validates_length_of, :is does not work for numbers
Reported by Stephen Brown | August 15th, 2008 @ 10:04 PM | in 2.x
validates_length_of does not work correctly - it compares the storage size instead of the number of characters.
This is because: irb(main):012:0> "123456".size => 6 irb(main):013:0> 123456.size => 8
A link to someone who found it already: http://theocacao.com/document.pa...
Comments and changes to this ticket
-
Radar August 16th, 2008 @ 01:34 AM
I can verify that this also doesn't work for me due to the fact it calls #size on a number.
-
Philip Hallstrom August 16th, 2008 @ 04:59 AM
Looks like you could fix this by patching lines 539 and 556 of activerecord/lib/active_record/validations.rb to convert 'value' to a String if it's any of the various number types. But that might break apps that expect validates_length_of on a number to test byte size (weird, but maybe they exist).
Just before the line that reads:
value = value.split(//) if value.kind_of?(String)
add:
value = value.to_s if value.kind_of?(Integer)
You'd want to catch Floats and BigNum and all the others too though.
-
Jose Fernandez August 26th, 2008 @ 10:03 PM
Created a patch for this issue. Modified the validates_length_of method in active_models/validations.rb so that all Numeric values get casted to a string before calling #size method on them. You can override this behavior (and go back to the old logic) by setting the new :byte_size option to true (false by default). Then the validation will check for the byte size of the Fixnum or Bignum value.
Created a set of tests that fully test this new feature too, all previous tests + the new ones pass.
-
Frederick Cheung August 27th, 2008 @ 03:48 PM
seems to me that it's pure luck that integers happen to have a size method (thank you duck typing).
Isn't this what the :greater_than etc... option of validates_numericality_of or validates_inclusion_of :foo, :in =>1000..10000 are for ?
-
Stephen Brown August 27th, 2008 @ 03:55 PM
I was attempting to use it for checking the length of an account number and sort code. I guess they could both be strings, but the bug is there regardless of my situation - a user would expect validates_length_of for a number to give size, not bytesize
-
Jose Fernandez August 27th, 2008 @ 04:02 PM
The first patch had reduntant Float check at line 549 that slipped in, updated the patch to remove it.
-
Jose Fernandez August 27th, 2008 @ 04:10 PM
- no changes were found...
-
Philip Hallstrom August 27th, 2008 @ 04:27 PM
The problem with :greater_than or inclusion is that it doesn't work for zip codes (which I think is what the original post linked to as a problem).
If you're storing zip codes as integers, then you can't say :greater_than => 10000 an :less_than <= 99999 because 00501 is a valid zip code, but as an integer wouldn't fall in that range.
So in the zip code scenario you really do have to check the number of digits.
There are probably other situations as well...
-
Jose Fernandez August 27th, 2008 @ 04:31 PM
The old logic would also crash if you assign a float to the attribute being validated (manually of course because this would be impossible from within an html form), because it would call #size on the Float instance and crash.
-
-
Frederick Cheung August 27th, 2008 @ 05:10 PM
D'oh screwed up the mail to reply thing. What I was saying is that if your data is something like 00500 then it shouldn't be a number, it should be a string. By the time it gets to a validation it will be typecast to 500 and so any sort of validates_length that checks it's 5 digits long will fail
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
Source available from github
The Git repository resides at http://github.com/rails
Check out the current development trunk (Edge Rails) with:
git clone git://github.com/rails/rails.git
Creating or reviewing a patch
See the contributor guide.
Creating a feature request
Please don't. If you want a new feature in Rails, you'll have to pull up your sleeves and get busy yourself. Or convince someone else to do it. See the contributor guide on how to get going. But posting them here is just going to lead to ticket root.
Creating a bug report
When creating a bug report, be sure to include as much relevant information as possible. Post the code sample that causes the problem. Preferably, alter the unit tests and show through either changed or added tests how the expected behavior is not occuring.
Security vulnerabilities should be reported via an email to security@rubyonrails.org, do not use trac for reporting security vulnerabilities. All content in trac is publicly available as soon as it is posted.
Then don't get your hopes up. Unless you have a "Code Red, Mission Critical, The World is Coming to an End" kinda bug, you're creating this ticket in the hope that others with the same problem will be able to collaborate with you on solving it. Do not expect that the ticket automatically will see any activity or that others will jump to fix it. Creating a ticket like this is mostly to help yourself start on the path of fixing the problem and for others to sign on to with a "I'm having this problem too".
