View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0035525mantisbtbugtrackerpublic2025-03-01 16:392025-03-03 11:53
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Target Version2.28.0Fixed in Version2.28.0 
Summary0035525: gpc_get_int() should not remove spaces in the middle of the string
Description

The fix for issue 0005092 introduced validation in gpc_get_int(), to ensure the value given is actually an integer.

The logic relies on str_replace( " ", "", trim( $t_result ) ); and a preg_match() call to ensure the string only contains digits.

Removing spaces in the middle of the string does not make sense, as it could lead to wrongly interpreting a string like 1 2 3 as number 123.

Additional Information

Initially reported by @atrol in https://github.com/mantisbt/mantisbt/pull/2105#discussion_r1975991667

TagsNo tags attached.

Relationships

Relationship GraphDependency Graph
related to 0005092 closedthraxisp Users sponsoring bug 
related to 0035428 closeddregad Calling gpc_get_int() with null default throws deprecation warning on PHP 8.1 

Activities

dregad

dregad

2025-03-01 17:38

developer   ~0069935

I initially thought about using filter_var() for this, but it validates integers in a very PHP-centric way, e.g. 01 is not considered an integer which is somewhat counter-intuitive. Also, empty string/null does not validate either.

So it's probably best to stick to regex-based validation and just remove the str_replace() call, to avoid regressions.
dregad

dregad

2025-03-01 18:04

developer   ~0069936

PR https://github.com/mantisbt/mantisbt/pull/2112

Related Changesets

MantisBT: master b9172717

2025-03-01 18:00

dregad


Details Diff		 gpc_get_int() don't remove spaces in middle of string

Keep using preg_match() instead of calling filter_var() as the latter's
interpretation of what an integer is is too strict for our purposes
(e.g. `01` is not considered as an integer).

Code cleanup: remove unnecessary capturing group in the number
validation regex.

Fixes 0035525		 Affected Issues
0035525
mod - core/gpc_api.php Diff File