Phalcon filter / sanitizer doesn't work

[DrJLT]

Hello,

I noticed that using sanitizer with http/request doesn't work at all!

Example:
var_dump($this->request->getPost('p','string',null,true)); var_dump($this->request->getQuery('p','int!',null,true));

Neither does anything.

Do others experience the same?

I noticed people trying to attack my site. From the logs, I saw errors that should have been filtered. Turns out, none of these filters worked.

Using
filter_var($this->request->getQuery('p'),FILTER_VALIDATE_INT,FILTER_NULL_ON_FAILURE);
works

Or better
filter_var($_GET['p'],FILTER_VALIDATE_INT,FILTER_NULL_ON_FAILURE);
Which is what Http/Request/getHelper tries to do.

[Jeckerson]

Hello, please show how you declared filter service?

If you don't, declare service filter in your application:

$di->setShared('filter', function () {
    return (new FilterFactory())->newInstance();
});

And call, for example, in request data:

$this->request->getQuery('p', Filter::FILTER_INT, 1);

$this->request->getPost('name', [Filter::FILTER_STRING, Filter::FILTER_TRIM, Filter::FILTER_STRIPTAGS]);

[DrJLT]

I had

$di->set('filter','Phalcon\Filter',true);

Now I see that in Di/FactoryDefault it's as you say. I was most certain that it was as I wrote sometime ago, probably in 3.4.

Anyway, I already rewrote the few hundred such filters in filter_var and filter_var_array, which is basically what the filter service is doing.