I have a number of blacklisted words for a field. Among those blacklisted words is the one-character word "r" -- just the letter, without the quotes, e.g.:
ablacklistedword, r, anotherblacklistedword, yetanotherblacklistedword
This results in a false positive when a user enters a multi-character value that contains the letter "r" -- such as "rblahblah" or "blahrblah."
The cause appears to be line 27 of plugins/validator/field_validation_blacklist_validator.inc (in 7.x-2.x-dev):
if ($this->value != '' && (preg_match("/$blacklist_regex/i", $this->value))) {
The preg_match page (http://php.net/manual/en/function.preg-match.php) suggests that this will search $this->value for any occurrence (case insensitive) of each value in the $blacklist_regex array.
To match only the whole string, which I think is the intent (if not maybe this is just a documentation issue), I believe line 26 should be:
$blacklist_regex = '\\b' . implode('\b|\b', $blacklist) . '\\b';
instead of:
$blacklist_regex = implode('|', $blacklist);
That wraps each blacklisted word in '\b' to make it match only on word boundaries.
I can provide a patch if warranted.
Comment | File | Size | Author |
---|---|---|---|
#3 | field_validation_blacklist-2797317-2.patch | 769 bytes | rclemings |
Comments
Comment #2
maddentim CreditAttribution: maddentim commented@rclemings, your hack addressed my need, Thanks! My use case was for a client application where they were asking applicants for the COUNTY (not country) they live in. Instead, the majority were putting in US or USA, etc.
The way the module has it to currently, if someone submitted an application with US in the name, it was going to fail validation. Obviously, having the letters US in the county name is not that unusual.
I suppose there may a use case for the way it is currently working. Like you don't want to like people put a vulgar 4 letter word embedded in another word. If you think that is the case, we could add a checkbox to the settings form that asked if they wanted to validated on whole words or not. Make it default to NOT whole string so it would not break existing implementations.
I could try to write this as a patch if you agree.
Comment #3
rclemings CreditAttribution: rclemings as a volunteer commentedHere's a patch against the 7.x-2.x dev
Comment #4
rclemings CreditAttribution: rclemings as a volunteer commentedComment #5
calefilm CreditAttribution: calefilm commentedThank you! Patch works for me.