Skip to content

[12.x] Make Boolean:strict validation case-insensitive for parameter value #56320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: 12.x
Choose a base branch
from
Open

[12.x] Make Boolean:strict validation case-insensitive for parameter value #56320

wants to merge 2 commits into from
+77 −1

Conversation

amirhshokri
Copy link
Contributor

@amirhshokri amirhshokri commented Jul 17, 2025
edited
Loading

Changes

  • Adjusts the validateBoolean() method in ValidatesAttributes to handle strict parameter value in a case-insensitive manner.
  • Supports values like Boolean:STRICT or Boolean:Strict.

Why?

Currently, Boolean:strict validation is case-sensitive.
If a developer uses Boolean:STRICT (or any other casing variation like BOOLEAN:STRICT) — which is a common habit when writing validation rules — the validation silently falls back to non-strict behavior instead of producing an error.

Examples

$v = new Validator($trans, ['foo' => true], ['foo' => 'Boolean:strict']); // Passes
$v = new Validator($trans, ['foo' => true], ['foo' => 'Boolean:STRICT']); // Now also passes
$v = new Validator($trans, ['foo' => '1'], ['foo' => 'Boolean:STRICT']);  // Fails as expected

@rojtjo
Copy link
Contributor

rojtjo commented Jul 17, 2025

Do we really need this? It's not done in other places such as with email validation, which would make this change inconsistent with the rest:

framework/src/Illuminate/Validation/Concerns/ValidatesAttributes.php

Lines 906 to 937 in 2c682e4

/**
* Validate that an attribute is a valid e-mail address.
*
* @param string $attribute
* @param mixed $value
* @param array<int, int|string> $parameters
* @return bool
*/
public function validateEmail($attribute, $value, $parameters)
{
if (! is_string($value) && ! (is_object($value) && method_exists($value, '__toString'))) {
return false;
}
$validations = (new Collection($parameters))
->unique()
->map(fn ($validation) => match (true) {
$validation === 'strict' => new NoRFCWarningsValidation(),
$validation === 'dns' => new DNSCheckValidation(),
$validation === 'spoof' => new SpoofCheckValidation(),
$validation === 'filter' => new FilterEmailValidation(),
$validation === 'filter_unicode' => FilterEmailValidation::unicode(),
is_string($validation) && class_exists($validation) => $this->container->make($validation),
default => new RFCValidation(),
})
->values()
->all() ?: [new RFCValidation];
$emailValidator = Container::getInstance()->make(EmailValidator::class);
return $emailValidator->isValid($value, new MultipleValidationWithAnd($validations));
}

@amirhshokri
Copy link
Contributor Author

amirhshokri commented Jul 17, 2025
edited
Loading

@rojtjo
Since the BOOLEAN rule is eventually cast to validateBoolean() due to PHP's capability, mistakes like BOOLEAN:STRICT might happen when writing the rules.
But in my opinion, it's not a big issue that should prevent us from performing the validation.

@rojtjo
Copy link
Contributor

rojtjo commented Jul 17, 2025

I'd argue that if the docs state boolean and you use BOOLEAN you're just passing the incorrect value, even if it happens to work.

Then again, I don't really have a strong opinion about it other than that it should be consistent with the rest. If you accept boolean:STRICT you should also accept email:RFC,DNS and every other validation rule that uses (hard-coded) parameters.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@amirhshokri @rojtjo