Skip to content

fix: prevent state mutation in PersonalData validator#12266

Open
DEADSERPENT wants to merge 1 commit into
appwrite:1.9.xfrom
DEADSERPENT:fix/personal-data-validator-state-mutation
Open

fix: prevent state mutation in PersonalData validator#12266
DEADSERPENT wants to merge 1 commit into
appwrite:1.9.xfrom
DEADSERPENT:fix/personal-data-validator-state-mutation

Conversation

@DEADSERPENT
Copy link
Copy Markdown

@DEADSERPENT DEADSERPENT commented May 10, 2026

What does this PR do?

Fixes unintended internal state mutation in PersonalData::isValid().

Previously, isValid() wrote lowercase-transformed values back to instance properties such as:

  • $this->userId
  • $this->email

This caused repeated calls on the same validator instance to operate on already-mutated state, which could break strict case-sensitive validation behavior.

This PR avoids mutating validator state by using local lowercase variables during comparison instead of overwriting instance properties.

Test Plan

  • Verified repeated isValid() calls now behave consistently
  • Confirmed strict case-sensitive validation no longer depends on previous calls
  • Verified existing validation behavior remains unchanged for valid inputs

Related PRs and Issues

Checklist

  • Have you read the Contributing Guidelines on issues?
  • If the PR includes a change to an API's metadata (desc, label, params, etc.), does it also include updated API specs and example docs?

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented May 10, 2026

Greptile Summary

This PR fixes an unintended side effect in PersonalData::isValid() where calling the method in non-strict mode permanently lowercased $this->userId, $this->email, $this->name, and $this->phone, causing validator instances reused across multiple calls to silently lose their original case. The fix captures each property into a local variable before applying strtolower, leaving instance state untouched.

  • isValid() now introduces four local variables ($userId, $email, $name, $phone) initialized from the instance properties at the top of the method, then lowercased conditionally — instance properties are never mutated.
  • All comparison logic is unchanged; only the variable names were updated from $this->* to the local copies.

Confidence Score: 5/5

Safe to merge — the change is a clean, narrowly scoped fix with no impact on the validation logic itself.

The diff is a straightforward refactor of four $this->property = strtolower(...) assignments into local variable assignments, with all downstream comparisons updated to match. The fix is correct: local variables are initialized before the strict-mode branch so both code paths work identically to the original, and no validation rule is altered. No new conditional paths, no changes to error handling, and no risk of introducing a regression.

No files require special attention — the single changed file has a well-contained, mechanical fix.

Important Files Changed

Filename Overview
src/Appwrite/Auth/Validator/PersonalData.php Fixes state mutation in isValid() by using local variables instead of overwriting instance properties during case-insensitive comparison. Change is minimal, correct, and preserves all existing validation behavior.

Reviews (1): Last reviewed commit: "fix: prevent state mutation in PersonalD..." | Re-trigger Greptile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Validator mutates internal state in PersonalData::isValid causing side effects

1 participant

@DEADSERPENT