Tuesday, 18 March 2014

Ben Nadel falls down the isValid() rabbit hole too

This'll be very quick as I only have half an hour lunch today, so typing quickly.

Ben's just posted a blog article "IsValid() Accepts Emails With Leading And Trailing Whitespace In ColdFusion". This make me cry a little bit more inside, given we've already had all the drama with integers:

So now we find out isValid() struggles with spaces too. FFS.

To be brief about it, here are some examples:

<cfset notAnEmailAddress = " not.valid@example.com ">
isValid("email","#notAnEmailAddress#"): #isValid("email",notAnEmailAddress)#<br>

<cfset notANumeric = " 1 ">
isValid("integer","#notANumeric#"): #isValid("integer",notANumeric)#<br>
isValid("numeric","#notANumeric#"): #isValid("numeric",notANumeric)#<br>
isNumeric("#notANumeric#"): #isNumeric(notANumeric)#<br>
isValid("float","#notANumeric#"): #isValid("float",notANumeric)#<br>

<cfset notAUuid = " #createUuid()# ">
isValid("uuid","#notAUuid#"): #isValid("uuid",notAUuid)#<br>

Output on ColdFusion 11:

isValid("email"," not.valid@example.com "): YES
isValid("integer"," 1 "): NO
isValid("numeric"," 1 "): YES
isNumeric(" 1 "): YES
isValid("float"," 1 "): YES
isValid("uuid"," 55241439-D067-E5E6-F12E28DB9B75FCE9 "): YES

No - for goodness sake - they are not. That is not an email address, that is not numeric or a float, and that is not a UUID. How hard can this be, Adobe?

I didn't bother checking any more, because I just got annoyed. More than usual.

Then I got annoyed at Railo too:

isValid("email"," not.valid@example.com "): true
isValid("integer"," 1 "): true
isValid("numeric"," 1 "): true
isNumeric(" 1 "): true
isValid("float"," 1 "): true
isValid("uuid"," D39DD376-A238-43C7-9647E6BA439007EE "): false

And they can't say "we're just following ColdFusion's lead here", because they don't.

And OpenBD has different results again:

isValid("email"," not.valid@example.com "): YES
isValid("integer"," 1 "): YES
isValid("numeric"," 1 "): YES
isNumeric(" 1 "): YES
isValid("float"," 1 "): NO
isValid("uuid"," 40D8905A-422E-4C18-BE71EEB51DB51C59 "): YES

What's so bloody hard about not messing this up, guys?

And that's all I have time to say on this.