[#14156] - JInput::getFloat() does not interpret ".x" values correctly
- Closed
- 2 May 2017
- Low
- Build: 3.6.5
- # 14156
Steps to reproduce the issue
$in = JApplicationCms::getInstance()->input;
die($in->getFloat('testFloat',0.0));
Navigate to the page and add the $_GET parameter testFloat=.25
Expected result
Blank page except for the text ".25"
Actual result
Blank page except for the text "25"
System information (as much as possible)
Joomla! Version Joomla! 3.6.5 Stable [ Noether ] 1-December-2016 22:46 GMT
Web Server Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/7.0.16
PHP Built On Linux jbdev01 3.10.0-327.22.2.el7.x86_64 #1 SMP Thu Jun 23 17:05:11 UTC 2016 x86_64
PHP Version 7.0.16
Additional comments
Starting the value with a zero (0.25) returns the expected result
Votes
Current regex for float is:
$pattern = '/[-+]?[0-9]+(\.[0-9]+)?([eE][-+]?[0-9]+)?/';
which as you may be able to see, doesn't allow the value to start with a decimal. It would have to be changed to:
$pattern = '/[-+.]?[0-9]+(\.[0-9]+)?([eE][-+]?[0-9]+)?/';
^
However looking at the PHP Documentation, I think this is expected.
Perhaps the INT/INTEGER filter should be updated to allow a starting decimal place.
@mbabker ?
I would think the actual change would be as follows:
$pattern = '/[-+]?[0-9]*(\.[0-9]+)?([eE][-+]?[0-9]+)?/';
^This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/14156.
My opinion. If PHP can't natively convert .25 to 0.25 I would be careful with adding support for that to our filtering library. As it's supposed to be a filter, I wouldn't add too much magic to make it work as more.
That said, if it does handle it fine, feel free to submit a PR with appropriate unit test coverage (just adding another case to the existing array of cases). As security sensitive code, I push a little more for changes in JFilterInput to be backed with unit tests than I do for other classes.
PHP converts .25 to 0.25 just fine, and this is supported by the documentation cited by C-Lodder. Check out the DNUM pattern, quoted from that page:
LNUM [0-9]+
DNUM ([0-9]*[\.]{LNUM}) | ({LNUM}[\.][0-9]*)
EXPONENT_DNUM [+-]?(({LNUM} | {DNUM}) [eE][+-]? {LNUM})
If you really need a code example, see:
echo floatval('.25') === 0.25 ? 'Good' : 'Bad';
echo "\n<br/>\n";
echo floatval('.25') === .25 ? 'Good' : 'Bad';
This produces the following string on all versions I tested:
Good
Good
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/14156.
Then someone feel free to submit the pull request. I just wanted to make sure we aren't adding more magic behavior is all.
I’m afraid I’m not experienced enough with Github or with the Joomla core itself to make the change and be at all confident I haven’t broken something else. I was hoping someone else would address the issue.
| Priority | Urgent | ⇒ | Medium |
| Category | Fields | ⇒ | Fields SQL |
| Priority | Medium | ⇒ | Low |
| Status | New | ⇒ | Confirmed |
@Franz: Thanks for confirming this.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/14156.
@JTBlum I have submitted the PR with the code you propose in #14156 (comment) as after testing the ReGex it seems right.
| Status | Confirmed | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-05-02 11:25:41 |
| Closed_By | ⇒ | franz-wohlkoenig |
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/14156
closed as having PR #15736
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/14156.
This also happens with JRequest::getFloat
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/14156.