Possible bug in Phalcon\Validation\Validator\Regex - it implicitly adds the $ anchor

I'm starting to use Phalcon and so far have found it to be really good, and very intuitive to use.

My issue is that I've found a very specific problem with the Phalcon\Validation regex parser

The (very simple example) regex '/^(https?:\/\/)?[^.]+.[^.]+/' is being actually interpreted as '/^(https?:\/\/)?[^.]+.[^.]+$/'

--- my code & tests ---

I've created a class to handle validation for form submission like this:

use Phalcon\Validation\Validator\PresenceOf,
    Phalcon\Validation\Validator\Email,
    Phalcon\Validation\Validator\Regex as PhalconRegex,
    Phalcon\Validation,
    Phalcon\Validation\Validator\Confirmation;

class ClientAccountValidator extends Validation
{

    public function initialize()
    {
        ... adding several elements, that all work as expected....

        // now I want to do VERY simple validation that a field is *something like* a url, which might or might not start 
        // with http:// or https:// then carry on with *some* characters: 
         $this->add('url', new PhalconRegex(array(
            'pattern' => '/^(https?:\/\/)?[^\.]+\.[^\.]+/',
            'message' => 'Website url is not valid'
        )));
    }
}

then I call it from the controller on submission of the form: $validation = new ClientAccountValidator(); $messages = $validation->validate($_POST);

Everything is fine with all the other fields (including one doing basic validation on a landline number, using '/^+?[0-9 -]{8,}/' ).

Problem is that this url regex should totally do the job for all conceivable urls, but it's behaving in an incorrect way.

to test this url regex, I created this standalone php script:

<?php
$regex = '/^(https?:\/\/)?[^\.]+\.[^\.]+/';
$str = $argv[1];
print 'working on: ' . $str . "\n";
if( preg_match( $regex, $str ) ) print 'OK!';
else print 'FAILED!!';
print "\n\n";
?>

and this works exactly as I would expect:

php /tmp/regex.php 'http://www.my.com' working on: http://www.my.com OK!

php /tmp/regex.php 'https://www.my.com' working on: https://www.my.com OK!

php /tmp/regex.php 'https://www' working on: https://www FAILED!!

php /tmp/regex.php 'my.com' working on: my.com OK!

php /tmp/regex.php 'www.my.com' working on: www.my.com OK!

php /tmp/regex.php 'hello' working on: hello FAILED!!

Submitting the same values with the web form using my Phalcon validation I get these results:

value: http://www.my.com  FAILS VALIDATION (wrong)
value: https://www.my.com FAILS VALIDATION (wrong)
value: https://www FAILS VALIDATION (correct)
value: my.com PASSES OK (correct)
value: www.my.com FAILS VALIDATION (wrong)
value: hello FAILS VALIDATION (correct)

Hence my conclusion - the regex validator is adding its own & at the end of the regex pattern.

Can this be fixed please?



1.2k

Yes, looking at the code I can't see where this error is introduced either. I'm definitely not qualified to go through your source code though - just happy to use it ;-)

If you have unit tests for this component could you add one based on a regex like this? You will see a difference between phalcon and php's 'raw' preg_match functionality when there is no terminating $ character.