Paul Jones' Blog: Sanitation with PHP filter_var()

Wed, 17 Jan 2007 15:22:00 -0600

In working on a new filter for his Solar framework, Paul Jones discovered that the "float" sanitizer in the new filter extension (PHP 5.2+) doesn't quite work as expected.

I found a problem with the "float" sanitizing function in the 5.2.0 release, and thought others might want to be aware of it. In short, if you allow decimal places, the sanitizer allows any number of decimal points, not just one, and it returns an un-sanitary float.

He includes the text of the bug he submitted as an example of how the error might happen and, despite it being marked bogus, Paul still holds that things are still not working like they should.

You can also check out Pierre-Alain Joye's response to this over on his blog.

PHPDeveloper.org

Paul Jones' Blog: Sanitation with PHP filter_var()