integer type greater or equal to 1
Thank you for your opinion.
Why "1" should be failed?
greater_than_equal_to Fails if field is less than the parameter value, or not numeric.
greater_than_equal_to does not seem to assume the value is int.
I need to be sure in the process of my api than the parameter in an integer I can cast it in int by myself but it think it's better if i can validate the data directly when the client sent it to the api
Maybe better to create a custom rule for that validation then?
I have a question. Is it ok if greater_than_equal_to can't handle numeric strings?
In that case, you can set the rule 'is_int|greater_than_equal_to[1]' if greater_than_equal_to[1] passes '1'.
the problem in that case is if the client send
{
"integerGreaterOrEqualTo1": "1",
}
there is no problem
but if he send
{
"integerGreaterOrEqualTo1": 1,
}
a 500 error occurs now
if the value of integerGreaterOrEqualTo1 is automatically cast in string numeric when validate i can handle it and cast it in int after but i looks a bit strange i think?
because php is_int function check the strict type and validate only integer https://www.php.net/manual/en/function.is-int.php
What is the consensus here? Is this a bug or not? If not, then we can close this and the related PR.
I think this is a bug, because Errors should not happen in validations.
If a user send unexpected value, an error will occur in the validation.
If we switch to use declare(strict_types=1), type errors will occur.
However, the default Validation rule originally cannot properly validate JSON data.
Since v4.3.0, Strict Validation Rules are used by default. See https://github.com/codeigniter4/CodeIgniter4/pull/6908
Does anyone want to fix this?
Why don't we make the traditional rules deprecated?
