-
Notifications
You must be signed in to change notification settings - Fork 136
Conversation
Sometimes there is a problem with validation - when generated hash is valid integer (includes only digits - it rarely happens) - php converts that string to integer - then you get integer in array of hashes ($hashes). Comparing that integer to returned string from hash_file function results in false value while hash is the same but differs in variable type.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@adamoki Please see my comment below.
Definitely we need add test case for it, and then provide a proper fix.
src/File/Hash.php
Outdated
@@ -163,7 +163,7 @@ public function isValid($value, $file = null) | |||
} | |||
|
|||
foreach ($hashes as $hash) { | |||
if ($filehash === $hash) { | |||
if ($filehash == $hash) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should leave it as it is and in the other place assure that $hash
is always string.
We definitely need a unit test for this before we can merge. The unit test should fail under current master, and pass after the patch is applied. I tend to agree with @webimpress - we should be casting hashes to strings when calling |
We were checking it when we providing one hash, but there was no check for array: ``` $options = [ 'hash1', 'hash2', // ... 'algorithm' => '...', ]; ```
@weierophinney I've pushed changes to this branch. I am checking now if input hash is string, and if not I am throwing an exception. We do have that check when we provide just a hash, without algorithm, but with algorithm we haven't had this check. Please see test I've added. @adamoki Are you satisfied with the solution I've provided? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes make sense to me. 🚢
Thanks, @adamoki! |
Correcting validation error
Sometimes there is a problem with validation - when generated hash is valid integer (includes only digits - it rarely happens) - php converts that string to integer - then you get integer in array of hashes ($hashes). Comparing that integer to returned string from hash_file function results in false value while hash is the same but differs in variable type.