From 606ae413b846df57e508c79f1d306cf8786fef79 Mon Sep 17 00:00:00 2001 From: adamoki Date: Tue, 29 May 2018 13:37:43 +0200 Subject: [PATCH 1/4] Correcting validation error Sometimes there is a problem with validation - when generated hash is valid integer (includes only digits - it rarely happens) - php converts that string to integer - then you get integer in array of hashes ($hashes). Comparing that integer to returned string from hash_file function results in false value while hash is the same but differs in variable type. --- src/File/Hash.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/File/Hash.php b/src/File/Hash.php index f48c2c921..7a7d053e9 100644 --- a/src/File/Hash.php +++ b/src/File/Hash.php @@ -163,7 +163,7 @@ public function isValid($value, $file = null) } foreach ($hashes as $hash) { - if ($filehash === $hash) { + if ($filehash == $hash) { return true; } } From 089307b2624bd55175383b91d5c64a747f305f81 Mon Sep 17 00:00:00 2001 From: webimpress Date: Thu, 10 Oct 2019 09:01:06 +0100 Subject: [PATCH 2/4] Revert to strict comparison --- src/File/Hash.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/File/Hash.php b/src/File/Hash.php index 7a7d053e9..f48c2c921 100644 --- a/src/File/Hash.php +++ b/src/File/Hash.php @@ -163,7 +163,7 @@ public function isValid($value, $file = null) } foreach ($hashes as $hash) { - if ($filehash == $hash) { + if ($filehash === $hash) { return true; } } From 5f28b5a31112bebbdffb7b0f2b5b7a6b0a1ea2fd Mon Sep 17 00:00:00 2001 From: webimpress Date: Thu, 10 Oct 2019 09:05:08 +0100 Subject: [PATCH 3/4] Hash provided in File\Hash validator must be a string We were checking it when we providing one hash, but there was no check for array: ``` $options = [ 'hash1', 'hash2', // ... 'algorithm' => '...', ]; ``` --- src/File/Hash.php | 6 ++++++ test/File/HashTest.php | 14 ++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/src/File/Hash.php b/src/File/Hash.php index f48c2c921..72f04907e 100644 --- a/src/File/Hash.php +++ b/src/File/Hash.php @@ -114,6 +114,12 @@ public function addHash($options) } foreach ($options as $value) { + if (! is_string($value)) { + throw new Exception\InvalidArgumentException(sprintf( + 'Hash must be a string, %s received', + is_object($value) ? get_class($value) : gettype($value) + )); + } $this->options['hash'][$value] = $algorithm; } diff --git a/test/File/HashTest.php b/test/File/HashTest.php index 2288e34b2..064396f65 100644 --- a/test/File/HashTest.php +++ b/test/File/HashTest.php @@ -239,4 +239,18 @@ public function testConstructorCanAcceptAllOptionsAsDiscreteArguments() $options = $r->getValue($validator); $this->assertSame($algorithm, $options['algorithm']); } + + /** + * @dataProvider invalidHashTypes + * + * @param mixed $hash + */ + public function testInvalidHashProvidedInArrayFormat($hash) + { + $validator = new File\Hash('12345'); + + $this->expectException(InvalidArgumentException::class); + $this->expectExceptionMessage('Hash must be a string'); + $validator->addHash([$hash]); + } } From 443e52391b54800e3fb56ceed8cdb009df56bd4e Mon Sep 17 00:00:00 2001 From: webimpress Date: Sat, 12 Oct 2019 12:29:55 +0100 Subject: [PATCH 4/4] Adds CHANGELOG entry for #231 --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b26432f95..b1343bad8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,9 @@ All notable changes to this project will be documented in this file, in reverse curly braces in array and string offset access to square brackets in order to prevent issues under the upcoming PHP 7.4 release. +- [#231](https://github.com/zendframework/zend-validator/pull/231) fixes validation of input hashes in `Zend\Validator\File\Hash` validator when provided as array. + Only string hashes are allowed. If different type is provided `Zend\Validator\Exception\InvalidArgumentException` is thrown. + ## 2.12.0 - 2019-01-30 ### Added