Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#15736] - Changed ReGeX for float filter to accept .25 as float – fix #14156

Failure

User tests: Successful: Unsuccessful:

avatar carcam
carcam
2 May 2017

Pull Request for Issue # .

Summary of Changes

Changed ReGeX for float filter to accept .25 as float

Testing Instructions

$in = JApplicationCms::getInstance()->input;
die($in->getFloat('testFloat',0.0));

Navigate to the page and add the $_GET parameter testFloat=.25

Expected result

Blank page except for the text ".25"

Actual result

Documentation Changes Required

NONE

avatar carcam carcam - open - 2 May 2017
avatar carcam carcam - change - 2 May 2017
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 2 May 2017
Title
Changed ReGeX for float filter to accept .25 as float – fix #14156
fix #14156
avatar joomla-cms-bot joomla-cms-bot - edited - 2 May 2017
avatar joomla-cms-bot joomla-cms-bot - change - 2 May 2017
Category Libraries
avatar franz-wohlkoenig franz-wohlkoenig - change - 2 May 2017
Title
fix #14156
Changed ReGeX for float filter to accept .25 as float – fix #14156
avatar joomla-cms-bot joomla-cms-bot - change - 2 May 2017
Title
fix #14156
Changed ReGeX for float filter to accept .25 as float – fix #14156
avatar franz-wohlkoenig franz-wohlkoenig - change - 2 May 2017
Title
fix #14156
Changed ReGeX for float filter to accept .25 as float – fix #14156
avatar PhilETaylor
PhilETaylor - comment - 2 May 2017

I would argue that a float .25 without leading zero before the period is actually a string

0.25 would be a float

.25 would be a string

This PR also breaks all the float unit tests and so either this PR or the unit tests need updating.

avatar PhilETaylor
PhilETaylor - comment - 3 May 2017

Documentation on Floats in PHP
http://php.net/manual/en/language.types.float.php

Formally:

LNUM          [0-9]+
DNUM          ([0-9]*[\.]{LNUM}) | ({LNUM}[\.][0-9]*)
EXPONENT_DNUM [+-]?(({LNUM} | {DNUM}) [eE][+-]? {LNUM})

Therefore .25 would not match the formal regex for a float in PHP and therefore this PR cannot happen.

Furthermore running PHP code:

var_dump((double).25);

produces

float(0.25)

with a leading zero...

avatar brianteeman
brianteeman - comment - 4 Jan 2018

Closed for the reasons stated above

avatar brianteeman brianteeman - change - 4 Jan 2018
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2018-01-04 22:15:37
Closed_By brianteeman
avatar brianteeman brianteeman - close - 4 Jan 2018
avatar JTBlum
JTBlum - comment - 25 Jun 2020

@PhilETaylor

DNUM ([0-9]*[\.]{LNUM}) | ({LNUM}[\.][0-9]*)
(snip)
Therefore .25 would not match the formal regex for a float in PHP and therefore this PR cannot happen.

I don't think you actually tried this. If you had, you would see that [0-9]* allows for an empty space/no zero before the decimal point.

avatar PhilETaylor
PhilETaylor - comment - 25 Jun 2020

Why are you replying over 2 years on? I have no idea what I tested two years ago!

I would have tested it as stated and also all the unit tests broke too

avatar PhilETaylor
PhilETaylor - comment - 25 Jun 2020

Oh I see now that you have raised it again, well, nothing to do with me now. If someone else wants to raise a PR for this, that doesnt break all the unit tests, then its up to Joomla to accept or refuse it.

A quick test https://3v4l.org/4RoBX and it seems it would be ok, but heed the warnings of @mbabker and be sure to get a @joomla/security check too.

Add a Comment

Login with GitHub to post a comment