Invalid use of php's empty() function
In the file: /usr/local/ispconfig/interface/lib/classes/remoting_lib.inc.php there is a "case" statement:
case 'NOTEMPTY':
if(empty($field_value)) {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
which should better be written like this:
case 'NOTEMPTY':
if (trim($field_value) == '') {
$errmsg = $validator['errmsg'];
if(isset($this->wordbook[$errmsg])) {
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
} else {
$this->errorMessage .= $errmsg."<br />\r\n";
}
}
break;
because php's empty function will return true for all these cases:
- "" (an empty string)
- 0 (0 as an integer)
- 0.0 (0 as a float)
- "0" (0 as a string)
- NULL
- FALSE
- array() (an empty array)
- $var; (a variable declared, but without a value)
Please note that '0' will also be treated as an empty value, which prevents some parameters to be specified correctly.