[Validator] check for empty host when calling checkdnsrr() #22109
Conversation
|
The regex should not be changed. But the condition should indeed be added in other methods using checkdnsrr. |
|
thank you @fabpot and @jordscream I'll make some modifications and add unit tests. |
| @@ -118,6 +118,10 @@ public function validate($value, Constraint $constraint) | ||
| */ | ||
| private function checkMX($host) | ||
| { | ||
| if (null === $host || '' === $host) { |
There was a problem hiding this comment.
$host can never be null, can it?
There was a problem hiding this comment.
I think you're right, I'll fix this. Thank you
| if ('' === $host) { | ||
| return false; | ||
| } | ||
|
|
There was a problem hiding this comment.
preferred empty host condition in return statement
| if ('' === $host) { | ||
| return false; | ||
| } | ||
|
|
||
| return $this->checkMX($host) || (checkdnsrr($host, 'A') || checkdnsrr($host, 'AAAA')); |
There was a problem hiding this comment.
preferred empty host condition in return statement
|
About the unit test for the main issue, since checkMX() and checkHost() are both private how can I test it ? There is already a test case that gives an empty host |
|
@apetitpa just test a use case as "test@test@" or "test@" in the EmailValidator. It should return the appropriate violation |
|
Thank you @jordscream I forgot that the original issue was with emails containing @ twice |
| @@ -118,7 +118,7 @@ public function validate($value, Constraint $constraint) | ||
| */ | ||
| private function checkMX($host) | ||
| { | ||
| return checkdnsrr($host, 'MX'); | ||
| return ('' !== $host) && checkdnsrr($host, 'MX'); |
There was a problem hiding this comment.
Well there is a similar check line 45 if (null === $value || '' === $value) that does not use the native empty function so I assumed I should do the same but maybe I was wrong ?
There was a problem hiding this comment.
We try to avoid using empty in Symfony.
There was a problem hiding this comment.
@fabpot interesting, why? (is the reason documented somewhere?)
There was a problem hiding this comment.
empty is just too broad. For instance, it includes the 0 string as being false. Sometimes, that not desirable. So, we prefer to be very explicit about our expectations.
| @@ -118,7 +118,7 @@ public function validate($value, Constraint $constraint) | ||
| */ | ||
| private function checkMX($host) | ||
| { | ||
| return checkdnsrr($host, 'MX'); | ||
| return ('' !== $host) && checkdnsrr($host, 'MX'); |
There was a problem hiding this comment.
I'll fix this in a minute thank you.
|
@apetitpa , it seems your unit test fails cause you do not check the appropriate violation |
|
@jordscream I think you're right I should check for MX_CHECK_FAILED_ERROR or HOST_CHECK_FAILED_ERROR |
| @@ -72,7 +72,7 @@ public function validate($value, Constraint $constraint) | ||
| if ($constraint->checkDNS) { | ||
| $host = parse_url($value, PHP_URL_HOST); | ||
|
|
||
| if (!checkdnsrr($host, 'ANY')) { | ||
| if ('' === $host || !checkdnsrr($host, 'ANY')) { |
There was a problem hiding this comment.
Perhaps switch to !is_string($host) due possible false or null return values.
There was a problem hiding this comment.
I think this is a good idea. I'll do it thank you.
|
@apetitpa . When you think to do it ? ^^. Need this fix for a customer :-P |
|
@jordscream I hope this week-end but to be honest I'm facing difficulties creating an effective and working test for this issue. Some help would be appreciated. |
|
@apetitpa have a look at https://symfony.com/doc/current/components/phpunit_bridge.html#dns-sensitive-tests I would add a new edit: Dont think it needs to be dns-senstive though, as there will be no network traffic for |
Agreed, the issue to fix is that the DNS functions should in fact not be called anymore. |
| @@ -118,7 +118,7 @@ public function validate($value, Constraint $constraint) | ||
| */ | ||
| private function checkMX($host) | ||
| { | ||
| return checkdnsrr($host, 'MX'); | ||
| return !empty($host) && checkdnsrr($host, 'MX'); |
There was a problem hiding this comment.
Please avoid empty :) We expect a string, and only a empty string ($host === '') should not be passed to checkdnsrr.
There was a problem hiding this comment.
I know but substr($value, strrpos($value, '@') + 1) with $value = 'foo@bar.fr@' returns "" with PHP 7.* and false with PHP 5.6. So only checking for string emptiness is not enough.
There was a problem hiding this comment.
Let's cast the substring result above. $host = (string) ...;
| @@ -229,4 +229,32 @@ public function testHostnameIsProperlyParsed() | ||
|
|
||
| $this->assertNoViolation(); | ||
| } | ||
|
|
||
| public function getCheckTypes() |
There was a problem hiding this comment.
Should be provideCheckTypes i guess, but it's a tiny semantic ;)
There was a problem hiding this comment.
I'll make the modification thank you
|
@xabbuh is it ok now ? |
| @@ -229,4 +229,32 @@ public function testHostnameIsProperlyParsed() | ||
|
|
||
| $this->assertNoViolation(); | ||
| } | ||
|
|
||
| public function provideCheckTypes() |
There was a problem hiding this comment.
Can you move the provider after the test (that's the convention we are using in Symfony).
There was a problem hiding this comment.
Of course, will do in a minute.
| Q | A | | --- | --- | | Branch? | master | | Bug fix? | yes | | New feature? | no | | BC breaks? | no | | Deprecations? | no | | Tests pass? | yes | | Fixed tickets | #22106 | | License | MIT | | Doc PR | n/a |
Add empty on host in other methods where checkdnsrr is called and add unit tests to prevent future regressions
Remove malformed EmailValidatorTest + Update UrlValidator test
Switch to `empty` because depending on the PHP version, substr returns '' or false
|
Thank you @apetitpa. |
… (apetitpa) This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes #22109). Discussion ---------- [Validator] check for empty host when calling checkdnsrr() | Q | A | | --- | --- | | Branch? | master| | Bug fix? | yes | | New feature? | no | | BC breaks? | no | | Deprecations? | no | | Tests pass? | yes | | Fixed tickets | #22106 | | License | MIT | | Doc PR | n/a | This should fix the email validator issue Commits ------- 7104c4e move provider after test c07fb41 update dataProvider function name 1825d0f cast substr result to string and remove empty function use 894127b rename dataset provider d973eb1 Add a test to prevent future regressions 6f24b05 Switch to `empty` native function to check emptiness f390f29 remove non relevant test case 91b665c Switch to `is_string` native method 6071ff6 Remove unnecessary parentheses 9753a27 Add a test case to prevent future regressions 4fcb24b Move empty condition in return statement a090ef8 Use LF line separator 60392fd fix coding standard to comply with fabbot 197d19f Remove malformed EmailValidatorTest + Update UrlValidator test 6b0702e Add empty check on host in other methods + add unit tests 6dd023f [Validator] Allow checkMX() to return false when $host is empty
This should fix the email validator issue