commerce_payment_validate_credit_card_exp_date($month, $year) returns TRUE when $year starts with an alphabetic character [#2578125]

I just noticed that commerce_payment_validate_credit_card_exp_date('1', 'blah') will return TRUE.

The other functions inside of commerce_payment_credit_card_validate() handle numbers initially like so:

<?php
  // Ensure every character in the number is numeric.
  if (!ctype_digit($number)) {
    return FALSE;
  }
?>

Comment	File	Size	Author
#3	commerce-check-numeric-cc-exp-date-validation-2-7.patch	798 bytes	swim
#3
#2	commerce-check-year-is-numeric-2578125-1-7.patch	541 bytes	swim
#2

Comments

1 October 2015 at 07:28

swim CreditAttribution: swim commented 2 October 2015 at 10:27

Status:

Active

» Needs review

File	Size
commerce-check-year-is-numeric-2578125-1-7.patch	541 bytes

Tested and can confirm the bug exists. Patch attached.

swim CreditAttribution: swim commented 2 October 2015 at 10:50

File	Size
commerce-check-numeric-cc-exp-date-validation-2-7.patch	798 bytes

1 file was hidden/shown/deleted

File	Size
commerce-check-year-is-numeric-2578125-1-7.patch	541 bytes

Sorry, should have applied to both validation function, start date and exp date.