I have a number of blacklisted words for a field. Among those blacklisted words is the one-character word "r" -- just the letter, without the quotes, e.g.:

ablacklistedword, r, anotherblacklistedword, yetanotherblacklistedword

This results in a false positive when a user enters a multi-character value that contains the letter "r" -- such as "rblahblah" or "blahrblah."

The cause appears to be line 27 of plugins/validator/field_validation_blacklist_validator.inc (in 7.x-2.x-dev):

if ($this->value != '' && (preg_match("/$blacklist_regex/i", $this->value))) {

The preg_match page (http://php.net/manual/en/function.preg-match.php) suggests that this will search $this->value for any occurrence (case insensitive) of each value in the $blacklist_regex array.

To match only the whole string, which I think is the intent (if not maybe this is just a documentation issue), I believe line 26 should be:

$blacklist_regex = '\\b' . implode('\b|\b', $blacklist) . '\\b';

instead of:

$blacklist_regex = implode('|', $blacklist);

That wraps each blacklisted word in '\b' to make it match only on word boundaries.

I can provide a patch if warranted.

CommentFileSizeAuthor
#3 field_validation_blacklist-2797317-2.patch769 bytesrclemings
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

rclemings created an issue. See original summary.

maddentim’s picture

maddentim CreditAttribution: maddentim commented

@rclemings, your hack addressed my need, Thanks! My use case was for a client application where they were asking applicants for the COUNTY (not country) they live in. Instead, the majority were putting in US or USA, etc.

The way the module has it to currently, if someone submitted an application with US in the name, it was going to fail validation. Obviously, having the letters US in the county name is not that unusual.

I suppose there may a use case for the way it is currently working. Like you don't want to like people put a vulgar 4 letter word embedded in another word. If you think that is the case, we could add a checkbox to the settings form that asked if they wanted to validated on whole words or not. Make it default to NOT whole string so it would not break existing implementations.

I could try to write this as a patch if you agree.

rclemings’s picture

rclemings CreditAttribution: rclemings as a volunteer commented
FileSize
field_validation_blacklist-2797317-2.patch769 bytes

Here's a patch against the 7.x-2.x dev

rclemings’s picture

rclemings CreditAttribution: rclemings as a volunteer commented
Assigned: Unassigned » rclemings
Status: Active » Needs review
calefilm’s picture

calefilm CreditAttribution: calefilm commented

Thank you! Patch works for me.