ID: 49274
Updated by: paj...@php.net
Reported By: cel...@php.net
-Status: Open
+Status: Feedback
Bug Type: Filter related
Operating System: *
PHP Version: 5.3SVN-2009-08-16 (SVN)
New Comment:
As StdClass has no __toString implementation (obviously), it can't be
converted to string.
I tend to agree that it should not raise a fatal (recovable error) here
as it defeats the main purpose of this API.
I'm however not sure it is worth the effort to add custom error handler
for this edge case. Patch welcome, it could help to get this edge case
solved (I can't work on this exact issue any time soon).
Previous Comments:
[2009-08-17 13:27:50] cel...@php.net
all work without error.
works without error.
Only filter_var with an object that doesn't implement __toString fails
with an error. Either filter is incorrectly returning false with no
error on all of those other random types, or you're wrong, Jani.
[2009-08-17 13:13:43] j...@php.net
This is not a bug. It's exactly what's supposed to happen. When you
pass crap in you get crap out. The language isn't supposed to hold your
hand in every corner.
[2009-08-17 11:45:09] cel...@php.net
don't know, that's up to the developers to decide, don't you think?
[2009-08-17 09:32:59] j...@php.net
Does this happen ONLY with PHP_5_3 branch? If not, please use the
proper version string.
[2009-08-16 22:09:05] cel...@php.net
Description:
throws a fatal error because stdClass can't be converted into a string.
filter_var() should be more flexible and simply return false in this
situation, it makes it very difficult to provide validation not just for
untrusted user input but for untrusted third party use of libraries who
may make it insecure by passing in the wrong value to a field for
setting.
--
Edit this bug report at http://bugs.php.net/?id=49274&edit=1