Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC]: StringLength validator handling of malformed multibyte input #296

Closed
gsteel opened this issue Jun 26, 2024 · 2 comments · Fixed by #303
Closed

[RFC]: StringLength validator handling of malformed multibyte input #296

gsteel opened this issue Jun 26, 2024 · 2 comments · Fixed by #303
Assignees
@gsteel
Labels
Enhancement
Milestone
3.0.0

Comments

@gsteel
Copy link
Member

gsteel commented Jun 26, 2024

RFC

Q A
Proposed Version(s) 3.0.0
BC Break? No

Background

In #278 the string length validator is changed so that malformed multibyte input, rejected by the underlying string wrapper, will cause a predictable exception.

Previously, in the 2.x series, errors, warnings and exceptions would propagate directly from function calls such as mb_strlen and the string wrapper.

Questions

Before releasing 3.0, it's worth addressing whether it would be a better course of action for this type of issue to become a validation failure or not

If consesus is that this condition should be a validation failure instead of an exception, should errors and warnings from iconv/mbstring/intl be silenced?
@gsteel gsteel added the RFC label Jun 26, 2024
@gsteel gsteel added this to the 3.0.0 milestone Jun 26, 2024
@gsteel
Copy link
Member Author

gsteel commented Jun 26, 2024

Paging @laminas/technical-steering-committee for comment

@Ocramius
Copy link
Member

I would say that rejecting invalid input is better than crashing or silently accepting something potentially malicious.

Validation failure > exception > other handling here.

@gsteel gsteel mentioned this issue Jul 2, 2024
Merged
@froschdesign froschdesign linked a pull request Jul 2, 2024 that will close this issue
Change Malformed Multi-Byte input handling in StringLength #303
Merged
@gsteel gsteel self-assigned this Jul 3, 2024
@gsteel gsteel added Enhancement and removed RFC labels Jul 3, 2024
@gsteel gsteel closed this as completed Jul 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gsteel gsteel

Labels
Enhancement
Projects
None yet
Milestone
3.0.0
Development

Successfully merging a pull request may close this issue.

Change Malformed Multi-Byte input handling in StringLength gsteel/laminas-validator
2 participants
@Ocramius @gsteel