Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.5.5

Bug #12783 Validation error
Submitted: 2007-12-27 11:54 UTC Modified: 2008-11-26 19:35 UTC
From: jhenrique Assigned: ifeghali
Status: Closed Package: Validate_ptBR (version CVS)
PHP Version: 5.2.5 OS: Fedora 7 - Linux 2.6.23.1-21.fc7
Roadmaps: (Not assigned)    
Subscription  


 [2007-12-27 11:54 UTC] jhenrique (Jota Henrique)
Description: ------------ Hello, In methods 'postalCode' and 'carReg' it is possible to circumvent the validation with the null character (%00), and everything that is going to be injected will disregard. In methods 'cpf ' and 'cnpj' is removed all characters that aren't digits, and it is possible to send, such '77 .222.814/0001-03ABC', the method clean these letters and treats it as the real value sent by the user. In the method 'phoneNumber' can inject new line (%0a); Thunk You. Test script: --------------- GET: cep=88000000%00&cpf=050.068.993-87ABC&cnpj=77.222.814/0001-03ABC&phone=4831200001%0a&carReg=ABC-1234%00 <?php require_once("Validate/ptBR_patch2.php"); $Validate_ptBR = new Validate_ptBR(); echo "CEP: ", ($Validate_ptBR->postalCode($_GET['cep'])) ? "true" : "false", "\n"; echo "CPF: ", ($Validate_ptBR->cpf($_GET['cpf'])) ? "true" : "false", "\n"; echo "CNPJ: ", ($Validate_ptBR->cnpj($_GET['cnpj'])) ? "true" : "false", "\n"; echo "PHONE: ", ($Validate_ptBR->phoneNumber($_GET['phone'])) ? "true" : "false", "\n"; echo "carReg: ", ($Validate_ptBR->carReg($_GET['carReg'])) ? "true" : "false"; ?> Expected result: ---------------- CEP: false CPF: false CNPJ: false PHONE: false carReg: false Actual result: -------------- CEP: true CPF: true CNPJ: true PHONE: true carReg: true

Comments

 [2007-12-27 12:41 UTC] msaraujo (Marcelo Araujo)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. Henrique, A fix will come sooner, probably until next saturday. Thanks for helping us! Regards, --Marcelo
 [2008-03-14 09:07 UTC] jhenrique (Jota Henrique)
Hi Marcelo, It was forgotten in code (Revision 1.17), the method CPF, the routine: $cleaned = ''; for ($i = 0; $i < strlen($cpf); $i++) { $num = substr($cpf, $i, 1); if (ord($num) >= 48 && ord($num) <= 57) { $cleaned .= $num; } } $cpf = $cleaned; The following routine makes this role: $cpf = preg_replace("/[^\d]/", '', $cpf); Thanks again! J Henrique
 [2008-11-26 19:35 UTC] ifeghali (Igor Feghali)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. Hello Jota, this bug has been fixed on CVS and the php test is updated to cover those changes (except for the license plates). regards, Igor Feghali.