Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.8.6

Bug #10167 ISSN/ISBN validation is broken by _checkControlNumber
Submitted: 2007-02-23 16:11 UTC
From: ash at hexmen dot com Assigned: dufuz
Status: Closed Package: Validate (version CVS)
PHP Version: Irrelevant OS:
Roadmaps: 0.8.0    
Subscription  
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes. If this is not your bug, you can add a comment by following this link. If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
2007-04-18 23:16 UTC
Package:
Bug Type:
Summary:
From: ash at hexmen dot com
New email:
PHP Version: Package Version: OS:

 

 [2007-02-23 16:11 UTC] ash at hexmen dot com (Ash Searle)
Description: ------------ The Validate_ISPN package relies on _checkControlNumber from Validate - which contains a bug... The 'allow_high' parameter passed from _checkControlNumber to _getControlNumber is 'true' if the last character of the passed in $number is 'X' and false otherwise - this is bad logic. Instead, the 'allow_high' parameter should be 'true' if the modulo is greater than 10 - regardless of what $number is passed in. Note: with correct logic, the 'allow_high' parameter is redundant, as it can be determined within the function itself. A proper-patch with test-cases is available at: http://hexmen.com/code/patches/pear-2879.diff (this bug is probably related to bug 2879, hence the numbering) A one-line patch is below: Index: ../Validate.php =================================================================== RCS file: /repository/pear/Validate/Validate.php,v retrieving revision 1.107 diff -u -r1.107 Validate.php --- ../Validate.php 9 Jan 2007 20:26:00 -0000 1.107 +++ ../Validate.php 23 Feb 2007 16:04:21 -0000 @@ -715,7 +715,7 @@ return false; } $target_digit = substr($number, count($weights), 1); - $control_digit = Validate::_getControlNumber($number, $weights, $modulo, $subtract, $target_digit === 'X'); + $control_digit = Validate::_getControlNumber($number, $weights, $modulo, $subtract, $modulo > 10); if ($control_digit == -1) { return false; Test script: --------------- echo Validate_ISPN::issn('1044-789X') ? "YES\n" : "NO\n"; echo Validate_ISPN::issn('1044-7890') ? "YES\n" : "NO\n"; echo Validate_ISPN::isbn('073571410X') ? "YES\n" : "NO\n"; echo Validate_ISPN::isbn('0735714100') ? "YES\n" : "NO\n"; Expected result: ---------------- YES NO YES NO Actual result: -------------- YES YES YES YES

Comments

 [2007-03-27 21:43 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!
 [2007-03-30 06:54 UTC] ash at hexmen dot com
The valid ISSN number 1044-789X is for Dr Dobbs Journal. As the last-digit is a check-digit, it's unique. So, 1044-7890 is an invalid ISSN number. Similarly, the valid ISBN number is 073571410X, and the invalid one is 0735714100. The book is 'Defensive Design for the Web...' http://www.amazon.com/o/ASIN/073571410X
 [2007-04-18 22:55 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!
 [2007-04-18 23:05 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!
 [2007-04-18 23:16 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!